Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

FLV player/ rvzr-a pop ups [Solved]


  • This topic is locked This topic is locked
25 replies to this topic

#16 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 29 October 2013 - 11:51 AM

Hi ImagineDragoons,

ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push Posted Image

Graduate of the WTT Classroom
Cheers,
Jo

    Advertisements

Register to Remove


#17 ImagineDragoons

ImagineDragoons

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 30 October 2013 - 06:48 AM

C:\_OTL\MovedFiles\10282013_084328\C_ProgramData\ShoppingChip\URtUyQwA.dll a variant of Win32/Adware.MultiPlug.I application F:\Seagate Dashboard 2.0\OWNER-PC\Owner\Backup\f7b2c60e-d722-4758-8e83-5b3fc825c206\20130111_125257_OwnerInc455\C\Users\Owner\Downloads\Firefox_setup.exe a variant of Win32/Adware.iBryte.D application F:\Seagate Dashboard 2.0\OWNER-PC\Owner\Backup\f7b2c60e-d722-4758-8e83-5b3fc825c206\20131012_105255_OwnerInc2615\C\_OTL\MovedFiles\10282013_084328\C_ProgramData\ShoppingChip\URtUyQwA.dll a variant of Win32/Adware.MultiPlug.I application

#18 ImagineDragoons

ImagineDragoons

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 30 October 2013 - 06:50 AM

Also I have a lot of files on the left side of my desktop with text files with ~$ in front of them, as well as other transparent files. Should this be concerning?

#19 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 30 October 2013 - 10:57 AM

Hi ImagineDragoons,

can you post some file names of those "transparent files" which are on your desktop?


Run ESET Online Scanner again.

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Checked!
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push Posted Image


Download and run SUPERAntiSpyware Portable Scanner Personal Edition
Do not remove found threats but post the log.
Graduate of the WTT Classroom
Cheers,
Jo

#20 ImagineDragoons

ImagineDragoons

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 01 November 2013 - 12:15 PM

I was unable to find the ESET log, but upon rescanning it came up with no threas found.

 

Some of the file names read as desktop.ini (there are two of these), also there are ~$ in front of some text file name, such as ~$Resume.doc or ~$officialtranscipt.doc

 

the results of the antispyware are below:

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/01/2013 at 10:22 AM

Application Version : 5.6.1040

Core Rules Database Version : 10869
Trace Rules Database Version: 8681

Scan type       : Complete Scan
Total Scan Time : 03:04:24

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 525
Memory threats detected   : 0
Registry items scanned    : 72176
Registry threats detected : 0
File items scanned        : 92361
File threats detected     : 131

Adware.Tracking Cookie
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\VOD098GO.txt [ /pointroll.com ]
    C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.googleadservices[1].txt [ Cookie:owner@www.googleadservices.com/pagead/conversion/1070096164/ ]
    C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\900L4IBS.txt [ Cookie:owner@accounts.google.com/ ]
    C:\USERS\OWNER\Cookies\VOD098GO.txt [ Cookie:owner@pointroll.com/ ]
    mediaservices-d.openxenterprise.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    in.getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    underdog.rotator.hadj1.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    underdog.rotator.hadj1.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    underdog.rotator.hadj1.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    yorick.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    yorick.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .ad.mlnadvertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .eyeviewads.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    delivery.adseekmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    delivery.adseekmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    delivery.adseekmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    delivery.adseekmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    delivery.adseekmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    delivery.adseekmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .adlooxtracking.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    a.intentmedia.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    stats.adotube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    network.realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .oracle.112.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    track.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    mediaservices-d.openxenterprise.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SYV6L2IL.DEFAULT\COOKIES.SQLITE ]
 



#21 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 01 November 2013 - 02:48 PM

Hi ImagineDragoons,

To disable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Check the checkbox labeled Hide protected operating system files.


Did the file names read as desktop.ini (there are two of these) disappear?
 

***


1. Uninstall old versions:
Please go to Start > Control Panel > Add Remove Programs (XP)
Or Start > Control Panel > Programs and Features ( Vista | Windows 7/8 ).

Locate the following programs:
  • Adobe Reader 9, 10
Uninstall them all.

2. Update these programs:
  • Update Internet Explorer to v10
Vista | Windows 7/8 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.

3. Install these programs:
Latest Adobe Reader:
  • Go to http://get.adobe.com.../otherversions/
  • Use the drop down menu's to select your operating system
  • Select your language > Select The current version of Adobe Reader for your language
  • Remove the check mark from the box "Install Chrome as standard browser and Google Toolbar for Internet explorer"
  • Click the Download button, and follow the onscreen directions to complete the installation.
4. Restart your pc.

How the computer is running now?
Graduate of the WTT Classroom
Cheers,
Jo

#22 ImagineDragoons

ImagineDragoons

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 01 November 2013 - 07:41 PM

The computer is working a lot better now



#23 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 02 November 2013 - 03:30 AM

Hi ImagineDragoons,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:

Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL

:Commands
[emptytemp]
[clearallrestorepoints]
  • Close all other programs apart from OTL as this step may require a reboot
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Say Yes to the prompt and then allow the program to reboot your computer.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer.
  • This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/


***


Graduate of the WTT Classroom
Cheers,
Jo

#24 ImagineDragoons

ImagineDragoons

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 03 November 2013 - 02:23 PM

Thanks you so much!!



#25 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 03 November 2013 - 04:31 PM

You are very welcome, ImagineDragoons.
Glad we could help.
Graduate of the WTT Classroom
Cheers,
Jo

    Advertisements

Register to Remove


#26 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 November 2013 - 06:45 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users