Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member Jadyn's Avatar
    Join Date
    Apr 2004
    Posts
    89
    Points
    2

    Default Computer refuses to restart properly again and I think it may still be infected

    Hey Again,
    I was here around Feb 5th and all seemed to be working ok for a number of weeks until my computer wouldn't restart again. I didn't think I had any virus's but I decided to run Malware and it came up with trojans. So I started from the top and did all it states to do on spyware and getting stuff done so I can post here. I did a few of the steps a few times because I could not find the logs or where they saved on my computer. I finally have everything that was asked for so I'm posting. Biggest problem again seems to be that my computer doesn't want to restart properly. I've noticed no other big issues but my computer seems to be running pretty slow. Hope you can help me again,

    Jadyn

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 03/24/2013 at 10:29 PM

    Application Version : 5.6.1014

    Core Rules Database Version : 10176
    Trace Rules Database Version: 7988

    Scan type : Complete Scan
    Total Scan Time : 01:53:49

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC Off - Administrator

    Memory items scanned : 808
    Memory threats detected : 0
    Registry items scanned : 38805
    Registry threats detected : 0
    File items scanned : 63113
    File threats detected : 256

    Adware.Tracking Cookie
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\1MFC97ZR.txt [ /mediaplex.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\53EHZA2Q.txt [ /mm.chitika.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\XV0FD1KE.txt [ /countrymusic.about.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\K1W6AFPQ.txt [ /liveperson.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\X4B0BIYF.txt [ /media.mercola.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\SVBLIUFK.txt [ /atdmt.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\5KLEK8UH.txt [ /imrworldwide.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\47M6X8JF.txt [ /statcounter.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\0GFRJNRA.txt [ /liveperson.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\FZHDJCXT.txt [ /microsoftwindows.112.2o7.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\8OK4OON3.txt [ /questionmarket.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\RX0RLJYM.txt [ /serving-sys.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\Z45UANT2.txt [ /www.googleadservices.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\SPXSKDI2.txt [ /tribalfusion.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\C8C2GGZR.txt [ /collective-media.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\RX8JD4U3.txt [ /invitemedia.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\FUAZHWQI.txt [ /revsci.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\UPPJEFFD.txt [ /www.googleadservices.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\81SR2GHL.txt [ /server.iad.liveperson.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\MGVUEPQP.txt [ /advertising.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\M8W9Y817.txt [ /clickbooth.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\3GZROIJ3.txt [ /ad.360yield.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\TN9G3BPG.txt [ /casalemedia.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\H5PPM3NI.txt [ /pro-market.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\3XQ7W038.txt [ /doubleclick.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\L26UW6FH.txt [ /media6degrees.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\9UU56GFI.txt [ /fastclick.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\SHYW2K5F.txt [ /ad.yieldmanager.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\9SXVG12B.txt [ /adtech.de ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\K20WCJDS.txt [ /accounts.google.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\YGMRW91M.txt [ /ads.pubmatic.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\A6WCAAO4.txt [ /ru4.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\SCYQGJT4.txt [ /dmtracker.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\ZQKGPWWI.txt [ /c.atdmt.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\4NF8R88I.txt [ /specificclick.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\JOPPDTC3.txt [ /track.adform.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\S6QG3FPA.txt [ /ads.justpremium.nl ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\8LXOLCBS.txt [ /2o7.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\DN6RSO2H.txt [ /pointroll.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\RG7DFATX.txt [ /kontera.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\P8WQ0M9W.txt [ /apmebf.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\0U0DRHKQ.txt [ /ar.atwola.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\X4CS0YLN.txt [ /ads.p161.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\M2M765O5.txt [ /stats.royalbank.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\JXSN8337.txt [ /at.atwola.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\L0B057B1.txt [ /zedo.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\A910RTE1.txt [ /histats.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\9J1IWD8W.txt [ /ads.xtra.ca ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\56ZFJ64N.txt [ /rbc.bridgetrack.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\NFQELQC2.txt [ /shawtelevision.112.2o7.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\WSG4TZB1.txt [ /statse.webtrendslive.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\UOPK3ULC.txt [ /adtechus.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\8LHLNX8M.txt [ /atwola.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\UXDEPHXE.txt [ /sexad.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\V01K03H8.txt [ /in.getclicky.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\YQLWF3ES.txt [ /tacoda.at.atwola.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\3MO30SJL.txt [ /ads.pointroll.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\UO7S1TXZ.txt [ /saymedia.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\5VEA22DB.txt [ /ad.mlnadvertising.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\HYOK03NK.txt [ /h.atdmt.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\9OX77DAD.txt [ /c1.atdmt.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\90JHVL9G.txt [ /histats.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\LUON5N90.txt [ /ads.pinktriangle.ca ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\2UT4X2HX.txt [ /legolas-media.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\4ZXW9JUC.txt [ /247realmedia.com ]
    C:\USERS\MELODY\AppData\Roaming\Microsoft\Windows\Cookies\WNDCFSC2.txt [ Cookie:melody@adsonar.com/adserving ]
    C:\USERS\MELODY\AppData\Roaming\Microsoft\Windows\Cookies\2I87FIHN.txt [ Cookie:melody@trc.taboola.com/postmedia-vancouversun/ ]
    C:\USERS\MELODY\AppData\Roaming\Microsoft\Windows\Cookies\F6YQ0Q7V.txt [ Cookie:melody@clkads.com/adServe ]
    C:\USERS\MELODY\Cookies\1MFC97ZR.txt [ Cookie:melody@mediaplex.com/ ]
    C:\USERS\MELODY\Cookies\53EHZA2Q.txt [ Cookie:melody@mm.chitika.net/ ]
    C:\USERS\MELODY\Cookies\XV0FD1KE.txt [ Cookie:melody@countrymusic.about.com/ ]
    C:\USERS\MELODY\Cookies\K1W6AFPQ.txt [ Cookie:melody@liveperson.net/hc/19452074 ]
    C:\USERS\MELODY\Cookies\X4B0BIYF.txt [ Cookie:melody@media.mercola.com/ ]
    C:\USERS\MELODY\Cookies\SVBLIUFK.txt [ Cookie:melody@atdmt.com/ ]
    C:\USERS\MELODY\Cookies\5KLEK8UH.txt [ Cookie:melody@imrworldwide.com/cgi-bin ]
    C:\USERS\MELODY\Cookies\47M6X8JF.txt [ Cookie:melody@statcounter.com/ ]
    C:\USERS\MELODY\Cookies\8OK4OON3.txt [ Cookie:melody@questionmarket.com/ ]
    C:\USERS\MELODY\Cookies\RX8JD4U3.txt [ Cookie:melody@invitemedia.com/ ]
    C:\USERS\MELODY\Cookies\FUAZHWQI.txt [ Cookie:melody@revsci.net/ ]
    C:\USERS\MELODY\Cookies\UPPJEFFD.txt [ Cookie:melody@www.googleadservices.com/pagead/conversion/1015076955/ ]
    C:\USERS\MELODY\Cookies\81SR2GHL.txt [ Cookie:melody@server.iad.liveperson.net/ ]
    C:\USERS\MELODY\Cookies\MGVUEPQP.txt [ Cookie:melody@advertising.com/ ]
    C:\USERS\MELODY\Cookies\M8W9Y817.txt [ Cookie:melody@clickbooth.com/ ]
    C:\USERS\MELODY\Cookies\TN9G3BPG.txt [ Cookie:melody@casalemedia.com/ ]
    C:\USERS\MELODY\Cookies\L26UW6FH.txt [ Cookie:melody@media6degrees.com/ ]
    C:\USERS\MELODY\Cookies\WNDCFSC2.txt [ Cookie:melody@adsonar.com/adserving ]
    C:\USERS\MELODY\Cookies\9SXVG12B.txt [ Cookie:melody@adtech.de/ ]
    C:\USERS\MELODY\Cookies\K20WCJDS.txt [ Cookie:melody@accounts.google.com/ ]
    C:\USERS\MELODY\Cookies\A6WCAAO4.txt [ Cookie:melody@ru4.com/ ]
    C:\USERS\MELODY\Cookies\SCYQGJT4.txt [ Cookie:melody@dmtracker.com/ ]
    C:\USERS\MELODY\Cookies\ZQKGPWWI.txt [ Cookie:melody@c.atdmt.com/ ]
    C:\USERS\MELODY\Cookies\2I87FIHN.txt [ Cookie:melody@trc.taboola.com/postmedia-vancouversun/ ]
    C:\USERS\MELODY\Cookies\8LXOLCBS.txt [ Cookie:melody@2o7.net/ ]
    C:\USERS\MELODY\Cookies\DN6RSO2H.txt [ Cookie:melody@pointroll.com/ ]
    C:\USERS\MELODY\Cookies\RG7DFATX.txt [ Cookie:melody@kontera.com/ ]
    C:\USERS\MELODY\Cookies\P8WQ0M9W.txt [ Cookie:melody@apmebf.com/ ]
    C:\USERS\MELODY\Cookies\0U0DRHKQ.txt [ Cookie:melody@ar.atwola.com/ ]
    C:\USERS\MELODY\Cookies\M2M765O5.txt [ Cookie:melody@stats.royalbank.com/ ]
    C:\USERS\MELODY\Cookies\F6YQ0Q7V.txt [ Cookie:melody@clkads.com/adServe ]
    C:\USERS\MELODY\Cookies\JXSN8337.txt [ Cookie:melody@at.atwola.com/ ]
    C:\USERS\MELODY\Cookies\56ZFJ64N.txt [ Cookie:melody@rbc.bridgetrack.com/ ]
    C:\USERS\MELODY\Cookies\8LHLNX8M.txt [ Cookie:melody@atwola.com/ ]
    C:\USERS\MELODY\Cookies\UXDEPHXE.txt [ Cookie:melody@sexad.net/ ]
    C:\USERS\MELODY\Cookies\V01K03H8.txt [ Cookie:melody@in.getclicky.com/ ]
    C:\USERS\MELODY\Cookies\3MO30SJL.txt [ Cookie:melody@ads.pointroll.com/ ]
    C:\USERS\MELODY\Cookies\UO7S1TXZ.txt [ Cookie:melody@saymedia.com/ ]
    C:\USERS\MELODY\Cookies\5VEA22DB.txt [ Cookie:melody@ad.mlnadvertising.com/ ]
    C:\USERS\MELODY\Cookies\HYOK03NK.txt [ Cookie:melody@h.atdmt.com/ ]
    C:\USERS\MELODY\Cookies\90JHVL9G.txt [ Cookie:melody@histats.com/stats/ ]
    C:\USERS\MELODY\Cookies\2UT4X2HX.txt [ Cookie:melody@legolas-media.com/ ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adxpose.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.mlnadvertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yieldmanager.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nextag.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bravenet.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    network.realmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adfarm1.adition.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dmtracker.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .BurstMedia [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nextag.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    srv1.okramedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    BurstMedia [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    BurstMedia [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    BurstMedia [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MELODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 03/25/2013 at 11:06 AM

    Application Version : 5.6.1014

    Core Rules Database Version : 10176
    Trace Rules Database Version: 7988

    Scan type : Complete Scan
    Total Scan Time : 01:34:10

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC Off - Administrator

    Memory items scanned : 840
    Memory threats detected : 0
    Registry items scanned : 38796
    Registry threats detected : 0
    File items scanned : 63350
    File threats detected : 23

    Adware.Tracking Cookie
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\ACZPBBDT.txt [ /mediaplex.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\QU07AZ5L.txt [ /liveperson.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\0MRGYJI1.txt [ /liveperson.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\6R2ORRPW.txt [ /serving-sys.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\BGVSO0I2.txt [ /apmebf.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\BSQYMV7E.txt [ /invitemedia.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\R19IXA3V.txt [ /www.googleadservices.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\1N3N0FVY.txt [ /server.iad.liveperson.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\CWSSRI59.txt [ /doubleclick.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\C2XKN6AJ.txt [ /ad.yieldmanager.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\FYEWZW2X.txt [ /specificclick.net ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\G57MMLNW.txt [ /www.googleadservices.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\1X3OWMJ9.txt [ /ad.mlnadvertising.com ]
    C:\Users\Melody\AppData\Roaming\Microsoft\Windows\Cookies\WVF7238N.txt [ /mediaforge.com ]
    C:\USERS\MELODY\Cookies\ACZPBBDT.txt [ Cookie:melody@mediaplex.com/ ]
    C:\USERS\MELODY\Cookies\QU07AZ5L.txt [ Cookie:melody@liveperson.net/hc/19452074 ]
    C:\USERS\MELODY\Cookies\BGVSO0I2.txt [ Cookie:melody@apmebf.com/ ]
    C:\USERS\MELODY\Cookies\BSQYMV7E.txt [ Cookie:melody@invitemedia.com/ ]
    C:\USERS\MELODY\Cookies\R19IXA3V.txt [ Cookie:melody@www.googleadservices.com/pagead/conversion/988770145/ ]
    C:\USERS\MELODY\Cookies\1N3N0FVY.txt [ Cookie:melody@server.iad.liveperson.net/ ]
    C:\USERS\MELODY\Cookies\G57MMLNW.txt [ Cookie:melody@www.googleadservices.com/pagead/conversion/990014665/ ]
    C:\USERS\MELODY\Cookies\1X3OWMJ9.txt [ Cookie:melody@ad.mlnadvertising.com/ ]
    C:\USERS\MELODY\Cookies\WVF7238N.txt [ Cookie:melody@mediaforge.com/ ]


    Malwarebytes Anti-Malware 1.70.0.1100
    Malwarebytes : Free anti-malware download

    Database version: v2013.03.25.13

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Melody :: MELODY-PC [administrator]

    25/03/2013 2:12:04 PM
    mbam-log-2013-03-25 (14-12-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213690
    Time elapsed: 16 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:33:48 PM, on 25/03/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16470)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Windows\System32\ICO.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Users\Melody\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_56F414BD211ED8A2E3D82E3E8FAC8E1A] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Update Service (gupdate1c9a1a2fb5ba039) (gupdate1c9a1a2fb5ba039) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11094 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    decided to run Malware and it came up with trojans.
    I don't see any Trojans. Can you tell us what program found them and what the names are?

    doesn't want to restart properly.
    Please describe that in more detail, like are there errors, or it takes a long time to restart etc.

    Joe

  3. #3
    Member Jadyn's Avatar
    Join Date
    Apr 2004
    Posts
    89
    Points
    2

    Default

    Joe,
    Below is my first Malware log where it showed trojan's. I ran this just checking to see if I had any red flags, I didn't expect to see trojan's after just cleaning my computer last month. When I say my computer will not restart this is what I mean. I can shut my computer down completely and press the start button and it will start up. However if I click restart it will not restart, it just shuts down. It's like it tries to restart but then it just shuts off. So I'm not sure what's going on. There are no real errors however when it won't restart, and I have to start it by the button..I will get the notice coming up "your computer failed to restart"...then it goes into checking for repairs and then it wants to do a system restore, after all the that it will start. However if I try to do a restart it goes through all that process again and again. So I could be repairing my computer and restoring it two to three times a day.

    Melody


    Malwarebytes Anti-Malware 1.70.0.1100
    Malwarebytes : Free anti-malware download

    Database version: v2013.03.25.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Melody :: MELODY-PC [administrator]

    24/03/2013 11:20:18 PM
    mbam-log-2013-03-24 (23-20-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213260
    Time elapsed: 27 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (Google) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (Google) -> Quarantined and repaired successfully.

    Folders Detected: 1
    C:\Users\Melody\AppData\Roaming\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Detected: 1
    C:\Users\Melody\AppData\Roaming\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    OK. Not much to worry about the Trojans, some of that can unfortunately come from just visiting a web site, lets run the adwCleaner below just to check for more, I'll get back to you on the restart thing

    Download AdwCleaner from http://www.bleepingcomputer.com/download/adwcleaner/ to your desktop
    Run AdwCleaner and select Delete



    Once done it will ask to reboot, allow this
    On reboot a log will be produced at C:\ADWCleaner[XX].txt please post that

  5. #5
    Member Jadyn's Avatar
    Join Date
    Apr 2004
    Posts
    89
    Points
    2

    Default

    Joe,
    Here ya go.
    Melody

    # AdwCleaner v2.115 - Logfile created 03/25/2013 at 19:43:15
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Melody - MELODY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Melody\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Registry is clean.

    -\\ Google Chrome v25.0.1364.172

    File : C:\Users\Melody\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1663 octets] - [25/03/2013 19:41:29]
    AdwCleaner[S1].txt - [1620 octets] - [25/03/2013 19:43:15]

    ########## EOF - C:\AdwCleaner[S1].txt - [1680 octets] ##########

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    OK. Just a little bit more add ware, no biggie. Your turn to make dinner by the way..

    Lets do a full scan for Malware.

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on: (Selecting Uninstall application on close if you so wish)

  7. #7
    Member Jadyn's Avatar
    Join Date
    Apr 2004
    Posts
    89
    Points
    2

    Default

    Here's the log Joe,

    Melody

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=0c4e88ffc70152488e8b5bbaf7a1e00f
    # engine=13483
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-03-26 03:05:33
    # local_time=2013-03-25 11:05:33 (-0500, Eastern Daylight Time)
    # country="Canada"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1039 16777213 100 98 0 50461517 0 0
    # compatibility_mode=5892 16776574 100 100 57738641 200874661 0 0
    # scanned=179572
    # found=2
    # cleaned=0
    # scan_time=10481
    sh=FD32BCE411EA0A3FE06DEABB8971BA14BEB45FBD ft=1 fh=5c1c185d79a4b1a9 vn="a variant of Win32/Bunndle application" ac=I fn="C:\Users\Melody\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll"
    sh=07CF040FEFA25DFDA4287BAB632EAB806E294695 ft=1 fh=0db8f293d4a19d8f vn="multiple threats" ac=I fn="C:\Users\Melody\Downloads\FreeYouTubeToMP3Converter (1).exe"

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    There are some minor things in your online scan that should be removed.

    delete files

    • Copy all text in the quote box (below)...to Notepad. Not the word "Code" just what's in the box..

      Code:
      @echo off
      rd /s /q "C:\Users\Melody\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll"
      rd /s /q "C:\Users\Melody\Downloads\FreeYouTubeToMP3Converter (1).exe" 
      del %0
    • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
      It should look like this: <--XP<--vista
    • Double click on delfile.bat to execute it.
      A black CMD window will flash, then disappear...this is normal.
    • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.



    Next

    Lets run system file checker for the restart problem and see if any results are gained.

    Try using System File Checker,
    System File Checker merely makes sure that all system files are where they should be. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
    Open an Elevated Command Prompt window. To do so, click Start, then type cmd in the Start Search box. In the results area, right-click cmd.exe, and then click Run as administrator. You will be prompted to type the password for an administrator account. Click Continue if you are the administrator or type the administrator password. Then, click Continue.

    At the command prompt, type the following command, sfc /scannow and then press ENTER.


    The scan may take some time to complete. Windows will repair any corrupted or missing files that it finds. If required, Windows may prompt you to insert the Operating System CD.

  9. #9
    Member Jadyn's Avatar
    Join Date
    Apr 2004
    Posts
    89
    Points
    2

    Default

    Joe,
    Alright that is all done. Steak and potatoes on the table and whether or not you get dessert still remains to be seen lol.

    Melody

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi,

    So is there any change in the restart of the computer?

    Do you have a windows cd?

    Joe

Page 1 of 2 12 LastLast