# "Antimalware Doctor" Virus?!?!?!  HELP!



## jd132 (May 4, 2011)

Ok, so i have Windows Security Essentials installed, but its not recognizing "Antimalware Doctor"...the program wont let me close it, wont let me un-install, and wont let me install AVG free...What do i do?


----------



## johnb35 (May 4, 2011)

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## jd132 (May 4, 2011)

ok..idk if this is what you wanted but here it is...Mbytes found 18 errors. here's the log from hijak...



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:18 AM, on 5/5/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Folding@home\Folding@home-x86\Folding@home.exe
C:\Users\josh\AppData\Roaming\Folding@home-x86\FahCore_a4.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6720 bytes





If i cant get it running smoothly(yes, my gameplay decreased also...marginally   ), I will do a fresh install, but id like to avoid this as server 08 R2 is kinda tuff to get drivers working.

Thanx.


----------



## johnb35 (May 4, 2011)

Please post the malwarebytes log so I can see what it deleted.  To get the log, open malwarebytes, click on the logs tab, open the log and then copy and paste it back here in your reply.

Also please perform the following procedure.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## jd132 (May 4, 2011)

*Combo fix is incompatible with my OS...
heres the updated Hijak log:*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:19 PM, on 5/5/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\PrtScr\PrtScr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [Google Update] "C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6281 bytes



*Malware bites log*:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6502

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/5/2011 12:11:01 AM
mbam-log-2011-05-05 (00-11-01).txt

Scan type: Quick scan
Objects scanned: 170933
Time elapsed: 1 minute(s), 0 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
c:\Windows\Njyvoa.exe (Trojan.FraudPack.Gen) -> 3412 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sorttp700.exe (Trojan.FakeAlert) -> Value: sorttp700.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\Njyvoa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\b3c6263ff310d05d8f9d4c7f06edc4c6\sorttp700.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Local\Temp\Nhw.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Local\Temp\Nhx.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.





The "antimalwalware Doctor" virus or whatever is gone, but for some reason, since it was on my system, my games have rlly slowed down..  

Thanx for your help btw.


----------



## johnb35 (May 5, 2011)

> Combo fix is incompatible with my OS.



You are running windows 7 64 bit so it is compatible with your operating system. If combofix is giving you that message then there is something else going on.  You are still infected.  Please download and run superantispyware.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

After installing the software, please update it and then run a quick scan and then post its log.  To get the log open superantispyware, click on the preferences button on the main page and then click on the statistics/logs tab, open the log and then copy and paste it back here.


----------



## jd132 (May 5, 2011)

*SASWARE Log:*

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/05/2011 at 10:14 PM

Application Version : 4.51.1000

Core Rules Database Version : 6992
Trace Rules Database Version: 4804

Scan type       : Quick Scan
Total Scan Time : 00:05:13

Memory items scanned      : 516
Memory threats detected   : 0
Registry items scanned    : 2246
Registry threats detected : 0
File items scanned        : 10622
File threats detected     : 335

Adware.Tracking Cookie
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[7].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@serving-sys[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mediasrv[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@www.matrix-media[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@advertising[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adtech[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@atdmt[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@questionmarket[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@apmebf[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@specificclick[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@clicksor[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@myroitracking[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@www.burstnet[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[5].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adserver.adtechus[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@m1.mediasrv[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@pro-market[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mediaplex[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[10].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@realmedia[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mediabrandsww[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[3].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@xm.xtendmedia[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@content.yieldmanager[3].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@dc.tremormedia[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@eas.apm.emediate[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@r1-ads.ace.advertising[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@tribalfusion[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@media6degrees[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ads.bridgetrack[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adbrite[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@harrenmedianetwork[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[9].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[6].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@yieldmanager[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@interclick[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@insightexpressai[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@invitemedia[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adserving.versaneeds[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ads.pointroll[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@burstnet[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ru4[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@imrworldwide[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@media.adfrontiers[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@collective-media[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mm.chitika[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@specificmedia[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@zedo[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ads.intergi[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@a1.interclick[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adxpose[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mswmw7mobilemainprod.122.2o7[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ads.inextmedia[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@pointroll[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[4].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ads.pubmatic[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@segment-pixel.invitemedia[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ads.adk2[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[8].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@eyewonder[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@revsci[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@statse.webtrendslive[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@trafficmp[2].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ad.yieldmanager[1].txt
	C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@fastclick[1].txt
	.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.pro-market.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.pro-market.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.pro-market.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.www.burstnet.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediaplex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media.adfrontiers.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.imrworldwide.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.imrworldwide.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.dmtracker.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adscendmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	user.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a.websponsors.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.apmebf.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.burstnet.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.legolas-media.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.gametracker.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	stats.visionlemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.trackimizer.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.eyewonder.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adxpose.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adscendmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.yadro.ru [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.paypal.112.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revenue.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	a.intentmedia.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	a.intentmedia.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.liveperson.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	uk.sitestat.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	uk.sitestat.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	handpickedmedia.co.uk [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.stats.complex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.stats.complex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.stats.complex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.statcounter.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.server.cpmstar.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.server.cpmstar.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.server.cpmstar.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adlegend.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.myroitracking.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediabrandsww.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.homestore.122.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.azjmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.azjmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mm.chitika.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.xiti.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.linksynergy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.linksynergy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.linksynergy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media.adfrontiers.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.apmebf.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.stats.paypal.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.buycom.122.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.avgtechnologies.112.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.questionmarket.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.questionmarket.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediaplex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.microsoftsto.112.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.eset.122.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.247realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.burstnet.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lfstmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media2.legacy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clickfuse.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ads.bridgetrack.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ads.bridgetrack.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	statse.webtrendslive.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	click.tigeronline.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	click.tigeronline.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ar.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediaplex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.legolas-media.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.doubleclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tacoda.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tacoda.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tacoda.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.yieldmanager.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.network.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tribalfusion.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	objects.tremormedia.com [ C:\Users\josh\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BT8KWMRT ]
	s0.2mdn.net [ C:\Users\josh\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BT8KWMRT ]
	secure-us.imrworldwide.com [ C:\Users\josh\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BT8KWMRT ]

Rogue.AntiMalwareDoctor
	C:\Users\josh\AppData\Roaming\B3C6263FF310D05D8F9D4C7F06EDC4C6

Trojan.Agent/Gen-Falcomp[RE]
	C:\WINDOWS\SYSWOW64\BCRYPTF.DLL


----------



## johnb35 (May 5, 2011)

Ok, it still didn't delete what I was hoping it would.  Can you please post a fresh hijackthis log for me.  I'll be going to bed shortly so I will reply tomorrow afternoon when I get home from work.


----------



## jd132 (May 5, 2011)

Hijack log...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:44 PM, on 5/5/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6658 bytes


----------



## johnb35 (May 6, 2011)

Ok, I need you to try running combofix again.  it has been compatible with windows 7 64bit for a few months now.  Please run rkill before running combofix.  You must also disable any active virus/malware/firewall program running.  This may be the issue.

Here is a renamed version of rkill.

http://download.bleepingcomputer.com/grinler/iExplore.exe

Run rkill and when its done it will pop up a log that will show if it killed any active malware process.  Do not reboot the pc after running rkill until you have ran combofix.


----------



## jd132 (May 6, 2011)

RKILL LOG:


This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 

Rkill was run on 05/06/2011 at 22:10:46. 
Operating System: Windows Server 2008 R2 Standard 


Processes terminated by Rkill or while it was running: 

C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\NexonUS\NGM\NGM.exe
C:\Windows\SysWOW64\InfDefaultInstall.exe


Rkill completed on 05/06/2011 at 22:10:48. 






COMBOFIX still says error - Win 32 only...


----------



## johnb35 (May 7, 2011)

Sorry for not getting back to you sooner.

I see that you are actually running windows server 2008, which is why combofix won't work.


Rerun hijackthis and place a check next to the following entry.

O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe

Then click on fix checked.

Please navigate to 

C:\Users\josh\AppData\Local\Temp\1\Nhx.exe

and delete the file nhx.exe by right clicking on it and click on delete.  You may need to enable show hidden files and folders in order to see these directories.

Reboot the system.

Then I would like for you to run an online scan.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## jd132 (May 9, 2011)

NHX.exe is alredy gone.


C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll	Win32/Adware.Yontoo.A application	cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ce2	multiple threats	deleted - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000cfe	a variant of Win32/SweetIM.B application	cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e08	multiple threats	deleted - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000f3e	a variant of Win32/Adware.Gamevance.AT application	cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010db	a variant of Win32/Adware.HotBar.H application	cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010f7	a variant of Win32/Adware.HotBar.H application	cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Temp\ICReinstall\ringtonejunkiez.exe	a variant of Win32/SweetIM.B application	cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Temp\is233770471\vn-audiojunkiez-silent-us.exe	Win32/Toolbar.Zugo application	deleted - quarantined
C:\Users\josh\Downloads\AcidX_145977_0201.exe	multiple threats	deleted - quarantined
C:\Users\josh\Downloads\BlackOpsHack.rar	Win32/AutoRun.Spy.VB.F worm	deleted - quarantined
C:\Users\josh\Downloads\cod6_v1.0_trn+6.rar	a variant of Win32/Injector.CRP trojan	deleted - quarantined
C:\Users\josh\Downloads\eMuleSetup.exe	a variant of Win32/Adware.HotBar.H application	cleaned by deleting - quarantined
C:\Users\josh\Downloads\FC4.9.rar	a variant of Win32/Packed.VMProtect.AAA trojan	deleted - quarantined
C:\Users\josh\Downloads\ringtonejunkiez.exe	a variant of Win32/SweetIM.B application	cleaned by deleting - quarantined
C:\Users\josh\Downloads\VaftvSetup.exe	a variant of Win32/Adware.HotBar.H application	cleaned by deleting - quarantined
C:\Users\josh\Downloads\youtubedownloader_linkout_157740_041411030044.exe	multiple threats	deleted - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000789	Win32/AutoRun.Spy.VB.F worm	deleted - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\AppData\Roaming\B3C6263FF310D05D8F9D4C7F06EDC4C6\enemies-names.txt	Win32/Adware.AntimalwareDoctor.AE.Gen application	cleaned by deleting - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\AppData\Roaming\B3C6263FF310D05D8F9D4C7F06EDC4C6\local.ini	Win32/Adware.AntimalwareDoctor.AE.Gen application	cleaned by deleting - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\Downloads\BlackOpsHack.rar	Win32/AutoRun.Spy.VB.F worm	deleted - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\Downloads\FC4.9.rar	a variant of Win32/Packed.VMProtect.AAA trojan	deleted - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gppcgehbcfhhdpbhccplcdphbdofhhjg\1.76_0\external.js	JS/Kryptik.AK trojan	cleaned by deleting - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\My Documents\Downloads\SuperOneClickv1.7-ShortFuse.zip	Android/Exploit.RageCage.A trojan	deleted - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\My Documents\Downloads\z4root.zip	Android/Exploit.RageCage.A trojan	deleted - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\My Documents\Downloads\z4root\z4root.1.1.0.apk	Android/Exploit.RageCage.A trojan	deleted - quarantined


----------



## johnb35 (May 9, 2011)

Downloading hacks for software will usually get you infected.  I see in that log that you have downloaded some hacks for black ops and others.


----------



## jd132 (May 11, 2011)

yep...cleaned since then


----------



## jd132 (May 11, 2011)

Thanx  for getting the "antimalware" malware off...yer a genius!  
P.S. Is there a thank button anywhere?..lol.


----------



## johnb35 (May 11, 2011)

jd132 said:


> Thanx  for getting the "antimalware" malware off...yer a genius!
> P.S. Is there a thank button anywhere?..lol.



Not a genius, just helping users out.  In the future there may be a thanks button but not at this time.


----------



## jd132 (May 11, 2011)

Anyway, what was there is gone now. thanx


----------

