WORK PC Losing 0.1s Disk Space Since MBAM "Removed" 6to4 Trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by AngelsWilliam, Apr 25, 2009.

  1. AngelsWilliam

    AngelsWilliam Private First Class

    4 days ago (21 April 2009), I ran MBAM on my machine in my routine rotor of antimalware scans. When I checked the results, it said it had found the 6to4 trojan. I told it to remove it. It said it had deleted it, but that my computer needed to be restarted to complete the deletion, so I restarted my computer.

    Wednesday night, I opened Pidgin messenger (for communication with work support), and it said it couldn't connect with one of my Yahoo accounts because the server had rejected the connection, possibly because the password had changed. After 3 attempts to type and retype the account's password in, I opted to reboot the program. That time, NONE of my Yahoo accounts would connect.

    So...I went to my laptop and changed all of my Yahoo passwords, then returned to my PC and entered those passwords and tried connecting again. Still no joy. So I uninstalled Pidgin and installed Digby. That connected with the accounts just fine.

    All was well...for a while. Then, my computer started running much more slowly, and my desktop icons started flipping more than usual...and when I hadn't just closed a window. I forget why, but I went in to check the space on my hard drive, and it was 38.7, when I had recently gotten it up to 40.1. I had done absolutely NOTHING to get it down that low. There was just NO WAY. But, just in case, I went to the folder in which I kept my installation downloads and got rid of some really old, outdated ones and/or some that I would never again use or that had been replaced by better or safer programs. That got me up to 38.9, which reaffirmed in my mind that there was no way I had done anything to warrant a decrease from 40.1 to 38.7 in 3 days' time. But, my computer wasn't making as much noise anymore and seemed to be running faster, so I thought maybe this had all been my imagination. Stranger things have happened....:-o

    Well, I decided to just keep my eye on the available space on the hard drive and the behavior of the computer. Everything was okay while I was working Friday night, other than the occasional pause in DictaPhone while I was typing in a report, but that happens sometimes because I need several programs open--including 2 windows in Firefox--when I'm working. But when I came back upstairs from my pre-bedtime break after work? The disk space was down to 38.6 around 10:00 a.m. or so from the 38.9 it had been when I left it at 5:30 a.m. The only thing that was going on with this machine was it was online with AVG Pro running. At least, that was supposed to be the only thing that was going on....

    So, I am attaching my logs with this post.

    Oh, and my laptop is even worse shape than this computer. And there is absolutely no imagination going on about that one. Trust me. I'll make a separate post for that. I hope to God that won't hurt my chances to get helped more quickly for this one. :eek

    Thanks for your help!
     

    Attached Files:

    Last edited: Apr 25, 2009
    AngelsWilliam, Apr 25, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are all clean. You are not having malware problems. All applications including Windows use diskspace. The longer Windows runs without a reboot, the larger your pagefile will become. Each time you reboot your PC or perform certain updates, a restore point will be created and it will use lots of diskspace. AVG was not the only thing running. Windows was running and all of the other typical process that you load and run at startup were running too. Also any other applications you had open are also running whether you are actively using them or not.
     
    Last edited: Apr 29, 2009
    chaslang, Apr 28, 2009
    #2
  3. AngelsWilliam

    AngelsWilliam Private First Class

    I leave that computer running until an installation/uninstallation requires a reboot or until I have the wireless connection disabled so long that it won't reconnect. I have never seen the disk drive lose any space at all while just sitting there until that morning.

    So, is there a way to remove restore points without removing them all? Also, I have Office Pro 2003 Update installed on my desktop, which updated 2000. For some reason, my program list still lists Office 97. Is it safe to uninstall that, or will it ruin my current copy of office? Because...as I'm sure you know, Office takes up LOADS of space. I think 2000 is still on there, too. (I'm on my laptop right now.) Would it be safe to uninstall that, too, even though that was what the 2003 update disk updated?

    Yes...I do realize that. I'm sorry if I led you to believe I'm an idiot by saying all that was running was AVG. I meant actively. I open TaskManager frequently when things are running slowly so I can find out what the CPU usage is and if there's something on the process list that doesn't look familiar (Google lookup time) or isn't essential and can therefore be temporarily ended. I did not have any other applications running. That was what I originally meant by "The only thing running was AVG." I had left the computer, so I had no applications open.

    Another thing I didn't mention in the original post about my desktop (because the forum wouldn't let me edit my entry more than once): My computer had stopped letting me do MS updates. MS Update Home (it uses IE, no matter which browser is your default) would say, "Welcome to Microsoft Update!" and invite me to "get started." Then, when I tried to, it told me I couldn't access the site. I tried a couple times. I have Microsoft Genuine Advantage, etc., on this computer and update every time I sit down to it. When I'm not sitting at it, I disable the wireless connection for safety. Also, that Webshots folder I was told to delete one of the times I was helped by you guys has reappeared, and I have had nothing to do with Webshots--have even deleted everything on my computer via RegSeeker with Webshots that I thought was safe to remove...but, there it is! Hmmmm.

    I will admit--wait for it--that I have malware phobia after losing a harddrive and a laptop to some very sneaky covert malware that hid from regular scanning software (or shut it down, in the case of the laptop), but I also have a pretty good eye for/idea of malware and/or malware drop site behaviors because I've done a helluvalot of research because I never ever want to lose a harddrive or laptop again. I can't afford it.

    I should also note here that I can neither have .NET framework on my desktop nor automatic updates because they conflict with my video card. The old RADEON cards take the PC usage up to 100% more often than not if you have .NET framework and/or automatic updates (of any kind, any of the 3 choices). It was doing it to me every 1-5 minutes. This was back when I had Windows 2K, though. If this has changed for XP, please let me know because if .NET is a matter of security, I want to install it. Will my Windows remain stable if I add that much more onto my harddrive, though?
     
    AngelsWilliam, Apr 30, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Windows and other applications always have processes running whether you are using the PC or not. Depending on what is running and whether updates are possibly installed, diskspace use will change.

    The Software Forum is the place for a discussion like this. You cannot pick and choose which to delete but you can change the default size of System Restore from 12% of the hard disk space to something lower. I believe this purges the oldest restore points in order to fit within the new setting. Remember that if you do changes this you will have fewer fall back points and if you make it too small System Restore will fail to work.

    Please post only malware related problems/questions in this forum. We are too busy for other topics that can be answered in other forums.

    In the truest sense, every process running is an application. You process list from your logs shows all of the below which are all applications
    Please post in the Software Forum. There are dozens of reasons for Windows Update not working. One of them can be due to having automatic updates disable which you say you have done. Since you have no malware, malware is not your reason for problems with Windows Update.

    But it is not malware. Are you sure you deleted it? The folder date is March 8, 2009 so it has been there for awhile now. Had you perform a system restore? Does anyone else use the computer? Are you sure that some other program that is installed does not use it? This also is also a topic for the Software Forum.

    .NET has nothing to due with security. Not installing it will just block you from running thousands of tools. If you have an old verion installed and do not update when security patches are necessary, then that is a security risk. Sorry but your other questions do not belong here.
     
    chaslang, May 4, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    By the way here are a couple non-malware tips. Remove all the temp files from failed Windows Updates like the below which are wasting a ton of space
    Code:
    "C:\Program Files\Internet Explorer\"
set4d.tmp     Mar  8 2009       68608  "SET4D.tmp"
set51.tmp     Mar  8 2009      246784  "SET51.tmp"
set52.tmp     Mar  8 2009      638816  "SET52.tmp"
set78.tmp     Mar  8 2009       68608  "SET78.tmp"
set7c.tmp     Mar  8 2009      246784  "SET7C.tmp"
set7d.tmp     Mar  8 2009      638816  "SET7D.tmp"
seta5.tmp     Mar  8 2009       68608  "SETA5.tmp"
seta9.tmp     Mar  8 2009      246784  "SETA9.tmp"
setaa.tmp     Mar  8 2009      638816  "SETAA.tmp"

"C:\Program Files\Internet Explorer\en-US\"
set5b.tmp     Mar  8 2009       12288  "SET5B.tmp"
set5d.tmp     Mar  8 2009       12288  "SET5D.tmp"
set86.tmp     Mar  8 2009       12288  "SET86.tmp"
set88.tmp     Mar  8 2009       12288  "SET88.tmp"
setb3.tmp     Mar  8 2009       12288  "SETB3.tmp"
setb5.tmp     Mar  8 2009       12288  "SETB5.tmp"

"C:\Program Files\Internet Explorer\SIGNUP\"
install.ins   Mar  8 2009         460  "install.ins"
set62.tmp     Mar  8 2009         460  "SET62.tmp"
set8d.tmp     Mar  8 2009         460  "SET8D.tmp"
setba.tmp     Mar  8 2009         460  "SETBA.tmp"
                       
"C:\WINDOWS\system32\"
set100.tmp    Mar  8 2009       66560  "SET100.tmp"
set101.tmp    Mar  8 2009      105984  "SET101.tmp"
set102.tmp    Mar  8 2009     1206784  "SET102.tmp"
set103.tmp    Mar  8 2009      420352  "SET103.tmp"
set104.tmp    Mar  8 2009      236544  "SET104.tmp"
set105.tmp    Mar  8 2009      208384  "SET105.tmp"
set106.tmp    Mar  8 2009      914944  "SET106.tmp"
set68.tmp     Mar  8 2009       72704  "SET68.tmp"
set69.tmp     Mar  8 2009      128512  "SET69.tmp"
set6a.tmp     Mar  8 2009       10240  "SET6A.tmp"
set6b.tmp     Mar  8 2009       18944  "SET6B.tmp"
set6c.tmp     Mar  8 2009      348160  "SET6C.tmp"
set6d.tmp     Mar  8 2009      216064  "SET6D.tmp"
set6e.tmp     Mar  8 2009      385024  "SET6E.tmp"
set6f.tmp     Mar  8 2009       59904  "SET6F.tmp"
set70.tmp     Mar  8 2009      173056  "SET70.tmp"
set73.tmp     Mar  8 2009      125952  "SET73.tmp"
set74.tmp     Mar  8 2009      229376  "SET74.tmp"
set75.tmp     Mar  8 2009      163840  "SET75.tmp"
set76.tmp     Feb  6 2009     3698584  "SET76.tmp"
set77.tmp     Mar  8 2009      445952  "SET77.tmp"
set78.tmp     Mar  8 2009      391536  "SET78.tmp"
set7a.tmp     Mar  8 2009    11063808  "SET7A.tmp"
set7b.tmp     Mar  8 2009     1241088  "SET7B.tmp"
set7c.tmp     Mar  8 2009      183808  "SET7C.tmp"
set7d.tmp     Mar  8 2009       55808  "SET7D.tmp"
set7e.tmp     Mar  8 2009     1985024  "SET7E.tmp"
set7f.tmp     Mar  8 2009       71680  "SET7F.tmp"
set80.tmp     Mar  8 2009      164352  "SET80.tmp"
set81.tmp     Mar  8 2009       57667  "SET81.tmp"
set82.tmp     Mar  8 2009       34816  "SET82.tmp"
set83.tmp     Mar  8 2009     1469440  "SET83.tmp"
set84.tmp     Mar  8 2009       94720  "SET84.tmp"
set85.tmp     Mar  8 2009      726528  "SET85.tmp"
set86.tmp     Mar  8 2009       25600  "SET86.tmp"
set87.tmp     Mar  8 2009       43008  "SET87.tmp"
set88.tmp     Mar  8 2009      594432  "SET88.tmp"
set89.tmp     Mar  8 2009       55296  "SET89.tmp"
set8a.tmp     Mar  8 2009       13312  "SET8A.tmp"
set8b.tmp     Mar  8 2009       45568  "SET8B.tmp"
set8d.tmp     Mar  8 2009     5937152  "SET8D.tmp"
set8e.tmp     Mar  8 2009     1638912  "SET8E.tmp"
set8f.tmp     Mar  8 2009       66560  "SET8F.tmp"
set90.tmp     Mar  8 2009       48128  "SET90.tmp"
set91.tmp     Mar  8 2009      156160  "SET91.tmp"
set92.tmp     Mar  8 2009      193536  "SET92.tmp"
set93.tmp     Mar  8 2009       72704  "SET93.tmp"
set94.tmp     Mar  8 2009      611840  "SET94.tmp"
set95.tmp     Mar  8 2009      109568  "SET95.tmp"
set96.tmp     Mar  8 2009       46592  "SET96.tmp"
set97.tmp     Mar  8 2009       66560  "SET97.tmp"
set98.tmp     Mar  8 2009      105984  "SET98.tmp"
set99.tmp     Mar  8 2009     1206784  "SET99.tmp"
set9a.tmp     Mar  8 2009      420352  "SET9A.tmp"
set9b.tmp     Mar  8 2009      236544  "SET9B.tmp"
set9c.tmp     Mar  8 2009      208384  "SET9C.tmp"
set9d.tmp     Mar  8 2009      914944  "SET9D.tmp"
set9e.tmp     Mar  8 2009      128512  "SET9E.tmp"
set9f.tmp     Mar  8 2009       10240  "SET9F.tmp"
seta0.tmp     Mar  8 2009       18944  "SETA0.tmp"
seta1.tmp     Mar  8 2009      348160  "SETA1.tmp"
seta2.tmp     Mar  8 2009      216064  "SETA2.tmp"
seta3.tmp     Mar  8 2009      385024  "SETA3.tmp"
seta4.tmp     Mar  8 2009       59904  "SETA4.tmp"
seta5.tmp     Mar  8 2009      173056  "SETA5.tmp"
seta8.tmp     Mar  8 2009      125952  "SETA8.tmp"
seta9.tmp     Mar  8 2009      229376  "SETA9.tmp"
setaa.tmp     Mar  8 2009      163840  "SETAA.tmp"
setab.tmp     Feb  6 2009     3698584  "SETAB.tmp"
setac.tmp     Mar  8 2009      445952  "SETAC.tmp"
setad.tmp     Mar  8 2009      391536  "SETAD.tmp"
setaf.tmp     Mar  8 2009    11063808  "SETAF.tmp"
setb0.tmp     Mar  8 2009     1241088  "SETB0.tmp"
setb1.tmp     Mar  8 2009      183808  "SETB1.tmp"
setb2.tmp     Mar  8 2009       55808  "SETB2.tmp"
setb3.tmp     Mar  8 2009     1985024  "SETB3.tmp"
setb4.tmp     Mar  8 2009       71680  "SETB4.tmp"
setb5.tmp     Mar  8 2009      164352  "SETB5.tmp"
setb6.tmp     Mar  8 2009       57667  "SETB6.tmp"
setb7.tmp     Mar  8 2009       34816  "SETB7.tmp"
setb8.tmp     Mar  8 2009     1469440  "SETB8.tmp"
setb9.tmp     Mar  8 2009       94720  "SETB9.tmp"
setba.tmp     Mar  8 2009      726528  "SETBA.tmp"
setbb.tmp     Mar  8 2009       25600  "SETBB.tmp"
setbc.tmp     Mar  8 2009       43008  "SETBC.tmp"
setbd.tmp     Mar  8 2009      594432  "SETBD.tmp"
setbe.tmp     Mar  8 2009       55296  "SETBE.tmp"
setbf.tmp     Mar  8 2009       13312  "SETBF.tmp"
setc0.tmp     Mar  8 2009       45568  "SETC0.tmp"
setc1.tmp     Mar  8 2009       72704  "SETC1.tmp"
setc2.tmp     Mar  8 2009     5937152  "SETC2.tmp"
setc3.tmp     Mar  8 2009     1638912  "SETC3.tmp"
setc4.tmp     Mar  8 2009       66560  "SETC4.tmp"
setc5.tmp     Mar  8 2009       48128  "SETC5.tmp"
setc6.tmp     Mar  8 2009      156160  "SETC6.tmp"
setc7.tmp     Mar  8 2009      193536  "SETC7.tmp"
setc8.tmp     Mar  8 2009      128512  "SETC8.tmp"
setc9.tmp     Mar  8 2009      611840  "SETC9.tmp"
setca.tmp     Mar  8 2009      109568  "SETCA.tmp"
setcb.tmp     Mar  8 2009       46592  "SETCB.tmp"
setcc.tmp     Mar  8 2009       66560  "SETCC.tmp"
setcd.tmp     Mar  8 2009      105984  "SETCD.tmp"
setce.tmp     Mar  8 2009     1206784  "SETCE.tmp"
setcf.tmp     Mar  8 2009      420352  "SETCF.tmp"
setd0.tmp     Mar  8 2009      236544  "SETD0.tmp"
setd1.tmp     Mar  8 2009      208384  "SETD1.tmp"
setd2.tmp     Mar  8 2009      914944  "SETD2.tmp"
setd3.tmp     Mar  8 2009       10240  "SETD3.tmp"
setd4.tmp     Mar  8 2009       18944  "SETD4.tmp"
setd5.tmp     Mar  8 2009      348160  "SETD5.tmp"
setd6.tmp     Mar  8 2009      216064  "SETD6.tmp"
setd7.tmp     Mar  8 2009      385024  "SETD7.tmp"
setd8.tmp     Mar  8 2009       59904  "SETD8.tmp"
setd9.tmp     Mar  8 2009      173056  "SETD9.tmp"
setdc.tmp     Mar  8 2009      125952  "SETDC.tmp"
setdd.tmp     Mar  8 2009      229376  "SETDD.tmp"
setde.tmp     Mar  8 2009      163840  "SETDE.tmp"
setdf.tmp     Feb  6 2009     3698584  "SETDF.tmp"
sete0.tmp     Mar  8 2009      445952  "SETE0.tmp"
sete1.tmp     Mar  8 2009      391536  "SETE1.tmp"
sete3.tmp     Mar  8 2009    11063808  "SETE3.tmp"
sete4.tmp     Mar  8 2009     1241088  "SETE4.tmp"
sete5.tmp     Mar  8 2009      183808  "SETE5.tmp"
sete6.tmp     Mar  8 2009       55808  "SETE6.tmp"
sete7.tmp     Mar  8 2009     1985024  "SETE7.tmp"
sete8.tmp     Mar  8 2009       71680  "SETE8.tmp"
sete9.tmp     Mar  8 2009      164352  "SETE9.tmp"
setea.tmp     Mar  8 2009       57667  "SETEA.tmp"
seteb.tmp     Mar  8 2009       34816  "SETEB.tmp"
setec.tmp     Mar  8 2009     1469440  "SETEC.tmp"
seted.tmp     Mar  8 2009       94720  "SETED.tmp"
setee.tmp     Mar  8 2009      726528  "SETEE.tmp"
setef.tmp     Mar  8 2009       25600  "SETEF.tmp"
setf0.tmp     Mar  8 2009       43008  "SETF0.tmp"
setf1.tmp     Mar  8 2009      594432  "SETF1.tmp"
setf2.tmp     Mar  8 2009       55296  "SETF2.tmp"
setf3.tmp     Mar  8 2009       13312  "SETF3.tmp"
setf4.tmp     Mar  8 2009       45568  "SETF4.tmp"
setf6.tmp     Mar  8 2009     5937152  "SETF6.tmp"
setf7.tmp     Mar  8 2009     1638912  "SETF7.tmp"
setf8.tmp     Mar  8 2009       66560  "SETF8.tmp"
setf9.tmp     Mar  8 2009       48128  "SETF9.tmp"
setfa.tmp     Mar  8 2009      156160  "SETFA.tmp"
setfb.tmp     Mar  8 2009      193536  "SETFB.tmp"
setfd.tmp     Mar  8 2009      611840  "SETFD.tmp"
setfe.tmp     Mar  8 2009      109568  "SETFE.tmp"
setff.tmp     Mar  8 2009       46592  "SETFF.tmp"

254 items found:  251 files, 3 directories.
   Total of file sizes:  191,638,548 bytes    182.76 M
******************************************************************************
                                                                              
Locating ALL files created in C:\WINDOWS\System32\DLLCACHE within the last 90 days. 
                                                                              
"C:\WINDOWS\system32\dllcache\"
set12.tmp     Mar  8 2009       59904  "SET12.tmp"
set13.tmp     Feb  6 2009     3698584  "SET13.tmp"
set14.tmp     Mar  8 2009       59904  "SET14.tmp"
set15.tmp     Feb  6 2009     3698584  "SET15.tmp"
set16.tmp     Mar  8 2009      445952  "SET16.tmp"
set17.tmp     Mar  8 2009    11063808  "SET17.tmp"
set18.tmp     Mar  8 2009     1241088  "SET18.tmp"
set19.tmp     Mar  8 2009     1985024  "SET19.tmp"
set1a.tmp     Mar  8 2009      594432  "SET1A.tmp"
set1b.tmp     Mar  8 2009       55296  "SET1B.tmp"
set1c.tmp     Mar  8 2009       72704  "SET1C.tmp"
set1d.tmp     Mar  8 2009      128512  "SET1D.tmp"
set1e.tmp     Mar  8 2009      445952  "SET1E.tmp"
set1f.tmp     Mar  8 2009    11063808  "SET1F.tmp"
set20.tmp     Mar  8 2009      348160  "SET20.tmp"
set21.tmp     Mar  8 2009      216064  "SET21.tmp"
set22.tmp     Mar  8 2009       68608  "SET22.tmp"
set23.tmp     Mar  8 2009      173056  "SET23.tmp"
set24.tmp     Mar  8 2009      125952  "SET24.tmp"
set25.tmp     Mar  8 2009      229376  "SET25.tmp"
set26.tmp     Mar  8 2009      163840  "SET26.tmp"
set27.tmp     Mar  8 2009      391536  "SET27.tmp"
set28.tmp     Mar  8 2009      183808  "SET28.tmp"
set29.tmp     Mar  8 2009       55808  "SET29.tmp"
set2a.tmp     Mar  8 2009       71680  "SET2A.tmp"
set2b.tmp     Mar  8 2009      638816  "SET2B.tmp"
set2c.tmp     Mar  8 2009       34816  "SET2C.tmp"
set2d.tmp     Mar  8 2009     1469440  "SET2D.tmp"
set2e.tmp     Mar  8 2009       94720  "SET2E.tmp"
set2f.tmp     Mar  8 2009      726528  "SET2F.tmp"
set30.tmp     Mar  8 2009       25600  "SET30.tmp"
set31.tmp     Mar  8 2009       43008  "SET31.tmp"
set32.tmp     Mar  8 2009       45568  "SET32.tmp"
set33.tmp     Mar  8 2009     5937152  "SET33.tmp"
set34.tmp     Mar  8 2009     1638912  "SET34.tmp"
set35.tmp     Mar  8 2009       66560  "SET35.tmp"
set36.tmp     Mar  8 2009       48128  "SET36.tmp"
set37.tmp     Mar  8 2009      156160  "SET37.tmp"
set38.tmp     Mar  8 2009      193536  "SET38.tmp"
set39.tmp     Mar  8 2009      611840  "SET39.tmp"
set3a.tmp     Mar  8 2009      109568  "SET3A.tmp"
set3b.tmp     Mar  8 2009       46592  "SET3B.tmp"
set3c.tmp     Mar  8 2009     1241088  "SET3C.tmp"
set3d.tmp     Mar  8 2009     1985024  "SET3D.tmp"
set3e.tmp     Mar  8 2009      594432  "SET3E.tmp"
set3f.tmp     Mar  8 2009       66560  "SET3F.tmp"
set40.tmp     Mar  8 2009      105984  "SET40.tmp"
set41.tmp     Mar  8 2009     1206784  "SET41.tmp"
set42.tmp     Mar  8 2009      420352  "SET42.tmp"
set43.tmp     Mar  8 2009      759296  "SET43.tmp"
set44.tmp     Mar  8 2009      236544  "SET44.tmp"
set45.tmp     Mar  8 2009      914944  "SET45.tmp"
set46.tmp     Mar  8 2009       55296  "SET46.tmp"
set47.tmp     Mar  8 2009       72704  "SET47.tmp"
set48.tmp     Mar  8 2009      128512  "SET48.tmp"
set49.tmp     Mar  8 2009       59904  "SET49.tmp"
set4a.tmp     Feb  6 2009     3698584  "SET4A.tmp"
set4b.tmp     Mar  8 2009      348160  "SET4B.tmp"
set4c.tmp     Mar  8 2009      216064  "SET4C.tmp"
set4d.tmp     Mar  8 2009       68608  "SET4D.tmp"
set4e.tmp     Mar  8 2009      173056  "SET4E.tmp"
set4f.tmp     Mar  8 2009      125952  "SET4F.tmp"
set50.tmp     Mar  8 2009      229376  "SET50.tmp"
set51.tmp     Mar  8 2009      163840  "SET51.tmp"
set52.tmp     Mar  8 2009      391536  "SET52.tmp"
set53.tmp     Mar  8 2009      183808  "SET53.tmp"
set54.tmp     Mar  8 2009       55808  "SET54.tmp"
set55.tmp     Mar  8 2009       71680  "SET55.tmp"
set56.tmp     Mar  8 2009      638816  "SET56.tmp"
set57.tmp     Mar  8 2009       34816  "SET57.tmp"
set58.tmp     Mar  8 2009     1469440  "SET58.tmp"
set59.tmp     Mar  8 2009       94720  "SET59.tmp"
set5a.tmp     Mar  8 2009      726528  "SET5A.tmp"
set5b.tmp     Mar  8 2009       25600  "SET5B.tmp"
set5c.tmp     Mar  8 2009       43008  "SET5C.tmp"
set5d.tmp     Mar  8 2009       45568  "SET5D.tmp"
set5e.tmp     Mar  8 2009     5937152  "SET5E.tmp"
set5f.tmp     Mar  8 2009     1638912  "SET5F.tmp"
set60.tmp     Mar  8 2009       66560  "SET60.tmp"
set61.tmp     Mar  8 2009       48128  "SET61.tmp"
set62.tmp     Mar  8 2009      156160  "SET62.tmp"
set63.tmp     Mar  8 2009      193536  "SET63.tmp"
set64.tmp     Mar  8 2009      611840  "SET64.tmp"
set65.tmp     Mar  8 2009      109568  "SET65.tmp"
set66.tmp     Mar  8 2009       46592  "SET66.tmp"
set67.tmp     Mar  8 2009      445952  "SET67.tmp"
set68.tmp     Mar  8 2009    11063808  "SET68.tmp"
set69.tmp     Mar  8 2009     1241088  "SET69.tmp"
set6a.tmp     Mar  8 2009       66560  "SET6A.tmp"
set6b.tmp     Mar  8 2009      105984  "SET6B.tmp"
set6c.tmp     Mar  8 2009     1206784  "SET6C.tmp"
set6d.tmp     Mar  8 2009      420352  "SET6D.tmp"
set6e.tmp     Mar  8 2009      759296  "SET6E.tmp"
set6f.tmp     Mar  8 2009      236544  "SET6F.tmp"
set70.tmp     Mar  8 2009      914944  "SET70.tmp"
set71.tmp     Mar  8 2009     1985024  "SET71.tmp"
set72.tmp     Mar  8 2009      594432  "SET72.tmp"
set73.tmp     Mar  8 2009       55296  "SET73.tmp"
set74.tmp     Mar  8 2009       72704  "SET74.tmp"
set75.tmp     Mar  8 2009      128512  "SET75.tmp"
set78.tmp     Mar  8 2009      348160  "SET78.tmp"
set79.tmp     Mar  8 2009      216064  "SET79.tmp"
set7a.tmp     Mar  8 2009       68608  "SET7A.tmp"
set7b.tmp     Mar  8 2009      173056  "SET7B.tmp"
set7c.tmp     Mar  8 2009      125952  "SET7C.tmp"
set7d.tmp     Mar  8 2009      229376  "SET7D.tmp"
set7e.tmp     Mar  8 2009      163840  "SET7E.tmp"
set7f.tmp     Mar  8 2009      391536  "SET7F.tmp"
set80.tmp     Mar  8 2009      183808  "SET80.tmp"
set81.tmp     Mar  8 2009       55808  "SET81.tmp"
set82.tmp     Mar  8 2009       71680  "SET82.tmp"
set83.tmp     Mar  8 2009      638816  "SET83.tmp"
set84.tmp     Mar  8 2009       34816  "SET84.tmp"
set85.tmp     Mar  8 2009     1469440  "SET85.tmp"
set86.tmp     Mar  8 2009       94720  "SET86.tmp"
set87.tmp     Mar  8 2009      726528  "SET87.tmp"
set88.tmp     Mar  8 2009       25600  "SET88.tmp"
set89.tmp     Mar  8 2009       43008  "SET89.tmp"
set8a.tmp     Mar  8 2009       45568  "SET8A.tmp"
set8b.tmp     Mar  8 2009     5937152  "SET8B.tmp"
set8c.tmp     Mar  8 2009     1638912  "SET8C.tmp"
set8d.tmp     Mar  8 2009       66560  "SET8D.tmp"
set8e.tmp     Mar  8 2009       48128  "SET8E.tmp"
set8f.tmp     Mar  8 2009      156160  "SET8F.tmp"
set90.tmp     Mar  8 2009      193536  "SET90.tmp"
set91.tmp     Mar  8 2009      611840  "SET91.tmp"
set92.tmp     Mar  8 2009      109568  "SET92.tmp"
set93.tmp     Mar  8 2009       46592  "SET93.tmp"
set97.tmp     Mar  8 2009       66560  "SET97.tmp"
set98.tmp     Mar  8 2009      105984  "SET98.tmp"
set99.tmp     Mar  8 2009     1206784  "SET99.tmp"
set9a.tmp     Mar  8 2009      420352  "SET9A.tmp"
set9b.tmp     Mar  8 2009      759296  "SET9B.tmp"
set9c.tmp     Mar  8 2009      236544  "SET9C.tmp"
set9d.tmp     Mar  8 2009      914944  "SET9D.tmp"
    Also you don't need to keep every single backup of your hosts file
    Code:
    "C:\WINDOWS\system32\drivers\etc\"
ho2f22~1.bac  Mar 26 2009      303817  "hosts.20090405-202007.backup"
ho35fa~1.bac  Jan 29 2009      291135  "hosts.20090204-042636.backup"
ho5afb~1.bac  Mar 12 2009      302763  "hosts.20090319-081540.backup"
ho5b7b~1.bac  Apr 11 2009      312205  "hosts.20090419-145828.backup"
ho6022~1.bac  Mar 19 2009      303015  "hosts.20090326-222803.backup"
ho6996~1.bac  Feb 13 2009      291192  "hosts.20090221-060319.backup"
ho7c0c~1.bac  Feb 21 2009      296389  "hosts.20090227-141721.backup"
ho7dec~1.bac  Apr 19 2009      305146  "hosts.20090423-000225.backup"
hoadf6~1.bac  Feb  4 2009      291135  "hosts.20090204-090808.backup"
hocccf~1.bac  Feb  4 2009      291277  "hosts.20090213-052900.backup"
hod8f8~1.bac  Apr  5 2009      304205  "hosts.20090411-152558.backup"
hodfdc~1.bac  Feb 27 2009      302441  "hosts.20090312-114405.backup"
hof12e~1.bac  Jan 26 2009      290861  "hosts.20090129-170554.backup"
     
    chaslang, May 4, 2009
    #5
  6. AngelsWilliam

    AngelsWilliam Private First Class

    Well, thank you for that. That is a help.
     
    AngelsWilliam, May 26, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.


    Since you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. After doing the above, you should work thru the below link:
     
    chaslang, May 29, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds