I think my laptop has a trojan.

Recently my account on a game i play, world of warcraft, was compromised and the only explanation is that my computer must have some kind of virus. i am the only one with access to it and even after repeatedly changing the password someone how someone else kept changing it... i'm afraid to log onto my bank account or anything else important, please help.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

I tried downloading it but it says that it is not compatible with my operating system. I have windows 7.

Oh. It said Vista in your OS on your profile.

Please do these steps in order.

1. Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2. Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

5. Post the following in your next reply:

• MBAM log
  
• SAS log
  
• ESET log

And, please tell me how your computer is doing.

Malwarebytes' Anti-Malware 1.44
Database version: 3643
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/27/2010 7:06:34 PM
mbam-log-2010-01-27 (19-06-34).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 496504
Time elapsed: 1 hour(s), 27 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\32788R22FWJFW\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Rock\Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



==============================================================================================================================================================================================



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2010 at 08:31 PM

Application Version : 4.33.1000

Core Rules Database Version : 4526
Trace Rules Database Version: 2338

Scan type : Complete Scan
Total Scan Time : 01:14:13

Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 6815
Registry threats detected : 0
File items scanned : 160984
File threats detected : 166

Adware.Tracking Cookie
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@ads.bridgetrack[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@atwola[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@at.atwola[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@tacoda[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@questionmarket[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@fastclick[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@zedo[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@doubleclick[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@lfstmedia[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@serving-sys[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@apmebf[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@pointroll[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@trafficmp[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@atdmt[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@ar.atwola[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@cdn.at.atwola[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@specificmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@cgm.adbureau[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@adbureau[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@tribalfusion[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@advertising[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@ad.yieldmanager[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@stats.adbrite[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\rock@ads.pointroll[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@247realmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@a1.interclick[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ad.wsod[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ad.yieldmanager[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ad2.ip[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adbrite[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adbureau[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adlegend[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@admarketplace[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adrevolver[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.ad4game[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.addynamix[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.associatedcontent[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.bootcampmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.bootcampmedia[3].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.bridgetrack[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.buysheerskin[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.euractiv[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.eyecuedigital[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.gamersmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.ireel[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.lucidmedia[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.lycos[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.mgm[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.nudereviews[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.okcimg[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.pointroll[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.softure[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.sumotorrent[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.undertone[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ads.veoh[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adserver.adreactor[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adserver.adtechus[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adserving.cpxinteractive[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@adtech[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@advertising[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@apmebf[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@associatedcontent.112.2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@at.atwola[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@atdmt[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@atlas.entrepreneur[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@atwola[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@avgtechnologies.112.2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@beacon.dmsinsights[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@bluestreak[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@bridge1.admarketplace[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@bs.serving-sys[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@burstbeacon[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@burstnet[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@c5.zedo[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@casalemedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@cct.clickable[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@cdn4.specificclick[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@cgm.adbureau[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@chitika[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@click.mediadome[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@click.tvprocessing[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@clickbank[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@clicker[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@clicktorrent[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@cms.trafficmp[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@collective-media[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@content.yieldmanager[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@counter.hitslink[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@counter14.sextracker[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@crackle[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@d.isleadvertise[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@data.coremetrics[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@dc.tremormedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@doubleclick[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@eb.adbureau[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@edge.ru4[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@entrepreneur.122.2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@fastclick[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@iacas.adbureau[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@icebanner[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@imrworldwide[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@insightexpressai[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@interclick[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@intermundomedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@invitemedia[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@isleadvertise[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@kontera[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@lucidmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@media.adrevolver[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@media.photobucket[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@media6degrees[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@mediaforgews[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@mediaplex[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@mediatraffic[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@memosbanner009[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@microsoftsto.112.2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@microsoftwindows.112.2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@mmedia.t134[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@movieticketscom.122.2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@msnportal.112.2o7[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@network.realmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@nextag[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@oasn03.247realmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@oasn04.247realmedia[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@openxxx.viragemedia[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@overture[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@pointroll[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@pro-market[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@qnsr[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@questionmarket[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@realmedia[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@revenue[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@revsci[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@richmedia.yahoo[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@rotator.adjuggler[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@ru4[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@serving-sys[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@sextracker[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@smartadserver[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@socialmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@specificclick[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@specificmedia[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@stat.onestat[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@statcounter[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@statse.webtrendslive[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@tacoda[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@toplist[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@toplist[3].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@tracking.realtor[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@traditionalvalues[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@trafficmp[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@trendbanner[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@tribalfusion[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@viacom.adbureau[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@videoegg.adbureau[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@webads.hookedmediagroup[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@www.burstbeacon[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@www.burstnet[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@www.clicker[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@www.googleadservices[3].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@www.jartrack[2].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@www5.addfreestats[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@xiti[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@yieldmanager[1].txt
C:\Users\Rock\AppData\Roaming\Microsoft\Windows\Cookies\Low\rock@zedo[2].txt




==============================================================================================================================================================================================





ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b5e17853c1a7734092aa97dc12864862
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-28 06:32:52
# local_time=2010-01-27 10:32:52 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 16197203 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=334453
# found=1
# cleaned=1
# scan_time=6619
C:\Users\Rock\Downloads\finale songwriter 2007 plus crack\Crack\fsongwriter_kg.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Last edited by Fuhrerbelial on 28th January 2010, 6:45 am; edited 2 times in total (Reason for editing : Forgot to add other scan logs)

Please download CKScanner by askey127 from here

Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\rock\desktop\keyg\keygen.exe
c:\users\rock\desktop\keyg\keygen.rar
c:\users\rock\documents\downloads\[]demonoid.com[]-finale_songwriter_2007_plus_crack_5722639.2606.torrent
c:\users\rock\downloads\finale songwriter 2007 plus crack\.volumeicon.icns
c:\users\rock\downloads\finale songwriter 2007 plus crack\adberdr708_en_us.exe
c:\users\rock\downloads\finale songwriter 2007 plus crack\autorun.inf
c:\users\rock\downloads\finale songwriter 2007 plus crack\lullaby.mid
c:\users\rock\downloads\finale songwriter 2007 plus crack\songwriter windows read me.rtf
c:\users\rock\downloads\finale songwriter 2007 plus crack\songwriterwinsetup.exe
c:\users\rock\downloads\finale songwriter 2007 plus crack\torrent downloaded from demonoid.com.txt
c:\users\rock\downloads\finale songwriter 2007 plus crack\win-installer.ico
c:\users\rock\downloads\finale songwriter 2007 plus crack\crack\crack readme!!!!.txt
c:\users\rock\favorites\links\need keygen or serial code for microsoft office professional 2007 - mixmakers.net - your #1 source for sports media.url
scanner sequence 3.EH.11
----- EOF -----

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.44
Database version: 3656
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/29/2010 12:15:19 AM
mbam-log-2010-01-29 (00-15-19).txt

Scan type: Quick Scan
Objects scanned: 98416
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
  
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
  
• For a few moments the system will make some calculations
  
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
  
• Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows 7 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

i'm currently using google chrome, how does it compare to firefox and opera? would i be better off using one of those two? other than that.. thank you very much!! =)

Chrome works fine.