I got a traffic ticket...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Born2Late, Oct 22, 2011.

  1. Born2Late

    Born2Late Private E-2

    Hi,
    I screwed up, & opened that e-mail regarding traffic tickets from the NYS police. It's bad. Long story_short, I've repeatedly nuked both HHDs, & reloaded the OS. My PC is still screwed. I went to the library to google the fix. I couldn't find one.

    Home built system:
    XP Home
    P4 Pentium @2.4G
    Avast antivirus
    (what else?)

    HELP!! I'm at a loss as to what else to do. I've nuked both HHDs 4 times now. There is about 7.5mb left on my slave drive after overwriting (?). Is that a copy of the virus? I've a Seagate utility to wipe the drives with. It doesn't wipe that 7.5mb out. My system won't boot. I get a message that it's in safe mode, as the CPU is set too high. It isn't. I reset the control panel to the defaults anyway. Still no joy... Did the damn thing somehow write to my motherboard?

    Thank You.

    P.S.: I'll probably lose control of the PC again in a few minutes. So, a back & forth exchange will mean hours per response from me. I couldn't find a program to download to fix this thing. It's the worst virus I've seen. I'd like to find the guy, & break every bone in his body. What a POS.
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Disconnect your slave drive. Can you boot to safe mode?

    Try doing as much of the below READ & RUN ME FIRST (down after the quote box) as possible by using a different user account if you have another one you can try. If you cannot boot in any mode ( safe or normal mode ) and you cannot run any of the READ & RUN ME there is not much we can do for you except suggest what is in the below quote box
    READ & RUN ME FIRST. Malware Removal Guide
     
  3. Born2Late

    Born2Late Private E-2

    Hey Tim,
    Thank You for the quick reply. I'll try & follow the proscribed spyware regimen you posted. I'm only so good w/PCs. It looks above me in places.

    I scanned the attachment w/Yahoo mail's scanner, plus Avast! before opening the zip file. They both showed no virus present. This virus was first seen in June of this year. So, it's hardly new. I don't see why both programs missed it.

    IF I manage to clear the virus from my primary HHD. How would I go about disinfecting the slave drive? If I reconnect it. Won't it re-infect the system again?

    Back to grumbling. Thanks again, Tim

    Kenny
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    First thing you need to do is follow the Read and Run First instructions on your computer without the slave attached. Once we deem it clean, we can re-attach the slave and run some scans on it to get it clean. The R&R instructions are pretty simple. Just try to get me the requested logs:
    SAS
    MBAM
    ComboFix
    RootRepeal --- if it runs
    C:\MGLogs.zip
     
  5. Born2Late

    Born2Late Private E-2

    SUPERAntiSpyware Scan Log

     

    Attached Files:

    Last edited by a moderator: Oct 23, 2011
  6. Born2Late

    Born2Late Private E-2

    Malwarebytes' Anti-Malware 1.51.2.1300

     

    Attached Files:

    Last edited by a moderator: Oct 23, 2011
  7. Born2Late

    Born2Late Private E-2

    MGTools hangs up before finishing. The last time I nuked both drives. I didn't partition or (forgot term) the slave drive. So, my OS doesn't recognize a drive is there. Do I still have to physically disconnect the serial cable? My PC rebooted successfully during the scanning processes. That was a first since this started.
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please read this:
    How to attach items to your post or view How to Attach Items: the Video.

    Download OTL to your desktop.


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.


    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.
     
  9. Born2Late

    Born2Late Private E-2

    ComboFix 11-10-21.06 - Kenny 10/22/2011 19:15:26.1.1 - x86
     

    Attached Files:

    Last edited by a moderator: Oct 23, 2011
  10. Born2Late

    Born2Late Private E-2

    Hmm,
    I ran the program, but the reports won't post here. My screen just goes white. The files are too big?
     
  11. Born2Late

    Born2Late Private E-2

    OK,
    When all else fails... Read the directions :-D
     

    Attached Files:

  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What malware issues are you still having, if any?

    You may need to post in the software forum for assistance with your slave drive.
     
  13. Born2Late

    Born2Late Private E-2

    My PC seems to be functioning fine, now. After this experience. I'm apprehensive to say the virus is gone from the primary drive. Would a specific scan from one of those programs confirm that? I intend to run those programs again to see if anything turns up.

    I don't understand what you mean by posting in a software forum for cleaning my slave drive. I thought I was in the right place for virus & malware infections. I'm also unsure whether I can now load Avast! again. Will it interfere w/these other programs you sent me?
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That's what I was referring to about your slave drive not being recognized. You may need to post in the software forum to get assistance with that issue. If it is not recognized, then you can't run scans on it to see if it was totally wiped clean.

    I was not seeing any malware on your primary drive. If that is running well, then you can remove all the tools we had you download. Please tell me what issues you are having with that drive and don't do the below unless you are running properly.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0


    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
  15. Born2Late

    Born2Late Private E-2

    OK Tim,
    I purposely didn't fully set up the slave drive after the last nuking. I suspect a copy of the virus(es) is still there. (crosses fingers again) We'll see how this goes.
     
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know if you get it working again. :)
     
  17. Born2Late

    Born2Late Private E-2

    I reformatted & partitioned to slave drive last night. I now have two(?) slave drives. One being that mystery 7+MB that couldn't be overwritten by the Seagate utility I use. Overall, the PC seems to function normally again, BUT... A couple of things give me pause. I always run SUPERantispyware first when scanning. It always finds 120-140 cookies. I can't see how I accumulate so many cookies mere minutes after booting up. I suspect that 7+MB is downloading the same cookies every time I boot up. Every time I've tried to run MGTools. It hangs up when starting to run its DLL process. I've attached a couple of logs. Sorry about the cut_N_pasted ones. I don't know where those logs are saved.
    __________________________________________________________________________________________________________________________________
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/25/2011 at 04:49 PM

    Application Version : 5.0.1134

    Core Rules Database Version : 7842
    Trace Rules Database Version: 5654

    Scan type : Complete Scan
    Total Scan Time : 00:20:58

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 392
    Memory threats detected : 0
    Registry items scanned : 33755
    Registry threats detected : 0
    File items scanned : 19830
    File threats detected : 127

    Adware.Tracking Cookie
    ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JP7NBW32 ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .adxpose.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .eyewonder.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .eyewonder.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    .googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QQQ0DGJ.DEFAULT\COOKIES.SQLITE ]
    __________________________________________________________________________________________________________________________________

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8020

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/25/2011 5:57:45 PM
    mbam-log-2011-10-25 (17-57-45).txt

    Scan type: Full scan (C:\|D:\|G:\|)
    Objects scanned: 165491
    Time elapsed: 20 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    __________________________________________________________________________________________________________________________________

    16:21:32 Kenny MESSAGE Protection started successfully
    16:21:39 Kenny MESSAGE IP Protection started successfully
    16:22:37 Kenny MESSAGE IP Protection stopped
    16:22:38 Kenny MESSAGE Scheduled update executed successfully
    16:22:44 Kenny MESSAGE Database updated successfully
    16:22:48 Kenny MESSAGE IP Protection started successfully
     
  18. Born2Late

    Born2Late Private E-2

    I don't see the two logs I attached to the last reply(?). Sorry, maybe I'm fading from work already. I've tried to re-attach them again, here.

    Edit: Hmm, it seems they won't upload a second time.
     
    Last edited: Oct 25, 2011
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  20. Born2Late

    Born2Late Private E-2

    Hi Tim,
    My system is running fine, now. Cookies continue to appear far faster than they should. That 7.5MB of space on my slave drive that refused to be overwritten is still there, too. I boot up the PC, hit my e-mail, then come here. Yet, I already have 100+ cookies when I scan then. It seems too much_too fast. Is it not possible that that 7.5MB is a program downloading the cookies (which I know are harmless)? Could that program not one day cause my PC to flash an "EAT BRAINS!" message @me? Don't get me wrong. I'm looking forward to the real zombie invasion. I'm totally awesome @headshots. I just don't want my PC to be one of them...
     
  21. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Have you run CCleaner on your system?
     
  22. Born2Late

    Born2Late Private E-2

    No, but SUPERantispyware is cleaning the Cookies, no? You want me to download & run CCleaner?
     
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes. ;)
     
  24. Born2Late

    Born2Late Private E-2

    Hmm,
    Had a little setback. Tried installing an old Norton utilities suite. Their old AV came along for the ride. It jammed my system up, freezing because of other AV programs (I guess). I ended up nuking everything again. I'm up & running again after several power outages along the way (don't even ask...).

    ** My PC was clean before I nuked it, right? So, I don't have to go through the whole cleaning process again, right?

    ** I installed & ran CCleaner. It cleared a bunch of cookies & temp files (not many).

    ** I like Superantispyware & Malwarebytes. I'd like to keep them. I also have Avast! AV & Zonealarm firewall installed & running. OK?
     
  25. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, we recommend that you keep both SAS and MBAM to use as backup scanners. ;)
     
  26. Born2Late

    Born2Late Private E-2

    Hi Tim,
    Another setback on this end. That freak snow storm wiped out Internet & power in my area for days. As far as I know. My PC is now clean again, right? When I nuked it last time. That mystery 7.8MB of space I can't overwrite didn't reload viral copies again? I don't have to go through the whole cleaning process again? I'll run scans w/Avast, SAS, & MBAM later tonight.

    Man, I felt like I was back in the Eighteen hundreds w/o the 'Net. That's how I get my news. The stuff in the papers is 3+ days old...
     
  27. Born2Late

    Born2Late Private E-2

    Oops,
    I forgot to ask. ZoneAlarm freeware firewall: adequate protection?
     
  28. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am sure you are fine, but it is always a good idea to run routine system scans. Hope you are all right. Many people really got blasted with that storm. ;)
     
  29. Born2Late

    Born2Late Private E-2

    Well, if that's the case. Let me take this opportunity to say Thank You. I work in healthcare. I help a lot of people every day who don't know how to say it. Or, even think they should...

    I've got a few bad things going on in my life right now. I REALLY didn't need my PC to go down like this. Thank You for doing me a solid, & alleviating some of my stress. :) May your good deeds come back to you, soon.

    Take Care

    Kenny
     
  30. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds