Virus after virus scan?

Hi, I got a big problem. My mom was playing a game, she always played it before, and all of a sudden an Avast windows popped up and said that we have a virus. My mom told me right away so I took action and moved it to the chest. To make sure we don’t have any other viruses I made a virus scan and it said no more viruses. So she kept playing and after a while another Avast windows popped up and told us that there was another virus found. I moved it to chest also and made a restart scan. It told us that there was no virus found whatsoever. So I thought ok that must have been the last virus. I restarted the computer and let my mom play again. But again after a while another Virus was found. So I used the Microsoft Windows Malicious Software Tool. Even that told me that there was no virus found.
I downloaded “Malwarebytes”. To make it run the best I tried to restart my computer in safe mode but always when I start it in safe mode now it brings me to a bluescreen and tells me that Windows has encountered a big problem and has been shut down.
What can I do against this “virus” or whatever it is?

You shouldn’t have to run MBAM in safe mode, that should only be necessary if you had a problem dealing with a detection in normal mode. So I would suggest a Quick scan from normal mode and report the findings.

I also did a scan in normal mode and nothing was found.

What would help is is instead of just saying a virus was detected, etc. is to give details.

e.g. What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

Also try:
SUPERantispyware On-Demand only in free version.

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Well I had gotten many more after the scan(s) so i just started moving them to the chest.
Here is the log:

“9/17/2009 6:33:08 PM 1253230388 SYSTEM 848 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/17/2009 6:33:09 PM 1253230389 SYSTEM 848 An error has occured while attempting to update. Please check the logs.
9/17/2009 8:27:42 PM 1253237262 SYSTEM 804 Sign of “JS:Downloader-ED [Trj]” has been found in //hkw.ewenona.et/amuw/in.php” file.
9/24/2009 8:27:03 PM 1253842023 SYSTEM 796 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Owner\My Documents\Downloads\pc games-MahJong Quest III + Crack\MahJongQuestIIISetup.exe[Embedded_R#524d0a0]” file.
10/11/2009 11:27:58 PM 1255321678 SYSTEM 1996 Sign of “Win32:Trojan-gen” has been found in “//zerozaku.om/download/file.php?id=13\Rally Client.exe” file.
10/12/2009 11:16:57 PM 1255407417 SYSTEM 1860 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/12/2009 11:16:57 PM 1255407417 SYSTEM 1860 An error has occured while attempting to update. Please check the logs.
10/15/2009 10:08:12 PM 1255662492 SYSTEM 1956 Sign of “HTML:Iframe-inf” has been found in “//technet-gmbh.de/” file.
10/25/2009 1:32:16 PM 1256495536 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vird.tmp” file.
10/25/2009 1:39:52 PM 1256495992 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\npux.tmp” file.
10/25/2009 1:45:48 PM 1256496348 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\divr.tmp” file.
10/25/2009 1:51:53 PM 1256496713 Owner 3028 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
10/25/2009 2:08:01 PM 1256497681 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vxnk.tmp” file.
10/25/2009 2:19:44 PM 1256498384 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\wqvo.tmp” file.
10/25/2009 2:27:17 PM 1256498837 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\fjct.tmp” file.
10/25/2009 2:33:32 PM 1256499212 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\nseo.tmp” file.
10/25/2009 2:39:26 PM 1256499566 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\nlnk.tmp” file.
10/25/2009 2:46:11 PM 1256499971 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\huul.tmp” file.
10/25/2009 2:52:24 PM 1256500344 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\popg.tmp” file.
10/25/2009 3:13:55 PM 1256501635 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\yejx.tmp” file.
10/25/2009 3:26:00 PM 1256502360 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\nmkm.tmp” file.
10/25/2009 3:38:45 PM 1256503125 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in

More is coming.

“C:\WINDOWS\TEMP\bino.tmp” file.
10/25/2009 3:50:22 PM 1256503822 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\yeee.tmp” file.
10/25/2009 4:24:33 PM 1256505873 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\suxv.tmp” file.
10/25/2009 4:30:53 PM 1256506253 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\mdva.tmp” file.
10/25/2009 4:42:49 PM 1256506969 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\icxg.tmp” file.
10/25/2009 5:48:40 PM 1256510920 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\afdo.tmp” file.
10/25/2009 6:06:50 PM 1256512010 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\rkpq.tmp” file.
10/25/2009 6:35:54 PM 1256513754 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\oyqo.tmp” file.
10/25/2009 6:47:39 PM 1256514459 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\dmrf.tmp” file.
10/25/2009 6:59:09 PM 1256515149 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\hgkf.tmp” file.
10/25/2009 7:10:03 PM 1256515803 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\taye.tmp” file.
10/25/2009 7:16:29 PM 1256516189 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\xhre.tmp” file.
10/25/2009 7:22:43 PM 1256516563 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\xuja.tmp” file.
10/25/2009 7:29:00 PM 1256516940 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\dysg.tmp” file.
10/25/2009 7:35:00 PM 1256517300 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\njae.tmp” file.
10/25/2009 7:41:12 PM 1256517672 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\gqgw.tmp” file.
10/25/2009 7:46:49 PM 1256518009 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\xscw.tmp” file.
10/25/2009 7:52:44 PM 1256518364 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\igdl.tmp” file.
10/25/2009 8:05:00 PM 1256519100 SYSTEM 1988 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\pijr.tmp” file.
10/25/2009 8:40:59 PM 1256521259 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\pipu.tmp” file.
10/25/2009 8:47:13 PM 1256521633 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\lbyp.tmp” file.
10/25/2009 8:59:15 PM 1256522355 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\mndr.tmp” file.
10/25/2009 9:05:11 PM 1256522711 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\cted.tmp” file.
10/25/2009 9:11:31 PM 1256523091 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\nbyu.tmp” file.
10/25/2009 9:17:11 PM 1256523431 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\rxex.tmp” file.
10/25/2009 9:23:56 PM 1256523836 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\qstn.tmp” file.
10/25/2009 9:30:50 PM 1256524250 SYSTEM 224 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\dgpn.tmp” file.
10/25/2009 9:46:03 PM 1256525163 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\cwxr.tmp” file.
10/25/2009 9:51:52 PM 1256525512 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\dipm.tmp” file.
10/25/2009 9:58:01 PM 1256525881 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\nlqp.tmp” file.
10/25/2009 10:04:14 PM 1256526254 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\eemn.tmp” file.
10/25/2009 10:10:31 PM 1256526631 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\ripj.tmp” file.
10/25/2009 10:16:29 PM 1256526989 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\fnnv.tmp” file.
10/25/2009 10:23:54 PM 1256527434 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\stid.tmp” file.
10/25/2009 10:29:54 PM 1256527794 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\teyg.tmp” file.
10/25/2009 10:37:00 PM 1256528220 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\iuyx.tmp” file.

more to come.

10/25/2009 10:48:31 PM 1256528911 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vpes.tmp” file.
10/25/2009 10:55:46 PM 1256529346 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vitr.tmp” file.
10/25/2009 11:03:01 PM 1256529781 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\fcww.tmp” file.
10/25/2009 11:08:43 PM 1256530123 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\clmr.tmp” file.
10/25/2009 11:14:40 PM 1256530480 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\nyok.tmp” file.
10/25/2009 11:20:42 PM 1256530842 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\siqv.tmp” file.
10/25/2009 11:33:20 PM 1256531600 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\oypt.tmp” file.
10/25/2009 11:49:46 PM 1256532586 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\kbdw.tmp” file.
10/25/2009 11:59:18 PM 1256533158 SYSTEM 2024 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\natr.tmp” file.
10/26/2009 12:12:38 AM 1256533958 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vrch.tmp” file.
10/26/2009 12:20:15 AM 1256534415 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\wwbv.tmp” file.
10/26/2009 12:27:28 AM 1256534848 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\tsmj.tmp” file.
10/26/2009 12:34:24 AM 1256535264 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\mxiq.tmp” file.
10/26/2009 12:40:40 AM 1256535640 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\qiti.tmp” file.
10/26/2009 12:47:09 AM 1256536029 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\iqqy.tmp” file.
10/26/2009 12:53:28 AM 1256536408 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\jtqd.tmp” file.
10/26/2009 1:00:37 AM 1256536837 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\fpox.tmp” file.
10/26/2009 1:06:48 AM 1256537208 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\obcv.tmp” file.
10/26/2009 1:13:02 AM 1256537582 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\uspu.tmp” file.
10/26/2009 1:19:02 AM 1256537942 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\xvpy.tmp” file.
10/26/2009 1:25:01 AM 1256538301 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\dvee.tmp” file.
10/26/2009 1:32:13 AM 1256538733 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\pbct.tmp” file.
10/26/2009 1:38:38 AM 1256539118 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\riic.tmp” file.
10/26/2009 1:44:24 AM 1256539464 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\pnxm.tmp” file.
10/26/2009 1:50:37 AM 1256539837 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\mstp.tmp” file.
10/26/2009 1:56:51 AM 1256540211 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\iamb.tmp” file.
10/26/2009 2:02:32 AM 1256540552 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\eprg.tmp” file.
10/26/2009 2:08:13 AM 1256540893 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\ybjg.tmp” file.
10/26/2009 2:14:29 AM 1256541269 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vpbf.tmp” file.
10/26/2009 2:20:21 AM 1256541621 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vnno.tmp” file.
10/26/2009 2:26:35 AM 1256541995 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\bmav.tmp” file.
10/26/2009 2:32:45 AM 1256542365 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\tcgw.tmp” file.
10/26/2009 2:38:17 AM 1256542697 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\jwmv.tmp” file.
10/26/2009 2:44:36 AM 1256543076 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\vmqx.tmp” file.
10/26/2009 2:51:35 AM 1256543495 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\dwlg.tmp” file.
10/26/2009 2:58:22 AM 1256543902 SYSTEM 2008 Sign of “Win32:MalOb-Z [Cryp]” has been found in “C:\WINDOWS\TEMP\fetv.tmp” file.

Hi Eclipse_Knight,

Do not give live links to infected sites as:
What is the actual status of ewenona dot net?
It is a suspicous site - visiting this site can seriously damage your computer.

One time during the previous 90 days the site has been noticed for suspicious activities.
Last time malware was found on the site was on 2009-09-17.
Malicious software includes 5 exploits.

This site was hosted on 1 network(s) including AS30099 (SB).

This site has been infecting 2 other sites, e.g. urbanfonts.com/, fretplay.com/.

The malware on the site has infected 4 domains, e.g. urbanfonts.com/, tabheaven.com/, ravfasd.1sthost.org/.

How this happened?
Malicious coding was added to genuine sites, hence we give this warning.

The other site zerozaku dot com has obfuscated ^hard code:

PKh¥ ;yhuëRally..... Client.exeìü{<Óáÿ?ŽoÌ ³ ^^^^ Ã0Œ-Íy1 sš‘˜C¨„JN iD-§9¶9•BÉ¡•J%9Ç^^^^^^^ (Ç¢E”S²ßÓëõy¿o·ßï÷Ç÷ûÇ÷ÏïóÖº®ž{>¯ëq¸?÷k·[{öç‚A øðù P=è¿ô}­„òS¨V¤O ^^^^^^¥ìÔ§âruè8îÈ¡ðð&îðQ\Tt8.$gëâŽ;pTG\\”ðÖëeïþÈùŸÏÅOgr4€QåmHö?cxÎU`DKÌQýÏx)Gä?^^^^^^ÏÎçhÞßþþpNÄž‹Í1F#~lŽúƸÿŒ*oYÿÝBŽo¯ÿ?²3ì@ '° HvÃÕáîM‚ð`1°È­†\(h O*ƒÑÿZ  ÐÿyçFP«è¿ûï׉ÿûìÿŽÿ;üçZ|,^^^^^^^^ ªÙ6<°î¢ôÿ ^^^^^^^^^^^^^^^^^^^^^^^^^^ cÿ?tíex“þ3tû_ ÿßÏ$¦žÓûß/·õÿ-øÿ÷xN'êdÔ‘íà@ÿµ‘<0® þÿ>×úÿœÿïõó2Ð!lû[E\&jõéààÂÝ÷–#EA¿ÿlÁ@jN ÁõM>ašÚŠLýS*ê¦Á@½• ˺v‚F ÎÓ`…Ïçÿ̪ ˜sì!xë¬XÎŽÆ‚EÍùvÛoµŒ:åée(9ß<ºìšM^h.\ø¹ì®†mIì 8AßÙ¿úì+¥<…q¥°9Ì& cÆû{Ñ «æˆGÚº60®VNžµ¬Õò«§ }¿ÑüÊ™ ^^^^ †±Dϯ²åYl󲞆f>:¦Á 0vñòžŠVFQ‡R|e’M=_!ëeÀçÐ&1%/yõöñ~ûÒŽÅóÝ=eIÇ.x>íc¬7š†Ý_ éºËäjNÙ™¨/é]n3G“écb†`zŽV¹·5Ãö¼‚@”-‘qÜä—Çúè8º×“sbðÃìç•À7jloæÄà <Â8«fÿ¢Wžðù_ü8»©f}L^^^^^ “MdÊ55A Ž@¨ @gÈpáêQæ1 ^^^^^^^^^^^^^^^^^Ž*Ø‹§šÃÆÈ=å¸c8‡ØÉÉeŠ›Ø¨oY'Ñf‚ïAøÇ­[D`/ç[çüÝÖý^œ¾îÚÙͬƒ›ö8Ýö"ø‡ýÅyå/` á7÷ªÅý:Œ3EÜ…ü|9a¦Ò¶C@-îœö™•nARõ¢LŒæ¨a}ê S^^^^^^^^^^^^^^^^^^^^^^^ Y×±uî‰N {Í2~§çY{3Ÿ¨±v߁ŒƒÕ×n›ãÆ ^^^^^^^^^^^^^^^^^^ broken by me - pol

Make the links non-clickable for the curious by putting wXw or hxtp://

polonus

I didn’t mean to make them clickable, sorry for that.
But avast took action about that.
I’m more worried about the last ones, that start on the 25.

Hi Eclipse_Knight,

There was another site that could have loaded you with malware: Wat is de huidige status van technet-gmbh.de? 1 page there loaded malicious software without user’s consent. Last time found 2009-10-17
Deze site wordt momenteel niet aangemerkt als verdacht.

Malicious software includes 6 trojans.

Malicious software hosted on 4 domains , e.g. gooversbaiters.com/, mirodos.cn/, 193.27.246.0/.

This site was hosted on 1 network including AS8560 (SCHLUND).

This site functioned as a re-direct site for malware that infected 3 sites, e.g irazoo.com/, surfthechannel.com/, popcrunch.com

Soon you will get assistence in cleansing the one that starts on the 25,

After your computer has been cleansed, consider surfing with Firefox with the NoScript extension installed,
and finjan security extension for pre-scanning links,

pol

I’m browsing with google chrome right now…

Hi there lets see what you have

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Reg - Shell Spawning
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

THEN

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

[]Click on the Log tab.
[
] In the Write to log box select all items.
[] Click on the Create Log button on the bottom right.
[
] After a few seconds a new Window should appear.
[] Make sure Scan all drives is selected and click on the Start button.
[
] When it is complete a new Window will appear to indicate that the scan is finished.
[*] The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

Since they were all in the Temp folder and had what appears to have been a randomly assigned .tmp file name, something was creating them and that is why we are trying other tools to try and find what that might be.

Hopefully now essexboy is on the case he will get to the bottom of it.

whew sounds like its gonna take long…
well, imma do it anyways.

Dependant on what you have it could be quite simple - these tools will show me

:slight_smile: Hi Eclipse :

I noticed near the beginning of the “Log” you posted :
“Crack\MahJongQuestIIISetup” ; when it says “Crack” in it there is an implication that you have an undesirable “version” of the MahJongQuest 3 on the computer ; “Crack” versions usually hide a malware-infecting “Trojan” in
them . It would seem that at some point the SPECIFIC game on your computer should be uninstalled, but I defer judgement of that to Essexboy .

I did notice on a Google “Search” of this game that there are “3” Versions
and “III” Versions and do not know if there are “differences” and/or IF either
is more prone to being a undesirable “Crack” version !?

The game came with the crack so I deleted the whole game including the crack.