Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet Connection Problem. Possibly caused by malware? [RESOLVED]

Started by AccidentalClick , Jul 13 2008 12:13 AM

This topic is locked

#1
AccidentalClick

Posted 13 July 2008 - 12:13 AM

Member

Member
132 posts

From the 11th (of July), my internet has been acting odd, turning off at the oddest of times, and only when I'm actually using the internet. I've contacted my ISP for assistance, but from a recommendation from another topic here, I'm going to post a HijackThis log in case this problem is caused by malware on this computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:59 AM, on 13/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Bell\Security Manager\RPS.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...amp;ibd=6070804
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: ZyAIR USB Utility.lnk = C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7296 bytes

#2
greyknight17

Posted 17 July 2008 - 10:03 AM

Malware Expert

Visiting Consultant
16,560 posts

It might not be a malware issue. Do you have another computer that you use with the same internet connection? If so, does it have similar problems?

We can run some scans to see if they find anything.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Does it matter what you are doing when it goes offline? Try disabling the firewall to see if it helps or make sure it's not blocking any of your programs access. You can also try resetting the modem/router if anything.

#3
AccidentalClick

Posted 17 July 2008 - 11:28 AM

Member

Topic Starter
Member
132 posts

My ISP contacted me recently and has stated that the problem is most likely caused by the modem, and as such, I am receiving a new one soon. So hopefully that will be resolved.

Upon scanning with my Anti-Spyware, it detected a "Grokster" spyware. I've deleted it several times, but it keeps on coming back. Any help here?

Should I still run the ATF and Panda scans?

#4
greyknight17

Posted 17 July 2008 - 02:18 PM

Malware Expert

Visiting Consultant
16,560 posts

I think that's a file sharing program. See if you can find and remove it in the Add/Remove Programs panel.

Yes, run those scans and post the logs here. That's another issue that you don't want to have. We'll see how it goes with the modem replacement.

#5
AccidentalClick

Posted 17 July 2008 - 03:52 PM

Member

Topic Starter
Member
132 posts

OK, then. I'll edit this post after running the scans. As for Grokster, I don't have a program by that name. I have Azureus Vuze, but I've had that for a while now and my Anti-Spyware never picked up spyware called Grokster until recently.

EDIT: For the Panda scan, I can't seem to follow your instructions.

- Clicking on the "Scan your PC now" (I can't see a Scan your PC button) comes up with a pop-up. The only options I see are "Scan Now", "Register" and "ENTER"

- Looking at the next options, Scan Now did have me download and install the ActiveX controls. However, it just simply proceeds to scan, and doesn't give me the option of choosing "My Computer".

A scan with Panda Security is running right now, but it's with what I just explained above.

Panda scan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-17 19:24:57
PROTECTIONS: 1
MALWARE: 23
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Windows Defender 1.1.3704.0 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@mediaplex[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@ccbill[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@yadro[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@questionmarket[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@bravenet[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@atwola[1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location �� (�}s5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description �� (�}s5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

Edited by AccidentalClick, 17 July 2008 - 05:26 PM.

#6
greyknight17

Posted 17 July 2008 - 06:15 PM

Malware Expert

Visiting Consultant
16,560 posts

That's ok...

Is Grokster still detected now? If so, where is it found by the scanner?

#7
AccidentalClick

Posted 17 July 2008 - 06:54 PM

Member

Topic Starter
Member
132 posts

Hm... Let me check.

EDIT: Still here.

Spyware Type Item Action
Grokster Registry hkey_classes_root \magnet Quarantine

Edited by AccidentalClick, 17 July 2008 - 08:10 PM.

#8
greyknight17

Posted 18 July 2008 - 03:08 PM

Malware Expert

Visiting Consultant
16,560 posts

Disable system restore and then enable it back on again to clear out all your restore points. If you don't know how to access system restore, please read here.

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

hkey_classes_root \magnet

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

How is it now?

#9
AccidentalClick

Posted 18 July 2008 - 03:17 PM

Member

Topic Starter
Member
132 posts

< hkey_classes_root \magnet >
Registry key hkey_classes_root \magnet\\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07182008_171440

Hm... Could this be because my Anti-Spyware quarantined it instead of deleting it?
Anyways, I'll run my Anti-Spyware scan again.

EDIT: Yup, still here. :/

Sympatico Security Manager Anti-Spyware
Spyware Report (18/07/2008 6:12:36 PM)

Scan Target Scanned Items Detected Spyware Items
OS (C:) 162163 0
RECOVERY (D:) 9417 0
Cookies 87 1
Registry 35963 1
Memory 13 0
Total 207643 2

Spyware Type Item Action
Grokster Registry hkey_classes_root \magnet Quarantine
quantserve.com Spyware cookie C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\game_master@quantserve[2].txt Delete

Should I delete the quarantined one and try OTMoveit2 again?

Edited by AccidentalClick, 18 July 2008 - 04:31 PM.

#10
greyknight17

Posted 18 July 2008 - 08:15 PM

Malware Expert

Visiting Consultant
16,560 posts

Delete it from the quarantine and then run the spyware scan again to see if it's still found. Try disabling system restore before you remove it from quarantine. Then run the spyware scan again to see if it's found. Enable system restore again once that's done.

#11
AccidentalClick

Posted 18 July 2008 - 08:29 PM

Member

Topic Starter
Member
132 posts

Ah, yes. I knew I forgot something last time. OK, then. System restore's off, I've deleted it, and I'm re-running a scan.

EDIT: It's... still there. Any other ideas? Or know how it could have got there in the first place?

By the way, while searching through Google, I found this:

http://answers.yahoo...25002935AAqt9m0

Are any of those links in the page reliable?

Edited by AccidentalClick, 18 July 2008 - 09:47 PM.

#12
greyknight17

Posted 19 July 2008 - 11:03 AM

Malware Expert

Visiting Consultant
16,560 posts

Yes, you may run SuperAntispyware also to see if it will remove all the remains of Grokster:

Download and install SUPERAntiSpyware at http://www.superanti...ANTISPYWAREFREE

- Run SUPERAntiSpyware and click the Check for Updates button.
- Once the update has finished, click the Scan your Computer button.
- Click on Perform Complete Scan and then click Next.
- SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
- Make sure that they all have a check next to them, and then click Next.
- Click Finish and you will be taken back to the main interface.
- It could be possible that it will ask you to reboot your computer in order to delete some files.
- I'll need a log afterwards of what has been found.
- To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
- Please post the results of the SUPERAntiSpyware log file in your next reply.

#13
AccidentalClick

Posted 19 July 2008 - 11:52 AM

Member

Topic Starter
Member
132 posts

Should this be done with System restore off and the quarantined Grokster deleted?

#14
greyknight17

Posted 19 July 2008 - 01:51 PM

Malware Expert

Visiting Consultant
16,560 posts

You may enable System Restore and empty the quarantined file. Then run the SUPERAntiSpyware scan.

#15
AccidentalClick

Posted 19 July 2008 - 03:17 PM

Member

Topic Starter
Member
132 posts

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/19/2008 at 04:56 PM

Application Version : 4.15.1000

Core Rules Database Version : 3508
Trace Rules Database Version: 1499

Scan type : Complete Scan
Total Scan Time : 00:37:32

Memory items scanned : 661
Memory threats detected : 0
Registry items scanned : 6839
Registry threats detected : 3
File items scanned : 28327
File threats detected : 56

Trojan.Media-Codec/V4
HKCR\multimediaControls.chl
HKCR\multimediaControls.chl\CLSID

Trojan.Media-Codec/V5
HKU\S-1-5-21-1719211186-386997102-2722537238-1000\Software\NetProject

Adware.Tracking Cookie
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@adultadworld[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@tribalfusion[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@mediaplex[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@serving-sys[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@xiti[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@interclick[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@adbrite[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@eyewonder[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@revsci[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@insightexpressai[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@imrworldwide[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@statcounter[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@clicktorrent[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@questionmarket[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@atwola[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@sexthe[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@atdmt[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@247realmedia[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@advertising[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@partypoker[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@bravenet[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@yadro[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@overture[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@2o7[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@kontera[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@adcentriconline[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@realmedia[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@casalemedia[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@fastclick[1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@hitbox[2].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Game Master\AppData\Roaming\Microsoft\Windows\Cookies\Low\game_master@doubleclick[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[1].txt

Now, I needed to reboot. But it took around 30 minutes to finish rebooting. Is this normal?

Also, should I re-run my other Anti-Spyware again to checK?