www.microsoft.com virus called utillitiy tools got my other pc

View previous topic View next topic Go down

www.microsoft.com virus called utillitiy tools got my other pc

Post by xcaret on Sat 22 Jan 2011, 5:39 am

I have a another pc that this morning got a pop up saying it was from microsoft and I was under attack from a virus or something..It turns out it was a fake and they want $80 to make it go away.. I clicked on malware bytes which is on my desktop but a little way into the runscan it gets knockecd out by utility tools..OTL is the same .. even google gets shut out after several seconds ..
What shall I do ? My malware is the free version.. Oh yeah ,the virus asked me to run it which I did ,I even rebooted my pc ,so I probably got it real deep..
Neil

xcaret

Rookie Surfer
Rookie Surfer

Posts : 59
Joined : 2010-11-28
Operating System : xp

View user profile

Back to top Go down

Re: www.microsoft.com virus called utillitiy tools got my other pc

Post by Superdave on Sat 22 Jan 2011, 10:42 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**********************************************
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator


You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr

Once you've gotten one of them to run then try to immediately run the following.
***************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: www.microsoft.com virus called utillitiy tools got my other pc

Post by xcaret on Tue 25 Jan 2011, 10:03 am

Thanks for the instructions which I followed and am now using the infected pc( no longer infected)
I think was I had not updated my malwarebytes..

I copied the log as requested..Thanks again

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 01/24/2011 at 03:45 PM

Application Version : 4.48.1000

Core Rules Database Version : 6263
Trace Rules Database Version: 4075



Scan type : Complete Scan
Total Scan Time : 01:35:29

Memory items scanned : 350
Memory threats detected : 1
Registry items scanned : 5635
Registry threats detected : 18
File items scanned : 103020
File threats detected : 382

Trojan.Dropper/Win-NV
C:\WINDOWS\DEFAULT32.DLL
C:\WINDOWS\DEFAULT32.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{933E7167-F302-48C8-A4E9-19C4D4C15B3B}
HKCR\CLSID\{933E7167-F302-48C8-A4E9-19C4D4C15B3B}
HKCR\CLSID\{933E7167-F302-48C8-A4E9-19C4D4C15B3B}
HKCR\CLSID\{933E7167-F302-48C8-A4E9-19C4D4C15B3B}\InprocServer32
HKCR\CLSID\{933E7167-F302-48C8-A4E9-19C4D4C15B3B}\InprocServer32#ThreadingModel
C:\PROGRA~1\CIA\AFE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{933E7167-F302-48C8-A4E9-19C4D4C15B3B}
HKU\S-1-5-21-220523388-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{933E7167-F302-48C8-A4E9-19C4D4C15B3B}
D:\PROGRAM FILES\3WEB\AFE.DLL

Trojan.Unclassified/Helper-DD
HKLM\Software\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\InprocServer32
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\InprocServer32#ThreadingModel
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\TypeLib
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}
C:\PROGRAM FILES\SHARED\LIB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKU\S-1-5-21-220523388-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@statcounter[4].txt
C:\Documents and Settings\user\Cookies\user@tacoda.at.atwola[3].txt
C:\Documents and Settings\user\Cookies\user@yadro[3].txt
C:\Documents and Settings\user\Cookies\user@imrworldwide[5].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[8].txt
C:\Documents and Settings\user\Cookies\user@adecn[3].txt
C:\Documents and Settings\user\Cookies\user@invitemedia[5].txt
C:\Documents and Settings\user\Cookies\user@pointroll[3].txt
C:\Documents and Settings\user\Cookies\user@adbrite[1].txt
C:\Documents and Settings\user\Cookies\user@yieldmanager[4].txt
C:\Documents and Settings\user\Cookies\user@traveladvertising[1].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[11].txt
C:\Documents and Settings\user\Cookies\user@ru4[3].txt
C:\Documents and Settings\user\Cookies\user@apmebf[4].txt
C:\Documents and Settings\user\Cookies\user@adinterax[3].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[11].txt
C:\Documents and Settings\user\Cookies\user@bdsm[1].txt
C:\Documents and Settings\user\Cookies\user@adcentriconline[8].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[4].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[6].txt
C:\Documents and Settings\user\Cookies\user@adserver.adtechus[3].txt
C:\Documents and Settings\user\Cookies\user@questionmarket[4].txt
C:\Documents and Settings\user\Cookies\user@casalemedia[6].txt
C:\Documents and Settings\user\Cookies\user@collective-media[2].txt
C:\Documents and Settings\user\Cookies\user@atdmt[4].txt
C:\Documents and Settings\user\Cookies\user@bellcan.adbureau[5].txt
C:\Documents and Settings\user\Cookies\user@ads.pubmatic[2].txt
C:\Documents and Settings\user\Cookies\user@bellglobemediapublishing.122.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt
C:\Documents and Settings\user\Cookies\user@at.atwola[1].txt
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[3].txt
C:\Documents and Settings\user\Cookies\user@ad.wsod[3].txt
C:\Documents and Settings\user\Cookies\user@advertise[1].txt
C:\Documents and Settings\user\Cookies\user@user.lucidmedia[2].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[5].txt
C:\Documents and Settings\user\Cookies\user@CA27AVQ6.txt
C:\Documents and Settings\user\Cookies\user@mediaplex[7].txt
C:\Documents and Settings\user\Cookies\user@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\user\Cookies\user@trvlnet.adbureau[2].txt
C:\Documents and Settings\user\Cookies\user@advertising[6].txt
a.ads2.msads.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
ads2.msads.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
b.ads2.msads.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
cdn4.specificclick.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
ia.media-imdb.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
media.mtvnservices.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
media.scanscout.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
msntest.serving-sys.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
s0.2mdn.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
secure-us.imrworldwide.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\EN9VRXGS ]
C:\Documents and Settings\user\Cookies\user@247realmedia[1].txt
C:\Documents and Settings\user\Cookies\user@247realmedia[3].txt
C:\Documents and Settings\user\Cookies\user@2o7[1].txt
C:\Documents and Settings\user\Cookies\user@2o7[2].txt
C:\Documents and Settings\user\Cookies\user@2o7[4].txt
C:\Documents and Settings\user\Cookies\user@a1.interclick[1].txt
C:\Documents and Settings\user\Cookies\user@ad.adsplashmedia[1].txt
C:\Documents and Settings\user\Cookies\user@ad.wsod[2].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[3].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[4].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[5].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[6].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[7].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[8].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[9].txt
C:\Documents and Settings\user\Cookies\user@adbrite[2].txt
C:\Documents and Settings\user\Cookies\user@adbrite[3].txt
C:\Documents and Settings\user\Cookies\user@adcentriconline[1].txt
C:\Documents and Settings\user\Cookies\user@adcentriconline[2].txt
C:\Documents and Settings\user\Cookies\user@adcentriconline[3].txt
C:\Documents and Settings\user\Cookies\user@adcentriconline[4].txt
C:\Documents and Settings\user\Cookies\user@adcentriconline[5].txt
C:\Documents and Settings\user\Cookies\user@adcentriconline[7].txt
C:\Documents and Settings\user\Cookies\user@adclickvalidation[1].txt
C:\Documents and Settings\user\Cookies\user@adecn[1].txt
C:\Documents and Settings\user\Cookies\user@adecn[2].txt
C:\Documents and Settings\user\Cookies\user@adinterax[1].txt
C:\Documents and Settings\user\Cookies\user@adinterax[2].txt
C:\Documents and Settings\user\Cookies\user@adinterax[4].txt
C:\Documents and Settings\user\Cookies\user@adinterax[5].txt
C:\Documents and Settings\user\Cookies\user@adlegend[1].txt
C:\Documents and Settings\user\Cookies\user@adlegend[2].txt
C:\Documents and Settings\user\Cookies\user@admarketplace[1].txt
C:\Documents and Settings\user\Cookies\user@adply.plymedia[1].txt
C:\Documents and Settings\user\Cookies\user@ads.ad4game[1].txt
C:\Documents and Settings\user\Cookies\user@ads.ad4game[2].txt
C:\Documents and Settings\user\Cookies\user@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\user\Cookies\user@ads.cpxcenter[2].txt
C:\Documents and Settings\user\Cookies\user@ads.fulldls[1].txt
C:\Documents and Settings\user\Cookies\user@ads.intergi[1].txt
C:\Documents and Settings\user\Cookies\user@ads.networldmedia[2].txt
C:\Documents and Settings\user\Cookies\user@ads.networldmedia[3].txt
C:\Documents and Settings\user\Cookies\user@ads.pointroll[1].txt
C:\Documents and Settings\user\Cookies\user@ads.pubmatic[1].txt
C:\Documents and Settings\user\Cookies\user@ads.quixsurf[1].txt
C:\Documents and Settings\user\Cookies\user@ads.quixsurf[2].txt
C:\Documents and Settings\user\Cookies\user@ads.quixsurf[3].txt
C:\Documents and Settings\user\Cookies\user@ads.quixsurf[5].txt
C:\Documents and Settings\user\Cookies\user@ads.quixsurf[6].txt
C:\Documents and Settings\user\Cookies\user@ads.undertone[2].txt
C:\Documents and Settings\user\Cookies\user@adserver.adtechus[1].txt
C:\Documents and Settings\user\Cookies\user@adserver.adtechus[2].txt
C:\Documents and Settings\user\Cookies\user@adserver.adtechus[4].txt
C:\Documents and Settings\user\Cookies\user@adserving[2].txt
C:\Documents and Settings\user\Cookies\user@adsplashmedia[1].txt
C:\Documents and Settings\user\Cookies\user@adtech[1].txt
C:\Documents and Settings\user\Cookies\user@adultfriendfinder[2].txt
C:\Documents and Settings\user\Cookies\user@advertising[1].txt
C:\Documents and Settings\user\Cookies\user@advertising[2].txt
C:\Documents and Settings\user\Cookies\user@advertising[3].txt
C:\Documents and Settings\user\Cookies\user@advertising[5].txt
C:\Documents and Settings\user\Cookies\user@adxpose[1].txt
C:\Documents and Settings\user\Cookies\user@airmilesrewardprogram.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@airmilesrewardprogram.112.2o7[2].txt
C:\Documents and Settings\user\Cookies\user@airmilesrewardprogram.112.2o7[3].txt
C:\Documents and Settings\user\Cookies\user@amex-insights[2].txt
C:\Documents and Settings\user\Cookies\user@apmebf[1].txt
C:\Documents and Settings\user\Cookies\user@apmebf[2].txt
C:\Documents and Settings\user\Cookies\user@apmebf[3].txt
C:\Documents and Settings\user\Cookies\user@apmebf[5].txt
C:\Documents and Settings\user\Cookies\user@at.atwola[2].txt
C:\Documents and Settings\user\Cookies\user@at.atwola[3].txt
C:\Documents and Settings\user\Cookies\user@atdmt[1].txt
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
C:\Documents and Settings\user\Cookies\user@atdmt[3].txt
C:\Documents and Settings\user\Cookies\user@azjmp[2].txt
C:\Documents and Settings\user\Cookies\user@banners.tribute[2].txt
C:\Documents and Settings\user\Cookies\user@beacon.dmsinsights[2].txt
C:\Documents and Settings\user\Cookies\user@bellcan.adbureau[2].txt
C:\Documents and Settings\user\Cookies\user@bellcan.adbureau[3].txt
C:\Documents and Settings\user\Cookies\user@bellcan.adbureau[4].txt
C:\Documents and Settings\user\Cookies\user@bizrate[1].txt
C:\Documents and Settings\user\Cookies\user@bluestreak[2].txt
C:\Documents and Settings\user\Cookies\user@bridge1.admarketplace[1].txt
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[2].txt
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[4].txt
C:\Documents and Settings\user\Cookies\user@burstnet[2].txt
C:\Documents and Settings\user\Cookies\user@canoe.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@casalemedia[1].txt
C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt
C:\Documents and Settings\user\Cookies\user@casalemedia[3].txt
C:\Documents and Settings\user\Cookies\user@casalemedia[5].txt
C:\Documents and Settings\user\Cookies\user@cbspressexpress[1].txt
C:\Documents and Settings\user\Cookies\user@cdn4.specificclick[1].txt
C:\Documents and Settings\user\Cookies\user@chitika[1].txt
C:\Documents and Settings\user\Cookies\user@chitika[2].txt
C:\Documents and Settings\user\Cookies\user@click2go[1].txt
C:\Documents and Settings\user\Cookies\user@clickbank[1].txt
C:\Documents and Settings\user\Cookies\user@clicksor[1].txt
C:\Documents and Settings\user\Cookies\user@clicksor[2].txt
C:\Documents and Settings\user\Cookies\user@clicksor[4].txt
C:\Documents and Settings\user\Cookies\user@collective-media[1].txt
C:\Documents and Settings\user\Cookies\user@collective-media[3].txt
C:\Documents and Settings\user\Cookies\user@collective-media[4].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[2].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[3].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[5].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[6].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[7].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[8].txt
C:\Documents and Settings\user\Cookies\user@content.yieldmanager[9].txt
C:\Documents and Settings\user\Cookies\user@cts.metricsdirect[2].txt
C:\Documents and Settings\user\Cookies\user@cts.zroitracker[2].txt
C:\Documents and Settings\user\Cookies\user@ctv.122.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@dealfind[1].txt
C:\Documents and Settings\user\Cookies\user@dmtracker[1].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[3].txt
C:\Documents and Settings\user\Cookies\user@edge.ru4[1].txt
C:\Documents and Settings\user\Cookies\user@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\user\Cookies\user@ehg-tfl.hitbox[1].txt
C:\Documents and Settings\user\Cookies\user@enhance[2].txt
C:\Documents and Settings\user\Cookies\user@f.blogads[2].txt
C:\Documents and Settings\user\Cookies\user@fastclick[1].txt
C:\Documents and Settings\user\Cookies\user@fastclick[2].txt
C:\Documents and Settings\user\Cookies\user@fastclick[3].txt
C:\Documents and Settings\user\Cookies\user@fastclick[4].txt
C:\Documents and Settings\user\Cookies\user@fastclick[5].txt
C:\Documents and Settings\user\Cookies\user@frostclick[2].txt
C:\Documents and Settings\user\Cookies\user@gaytrafficbroker[2].txt
C:\Documents and Settings\user\Cookies\user@gostats[2].txt
C:\Documents and Settings\user\Cookies\user@hitbox[2].txt
C:\Documents and Settings\user\Cookies\user@hitbox[3].txt
C:\Documents and Settings\user\Cookies\user@hornymatches[2].txt
C:\Documents and Settings\user\Cookies\user@ice.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@imrworldwide[2].txt
C:\Documents and Settings\user\Cookies\user@imrworldwide[3].txt
C:\Documents and Settings\user\Cookies\user@imrworldwide[4].txt
C:\Documents and Settings\user\Cookies\user@incentaclick[2].txt
C:\Documents and Settings\user\Cookies\user@insightexpressai[2].txt
C:\Documents and Settings\user\Cookies\user@interclick[2].txt
C:\Documents and Settings\user\Cookies\user@interclick[3].txt
C:\Documents and Settings\user\Cookies\user@intermundomedia[1].txt
C:\Documents and Settings\user\Cookies\user@invitemedia[1].txt
C:\Documents and Settings\user\Cookies\user@invitemedia[2].txt
C:\Documents and Settings\user\Cookies\user@invitemedia[4].txt
C:\Documents and Settings\user\Cookies\user@kanoodle[1].txt
C:\Documents and Settings\user\Cookies\user@kontera[2].txt
C:\Documents and Settings\user\Cookies\user@kontera[3].txt
C:\Documents and Settings\user\Cookies\user@legolas-media[2].txt
C:\Documents and Settings\user\Cookies\user@lfstmedia[1].txt
C:\Documents and Settings\user\Cookies\user@lfstmedia[2].txt
C:\Documents and Settings\user\Cookies\user@linksynergy[1].txt
C:\Documents and Settings\user\Cookies\user@linksynergy[2].txt
C:\Documents and Settings\user\Cookies\user@linksynergy[3].txt
C:\Documents and Settings\user\Cookies\user@livenation.122.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@liveperson[1].txt
C:\Documents and Settings\user\Cookies\user@liveperson[3].txt
C:\Documents and Settings\user\Cookies\user@lonelyplanet.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@media.photobucket[1].txt
C:\Documents and Settings\user\Cookies\user@media.photobucket[3].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[1].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[2].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[3].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[4].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[5].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[2].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[3].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[4].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[5].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[6].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[8].txt
C:\Documents and Settings\user\Cookies\user@metroleap.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\user\Cookies\user@microsoftmachinetranslation.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@microsoftmachinetranslation.112.2o7[2].txt
C:\Documents and Settings\user\Cookies\user@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@microsoftwindows.112.2o7[2].txt
C:\Documents and Settings\user\Cookies\user@movieticketscom.122.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@msnbc.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[2].txt
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[3].txt
C:\Documents and Settings\user\Cookies\user@myroitracking[1].txt
C:\Documents and Settings\user\Cookies\user@myroitracking[3].txt
C:\Documents and Settings\user\Cookies\user@mywebsearch[1].txt
C:\Documents and Settings\user\Cookies\user@mywebsearch[2].txt
C:\Documents and Settings\user\Cookies\user@mywebsearch[3].txt
C:\Documents and Settings\user\Cookies\user@networldmedia[1].txt
C:\Documents and Settings\user\Cookies\user@oasc05.247realmedia[1].txt
C:\Documents and Settings\user\Cookies\user@oasc17.247realmedia[1].txt
C:\Documents and Settings\user\Cookies\user@olympus.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@overture[1].txt
C:\Documents and Settings\user\Cookies\user@partypoker[1].txt
C:\Documents and Settings\user\Cookies\user@partypoker[2].txt
C:\Documents and Settings\user\Cookies\user@paypal.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@pointroll[1].txt
C:\Documents and Settings\user\Cookies\user@popularscreensavers[2].txt
C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt
C:\Documents and Settings\user\Cookies\user@questionmarket[3].txt
C:\Documents and Settings\user\Cookies\user@rbc.bridgetrack[2].txt
C:\Documents and Settings\user\Cookies\user@realmedia[2].txt
C:\Documents and Settings\user\Cookies\user@revenue[2].txt
C:\Documents and Settings\user\Cookies\user@revsci[1].txt
C:\Documents and Settings\user\Cookies\user@revsci[2].txt
C:\Documents and Settings\user\Cookies\user@revsci[3].txt
C:\Documents and Settings\user\Cookies\user@revsci[4].txt
C:\Documents and Settings\user\Cookies\user@rotator.adjuggler[1].txt
C:\Documents and Settings\user\Cookies\user@rotator.adjuggler[2].txt
C:\Documents and Settings\user\Cookies\user@rts.pgmediaserve[1].txt
C:\Documents and Settings\user\Cookies\user@ru4[1].txt
C:\Documents and Settings\user\Cookies\user@sales.liveperson[2].txt
C:\Documents and Settings\user\Cookies\user@searsca.122.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@service.liveperson[2].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[3].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[4].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[5].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[7].txt
C:\Documents and Settings\user\Cookies\user@seth.avazutracking[1].txt
C:\Documents and Settings\user\Cookies\user@smartadserver[1].txt
C:\Documents and Settings\user\Cookies\user@smartadserver[2].txt
C:\Documents and Settings\user\Cookies\user@specificclick[1].txt
C:\Documents and Settings\user\Cookies\user@specificmedia[1].txt
C:\Documents and Settings\user\Cookies\user@statcounter[1].txt
C:\Documents and Settings\user\Cookies\user@statcounter[2].txt
C:\Documents and Settings\user\Cookies\user@statcounter[3].txt
C:\Documents and Settings\user\Cookies\user@statcounter[5].txt
C:\Documents and Settings\user\Cookies\user@stats.paypal[2].txt
C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[2].txt
C:\Documents and Settings\user\Cookies\user@sympatico.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@tacoda.at.atwola[1].txt
C:\Documents and Settings\user\Cookies\user@tacoda[1].txt
C:\Documents and Settings\user\Cookies\user@tacoda[3].txt
C:\Documents and Settings\user\Cookies\user@the-best-track[1].txt
C:\Documents and Settings\user\Cookies\user@theclickcheck[1].txt
C:\Documents and Settings\user\Cookies\user@torstardigital.122.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@torstardigital.122.2o7[2].txt
C:\Documents and Settings\user\Cookies\user@track.worldredirect[2].txt
C:\Documents and Settings\user\Cookies\user@tracking.servedbyy[2].txt
C:\Documents and Settings\user\Cookies\user@tracking1.aleadpay[2].txt
C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[3].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[4].txt
C:\Documents and Settings\user\Cookies\user@user.lucidmedia[1].txt
C:\Documents and Settings\user\Cookies\user@viacom.adbureau[2].txt
C:\Documents and Settings\user\Cookies\user@videoegg.adbureau[2].txt
C:\Documents and Settings\user\Cookies\user@vitamine.networldmedia[1].txt
C:\Documents and Settings\user\Cookies\user@walmart.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@walmart.112.2o7[2].txt
C:\Documents and Settings\user\Cookies\user@wt.xxxmatch[1].txt
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@[You must be registered and logged in to see this link.]
C:\Documents and Settings\user\Cookies\user@xiti[1].txt
C:\Documents and Settings\user\Cookies\user@xxxmatch[1].txt
C:\Documents and Settings\user\Cookies\user@yadro[1].txt
C:\Documents and Settings\user\Cookies\user@yadro[2].txt
C:\Documents and Settings\user\Cookies\user@yahoogroups.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@yieldmanager[2].txt
C:\Documents and Settings\user\Cookies\user@yieldmanager[3].txt
C:\Documents and Settings\user\Cookies\user@zedo[1].txt
C:\Documents and Settings\user\Cookies\user@zedo[2].txt

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-220523388-1292428093-725345543-1003\Software\Microsoft\Internet Explorer\Main#Start Page [ [You must be registered and logged in to see this link.] ]

Malware.Trace
HKU\S-1-5-21-220523388-1292428093-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\CIA\AFE.DLL
D:\PROGRAM FILES\CIA\AFE.DLL

Adware.Zwangi
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\QUESTBRWSEARCH\QUESTBROWSE121.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUESTBRWSEARCH\QUESTBRWSEARCH.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP151\A0057546.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP151\A0057550.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP157\A0065000.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP157\A0065017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP158\A0066099.EXE

Adware.Zango-Heur
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.637.0\CLICKPOTATOLITESA.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.637.0\CLICKPOTATOLITESAAX.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.637.0\CLICKPOTATOLITEUNINSTALLER.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP157\A0065010.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP157\A0065011.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP157\A0065014.EXE

Rootkit.Agent/Gen-TDSS
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUESTBRWSEARCH\QUESTBRWSEARCH.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP151\A0057549.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP157\A0065016.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP158\A0066100.DLL

Trojan.Agent/Gen-FraudLoad
C:\QOOBOX\QUARANTINE\C\WINDOWS\MSYUV.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP157\A0065020.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP133\A0041058.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP133\A0041059.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP156\A0060858.DLL

Trojan.Agent/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP153\A0057677.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP158\A0065454.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6AF3156-9710-4E1A-99F4-677B8AC0C31E}\RP158\A0065456.EXE
C:\WINDOWS\SYSTEM32\0241465664C5885F7A88FFF01D380BF6\B\BINT1

Trojan.Agent/Gen-Fake[MSYuv]
C:\WINDOWS\MSYUV.DLL

Adware.Generic
D:\PROGRAM FILES\DOUBLED\GAMINGHARBOR TOOLBAR\4.1.4.20920\PRODUCTINFO.DLL
D:\PROGRAM FILES\DOUBLED\GAMINGHARBOR TOOLBAR\4.1.4.20920\STBAPP.DLL
D:\PROGRAM FILES\DOUBLED\GAMINGHARBOR TOOLBAR\4.1.4.20920\STBAPP.EXE
D:\PROGRAM FILES\DOUBLED\GAMINGHARBOR TOOLBAR\4.1.4.20920\STBAPPHELPER.EXE
D:\PROGRAM FILES\DOUBLED\GAMINGHARBOR TOOLBAR\4.1.4.20920\STBIE.DLL

D:\PROGRAM FILES\INTERNET SAVING OPTIMIZER\3.6.0.4470\NPIEADDON.DLL
D:\PROGRAM FILES\MEDIA ACCESS STARTUP\1.5.0.850\HPIEADDON.DLL

Adware.DoubleD
D:\PROGRAM FILES\DOUBLED\GAMINGHARBOR TOOLBAR\4.1.4.20920\STBSVC.EXE

xcaret

Rookie Surfer
Rookie Surfer

Posts : 59
Joined : 2010-11-28
Operating System : xp

View user profile

Back to top Go down

Re: www.microsoft.com virus called utillitiy tools got my other pc

Post by Superdave on Tue 25 Jan 2011, 10:20 am

I still need the MBAM log.
I'm required to give you this information whenever a rootkit is found on the computer.


It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do
It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?

[You must be registered and logged in to see this link.]

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.
**************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: www.microsoft.com virus called utillitiy tools got my other pc

Post by Sponsored content Today at 11:00 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum