Solve : Total Security? – InterviewSolution

InterviewSolution

1.	Solve : Total Security?
Answer» Here's the mbam log: Malwarebytes' Anti-Malware 1.40 Database version: 2713 Windows 6.0.6002 Service Pack 2 8/31/2009 4:50:50 AM mbam-log-2009-08-31 (04-50-50).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 256011 Time elapsed: 2 hour(s), 40 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 18 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\ProgramData\Microsoft\Windows\Start Menu\TSC (Rogue.Total.Security) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\TSC\tsc.exe (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\Windows\System32\1251214205.exe (Trojan.TDSS) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Computer Scan.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Help.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Registration.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Security Center.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Settings.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Total Security.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Update.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. C:\Users\Pinard\Desktop\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\Users\Pinard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TSC.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully. And here is the hjt log. I did this after the mbam log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:01:55 AM, on 8/31/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows SIDEBAR\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [0207671222653068mcinstcleanup] C:\Users\Pinard\AppData\Local\Temp\020767~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon NOTIFY: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- End of file - 8103 bytes How is your computer running?Karnac, Seems to be runnibg good. I have the SAS log. It found a bunch of cookiess. The mbam seems to have gotten rid of that trojan.TDSS as well as Total Security. Should I run mbam again to make sure? AVG didn't catch that. That worries me. Here's the log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/31/2009 at 10:46 AM Application Version : 4.27.1002 Core Rules Database Version : 4077 Trace Rules Database Version: 2017 Scan type : Custom Scan Total Scan Time : 05:39:14 Memory items scanned : 695 Memory threats detected : 0 Registry items scanned : 6447 Registry threats detected : 0 File items scanned : 634584 File threats detected : 177 Adware.Tracking Cookie C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][3].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][3].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Users\Pinard\Cookies\Low\[email protected][2].txt C:\Users\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected]la[1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][3].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][3].txt C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt Run Mbam again, just to be sure. I would consider using Avira AntiVir, it's free, AVG isn't what it used to be. Install WOT (Web of Trust).....this will protect you when browsing, so you don't go to websites LIKE Spyzooka. I hope you removed that program in Add/Remove programs as well.Yes, I did remove spyzooka. Thanx so very much for your help. I'll let you know what a new mbam scan says. Check it out! Malwarebytes' Anti-Malware 1.40 Database version: 2722 Windows 6.0.6002 Service Pack 2 8/31/2009 2:16:36 PM mbam-log-2009-08-31 (14-16-36).txt Scan type: Quick Scan Objects scanned: 81640 Time elapsed: 6 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I'll follow your advice and get Avira.Good stuff...It APPEARS that you're not running any Firewall. If that is true, you need to activate the Windows Firewall ASAP. Did you ever have McAfee on that computer? There is still some evidence of it in the log.

Discussion

No Comment Found

Related InterviewSolutions