Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: New HijackThis Log

Unread postby jwoday » September 4th, 2009, 9:19 am

AVG Updates are now working. AVG Scan:


"Scan ""Scheduled scan"" was finished."
"Infections";"9";"9";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, September 04, 2009, 3:00:03 AM"
"Scan finished:";"Friday, September 04, 2009, 5:29:32 AM (2 hour(s) 29 minute(s) 29 second(s))"
"Total object scanned:";"467502"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\bebutepo.dll.vir";"Trojan horse FakeAlert.MC";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\depopuho.dll.vir";"Trojan horse Generic14.YBC";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\fahapera.dll.vir";"Trojan horse Vundo.HF";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\fibikavi.dll.vir";"Trojan horse FakeAlert.MC";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\gilopisa.dll.vir";"Trojan horse Generic14.YAZ";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\jarugimo.dll.vir";"Trojan horse Generic14.ZCT";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\jipafofa.dll.vir";"Trojan horse Crypt.GJP";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\pujawewo.exe.vir";"Trojan horse Downloader.Zlob.AONF";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\waruworu.dll.vir";"Trojan horse Generic14.ZAG";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt:\2o7.net.4fbaf5a1";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.cfb9f79a";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.156cbc67";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt:\realmedia.com.125a868c";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt:\realmedia.com.e14be39e";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.738d89d";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.a5a8b88c";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt:\zedo.com.ff8ec9c0";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
jwoday
Regular Member
 
Posts: 18
Joined: August 18th, 2009, 5:54 pm
Advertisement
Register to Remove

Re: New HijackThis Log

Unread postby Cypher » September 4th, 2009, 1:54 pm

Hi john.
AVG Updates are now working

Thats good :thumbup:

your latest set of logs are clean!


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

OTC

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.

Adobe\Reader 8.0
Java(TM) 6 Update 3


Next

Your version of java is outdated

Install the latest version Here

You version of Adobe Reader is outdated

Update to the latest version Here

Here are some free programs I recommend that could help you improve your computer's security.

I recommend you keep Malwarebytes' Anti-Malware.


Install Superantispyware
Superantispyware will detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.
You can find information and download it from HERE

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Install MVPS Hosts File From Here

The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

Safe surfing! :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: New HijackThis Log

Unread postby silver » September 6th, 2009, 8:16 pm

This topic is now closed
We are pleased to have been of assistance.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 493 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware