Have Total PC Defender malware infection and Safe Mode won't work

jbmorgan said:
Dear Jack,

OK, I ran it again. The log is attached. There was no "cure" option for that file, so I just had TDSKiller delete it. I hope that was OK.

--John
Click to expand...
Good call John,lets get a log from your system:

STEP 1 : Run a scan with Combofix
Please read and follow very carefully the below instructions

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
<ul>
<li>Close any open browsers.</li>
<li><>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</> </em>performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</></li>
<li>Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>

How to run the Combofix scan :
  1. Double click on ComboFix.exe & follow the prompts.
    - If you are prompted to install Windows Recovery Console or update Combofix please allow this requests.
  2. Accept the disclaimer and allow to update if it asks
  3. Combofix will now start scanning your computer.
  4. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> DO NOT mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li>DO NOT "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li>IF after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>
<hr />
What's next?

Please post in your next reply:
1.Combofix log
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
 
Last edited:
Jack, the Combofix log is attached. It ran for a long time, but there were no problems. The system is still apparently running normally. I just tried restarting my system and I was able to boot in Safe Mode, which I haven't been able to do for months! So that is a good sign.
 

Attachments

I just tried restarting my system and I was able to boot in Safe Mode, which I haven't been able to do for months! So that is a good sign.
 
Yes John,everything looks ok on your machine...Lets run two more quick scans to make sure everything is clean!
STEP 1: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 2: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start a HitmanPro scan by <>double clicking on the previously downloaded file</> and then following the prompts.
wK6vI.png
</li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.
<>DO NOT REMOVE ANYTHING!</>,instead click on the Save log button (next to the green Buy now button) , then click on Close.

fQZ30.png
</li>
<li> Post the HitmanPro log in your next reply</li>
</ol>
<hr />

What's next?

Please add in your next reply:
1.ESET log
2. HitmanPro log
3.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
 
Last edited:
Dear Jack,

ESET didn't find anything, so there is no log to post. The Hitman log is below.

Everything is still running normally.

Code: 
HitmanPro 3.6.2.174
www.hitmanpro.com

   Computer name . . . . : ATHENA
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : ATHENA\John B. Morgan IV
   License . . . . . . . : Free

   Scan date . . . . . . : 2012-11-14 22:59:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 170

   Objects scanned . . . : 1,217,663
   Files scanned . . . . : 36,151
   Remnants scanned  . . : 481,221 files / 700,291 keys

Potential Unwanted Programs _________________________________________________

   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\AskToolbar\ (AskBar)
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\AskToolbar\cache.dat (AskBar)
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\AskToolbar\config.xml (AskBar)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)

Cookies _____________________________________________________________________

   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:112.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:247realmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:7search.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:a1.interclick.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.360yield.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.doubleclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.propellerads.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.wsod.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.yieldmanager.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.zanox.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adbrite.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adinterax.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adlegend.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.ad4game.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.adk2.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.bluelithium.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.cnn.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.crakmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.fulldls.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.pointroll.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.pubmatic.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.torrentco.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.undertone.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.us.e-planning.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adserver.adreactor.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adserver.adtechus.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adultfriendfinder.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:advertising.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:allbritton.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ar.atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:at.atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:atdmt.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:bs.serving-sys.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:burstnet.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:clickbank.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:clicksor.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:collective-media.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:d3.zedo.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:dmtracker.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ero-advertising.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:exoclick.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:fastclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:gntbcstglobal.112.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:googleads.g.doubleclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:hearstdigital.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:highbeam.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:img-cdn.mediaplex.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:in.getclicky.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ingram.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:interclick.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:invitemedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:journalregistercompany.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:kontera.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:mm.chitika.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:mtvn.112.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:myroitracking.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:network.realmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:overture.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:pointroll.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:pornhub.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:pornhublive.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:questionmarket.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:realmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:revsci.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ru4.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:saxowatertowndailytimes.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:serving-sys.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:sexad.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:specificclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:spylog.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:statcounter.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:stats.complex.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:stats.paypal.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:stats.townnews.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:statse.webtrendslive.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:timeinc.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:track.prd1.netshelter.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:tradedoubler.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:trafficmp.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:www.burstnet.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:www.pornhub.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:xiti.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:yadro.ru
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:yieldmanager.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:zedo.com
   C:\Documents and Settings\John B. Morgan IV\Cookies\25MJJ0VT.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\CAEF8P09.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\CASDSVN9.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\JINY1307.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@247realmedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@a1.interclick[3].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ad.harrenmedianetwork[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ad.wsod[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ad.yieldmanager[3].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@adbrite[3].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ads.glispa[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ads.pointroll[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@adtech[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@advertise[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@advertising[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@apmebf[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@at.atwola[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@borders.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@bs.serving-sys[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@casalemedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@cdn1.trafficmp[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@chitika[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@citi.bridgetrack[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@clicksor[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@collective-media[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@content.yieldmanager[5].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@content.yieldmanager[6].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@data.coremetrics[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@dmtracker[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@eas.apm.emediate[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ehg-eset.hitbox[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@fastclick[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@hitbox[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@interclick[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@kontera[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@media6degrees[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@mediaplex[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@microsoftsto.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@myroitracking[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@network.realmedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@oasn04.247realmedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@paypal.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@pointroll[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@questionmarket[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@realmedia[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@rediffcom.122.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@revsci[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@server.cpmstar[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@serving-sys[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@statcounter[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@statse.webtrendslive[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@tacoda[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@track.in.omgpm[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@trafficmp[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@tribalfusion[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@vodafonegroup.122.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@wpni.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@yatra.122.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@yieldmanager[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@zedo[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\ME2XCFH5.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\R5F1YV6Z.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\S1QGVAS2.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\XBL79FIJ.txt
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.flixbuster.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.fulldls.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
 
Apart from this unwanted and harmless programs everything is OK.
TIP: You should always pay attention when installing software because often, a software installer includes optional installs, such as these Babylon or Funmoods programs. Be very careful what you agree to install. Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.


Lets run the following tools:
STEP 1: Run a scan with Security Check
<ol><li>Download&nbsp;<>Security Check</>&nbsp;from&nbsp;the below link:
<a href="http://screen317.spywareinfoforum.org/SecurityCheck.exe" target="_blank">SECURITY CHECK DOWNLOAD LINK</a> (This link will automatically download Security Check on your computer)</li>
<li>Double-click&nbsp;<>SecurityCheck.exe</></li>
<li>Follow the onscreen instructions inside of the black box.</li>
<li>A&nbsp;<>Notepad</>&nbsp;document should open automatically called&nbsp;<>checkup.txt</>; please post the contents of that document.
</ol>
<hr/>
STEP 2: Run a scan with AdwCleaner

<ol><li>Download&nbsp;AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></>&nbsp;(This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on&nbsp;<>adwcleaner.exe</>&nbsp;to run the tool.</li>
<li>Click on&nbsp;<>Delete</>,then confirm each time with&nbsp;<>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at&nbsp;<>C:\AdwCleaner[S1].txt</>&nbsp;as well.</li>
</ol>
NEXT,
<ul>
<li>Double click on&nbsp;<>adwcleaner.exe</>&nbsp;to run the tool.</li>
<li>Click on&nbsp;<>Uninstall</>.</li>
<li>Confirm with&nbsp;<>yes</>.</li>
</ul>
<hr />

STEP 3: Run a HitmanPro scan and remove any malicious file.
<ol><li>Start HitmanPro and then run a scan as you previously did.</li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click&nbsp;<>Next</>&nbsp;.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click&nbsp;<>Activate free license</>&nbsp;to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
<li> Post the HitmanPro log in your next reply</li>
</ol>
What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.Security Check log
2.AdwCleaner log
3.HitmanPro Log
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!
 
Last edited:
Dear Jack,

The logs are attached. The Hitman log is below. Everything is still running smoothly.

--John

Code: 
HitmanPro 3.6.2.174
www.hitmanpro.com

   Computer name . . . . : ATHENA
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : ATHENA\John B. Morgan IV
   License . . . . . . . : Free

   Scan date . . . . . . : 2012-11-15 22:29:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 18s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 165

   Objects scanned . . . : 1,219,286
   Files scanned . . . . : 36,181
   Remnants scanned  . . : 481,125 files / 701,980 keys

Cookies _____________________________________________________________________

   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:112.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:247realmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:7search.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:a1.interclick.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.360yield.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.doubleclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.propellerads.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.wsod.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.yieldmanager.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ad.zanox.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adbrite.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adinterax.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adlegend.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.ad4game.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.adk2.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.bluelithium.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.cnn.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.crakmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.fulldls.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.pointroll.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.pubmatic.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.torrentco.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.undertone.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ads.us.e-planning.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adserver.adreactor.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adserver.adtechus.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:adultfriendfinder.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:advertising.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:allbritton.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ar.atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:at.atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:atdmt.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:bs.serving-sys.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:burstnet.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:clickbank.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:clicksor.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:collective-media.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:d3.zedo.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:dmtracker.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ero-advertising.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:exoclick.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:fastclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:gntbcstglobal.112.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:googleads.g.doubleclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:hearstdigital.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:highbeam.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:img-cdn.mediaplex.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:in.getclicky.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ingram.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:interclick.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:invitemedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:journalregistercompany.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:kontera.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:mm.chitika.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:mtvn.112.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:myroitracking.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:network.realmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:overture.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:pointroll.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:pornhub.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:pornhublive.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:questionmarket.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:realmedia.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:revsci.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:ru4.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:saxowatertowndailytimes.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:serving-sys.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:sexad.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:specificclick.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:spylog.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:statcounter.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:stats.complex.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:stats.paypal.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:stats.townnews.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:statse.webtrendslive.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:timeinc.122.2o7.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:track.prd1.netshelter.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:tradedoubler.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:trafficmp.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:www.burstnet.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:www.pornhub.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:xiti.com
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:yadro.ru
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:yieldmanager.net
   C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\cookies.sqlite:zedo.com
   C:\Documents and Settings\John B. Morgan IV\Cookies\25MJJ0VT.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\CAEF8P09.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\CASDSVN9.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\JINY1307.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@247realmedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@a1.interclick[3].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ad.harrenmedianetwork[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ad.wsod[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ad.yieldmanager[3].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@adbrite[3].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ads.glispa[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ads.pointroll[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@adtech[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@advertise[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@advertising[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@apmebf[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@at.atwola[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@borders.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@bs.serving-sys[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@casalemedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@cdn1.trafficmp[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@chitika[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@citi.bridgetrack[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@clicksor[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@collective-media[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@content.yieldmanager[5].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@content.yieldmanager[6].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@data.coremetrics[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@dmtracker[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@eas.apm.emediate[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@ehg-eset.hitbox[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@fastclick[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@hitbox[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@interclick[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@kontera[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@media6degrees[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@mediaplex[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@microsoftsto.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@myroitracking[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@network.realmedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@oasn04.247realmedia[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@paypal.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@pointroll[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@questionmarket[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@realmedia[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@rediffcom.122.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@revsci[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@server.cpmstar[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@serving-sys[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@statcounter[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@statse.webtrendslive[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@tacoda[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@track.in.omgpm[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@trafficmp[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@tribalfusion[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@vodafonegroup.122.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@wpni.112.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@yatra.122.2o7[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@yieldmanager[1].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\john_b._morgan_iv@zedo[2].txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\ME2XCFH5.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\R5F1YV6Z.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\S1QGVAS2.txt
   C:\Documents and Settings\John B. Morgan IV\Cookies\XBL79FIJ.txt
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.flixbuster.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.fulldls.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com
   C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
 

Attachments

Good morning John,
Everything looks good,however your total fragmentation on Drive C:: is 30% ,which is very high.
I would suggest that you use a free program like Auslogics Disk Defrag Free, to defrag your computer.This will increase your computer speed and responsiveness.
You also need to update Java (or as a better advice,if you don't need this program, uninstall it from your machine as it's always a good entry point for malware) using <a title="External link" href="http://java.com/en/" rel="nofollow external"> this site</a> and clicking on <>Do I have Java</>, then download the latest version.
With the HitmanPro scan giving us the green light and unless you are having other problems, it is time to do the final steps.

STEP 1 :Remove ComboFix from your computer
<ol>
<li>Hold down the <>Windows key</> + <>R</> on your keyboard. This will display the Run dialogue box</li>
<li>In the Run box, type in <>ComboFix /Uninstall</> <em>(Notice the space between the "x" and "/")</em> then click <>OK</> <a href="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png"><img class="alignnone size-full wp-image-4129" title="Uninstall Combofix" src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png" alt="Combofix uninstall command" width="413" height="212" /></a></li>
<li>Follow the prompts on the screen</li>
<li>A message should appear confirming that ComboFix was uninstalled</li>
</ol>
<hr />
STEP 2: Remove the OTL utility from your computer

Run OTL and hit the <>CleanUp</> button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
<ol>
<li>Go to control panel</li>
<li>Select folder options (Appearance > Folder options in category view)</li>
<li>Select the View Tab.</li>
<li>Under the Hidden files and folders heading select <>Do not show hidden files and folders</>.</li>
<li>Click Yes to confirm.</li>
<li>Click OK.</li>
</ol>
<hr />
STEP 3: Delete the old restore points and ceate a new Restore Point
<ol>
<li>Go to <>Control Panel </>and select <>System </></li>
<li>Select <>System</></li>
<li>On the left select<> System Protection </>and accept the warning if you get one</li>
<li>Select <>System Protection Tab</></li>
<li>Select <>Create</> at the bottom</li>
<li>Type in a name i.e. Clean</li>
<li>Select <>Create</></li>
</ol>
<>Now we can purge the infected ones</>
<ol>
<li>Go <>Start > All programs > Accessories > system tools </></li>
<li>Right click <>Disc cleanup</> and select run as administrator</li>
<li>Select <>Your main drive</> and accept the warning if you get one</li>
<li>For a few moments the system will make some calculations</li>
<li>Select the <>More Options tab</></li>
<li>In the System <>Restore and Shadow Backups select Clean up</></li>
<li>Select <>Delete</> on the pop up</li>
<li>Select OK</li>
<li>Select Delete</li>
</ol>
<hr />
STEP 4: Clean your temporary files to gain more hard drive space and remove the junk files
<ol>
<li>Download Ccleaner from the below link:
CCLEANER DOWNLOAD LINK</a> <em>(This link will automatically download Ccleaner on your computer)</em></li>
<li>Install Ccleaner by following the prompts</li>
<li>Start Ccleaner and the following should be selected by default, if not, please select:
<img src="http://i52.tinypic.com/4l5a4i.png" alt="Posted Image" /></li>
<li>Click <img src="http://i56.tinypic.com/16jox2o.png" alt="Posted Image" /> and choose <img src="http://i40.tinypic.com/5x3nu8.gif" alt="Posted Image" /></li>
<li>Uncheck <img src="http://i51.tinypic.com/amuvj8.gif" alt="Posted Image" /></li>
<li>Then go back to <img src="http://i41.tinypic.com/2jb4qyb.gif" alt="Posted Image" /> and click <img src="http://i25.tinypic.com/nf47ev.gif" alt="Posted Image" /> to run it.</li>
<li>Exit CCleaner.</li>
</ol>


What's next?

  1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
  2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
  3. Be an active member in the MalwareTips community! :)
 
Last edited:
Dear Jack,

I'm following your instructions, but a couple of things:

1. I stupidly deleted ComboFix before I saw this (just by dropping it in the trash can). Is there still something left of it that I should uninstall? The command prompt doesn't find it.

2. When I had OTL uninstall itself, it did delete some of the software that we used, but some remains behind - the Eset installer, HitmanPro and SecurityCheck. They're not bothering me, but is that normal? Is it OK to uninstall them, and how should I go about doing so?

3. When I was attempting to follow your Step 3, when I go to Control Panel and select System I don't see System Protection anywhere.
 
Hello John,
1.You can restore Combofix from the recycle bin and then run the uninstall command.
2.Yes,you can uninstall all the tools that we've used or alternatively you can keep them on your computer (HitmanPro,Malwarebytes and ESET Online Scanner) and run regular scan with this utilities.
Security Check- can be deleted while the other programs need to be uninstalled via the Add Remove programs feature.
3.Please try this steps:
Right click your My Computer icon and select Properties. In the new window, select the System Restore tab then select the "Turn off System Restore" option. Click OK and respond to any prompts. That deletes all System Restore Points. As soon as that is done, de-select that "Turn off System Restore", and click OK.
Then create your own System Restore Point the way you normally do it.
 

You may also like...