Exploit.drop.gs attacked me

Jay Pfoutz · Jan 11, 2013

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer

Error messages

Fake antivirus alerts or the icon in the system tray

svchost.exe running at 100%

System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

PegJM · Jan 11, 2013

Yes. As I mentioned before: As for symptoms ... Blue & black screens numerous time per day, auto reboots out of nowhere, mouse or keyboard freezing up forcing me to hard boot, system hangs, programs stop responding, error msgs that there may be a problem with drivers and/or recently installed hardware or software (although there has been nothing recently). Once did some diagnostics in safe mode and got the msg "error code 4400:011A. MSG: SCSI_0-000_disk_generic_SD/MMC-target not ready." but never figured out what it meant or what to do about it. Both chrome and Mozilla run slow. Ms office and photoshop will crash it.

That said, when I returned this afternoon, I found it had black screened again while I was gone ... during the third ESET scan. If there were a log, where might I find it? Nonetheless, I am giving it a fourth and final try. If it still won't complete the scan, let's give up and try something else. Your thoughts?

PegJM · Jan 11, 2013

Ok, I surrender. On the 4th attempt at an ESET scan, it blue screened at around the 485,000th file AGAIN. The blue screen said (paraphrasing) the following: PFN_list_corrupt. If first time you've seen this, reboot. If not, make sure hardware and software are coorectly installed. Disable/remove newly on stalled hardware. Disable BIOS memory options such as caching or shadowing. Technical info:***STOP: 0xoooooo4e then a bunch of other numbers I wrote down. Ask me if you want those numbers. Then it said collecting data for crash dump. This is one those blue screens I get all the time. The only other thing I can think to do is to delete all my photography folders and try the scan again. Plz advise.

PegJM · Jan 12, 2013

Hubby suggested we try one last time for a FULL scan with MBAM (ESET still won't finish a scan) and it worked this time. This is the resulting report:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peg :: PEG-PC [administrator]

Protection: Enabled

1/12/2013 9:42:32 AM
mbam-log-2013-01-12 (09-42-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 894785
Time elapsed: 3 hour(s), 5 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
So where to from here, boss? Try ESET again? For the fifth time? Or shall I try something else?

Jay Pfoutz · Jan 12, 2013

Something else...sorry you had so much difficulty with that.

Kaspersky GetSystemInfo Scan

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.

Set the slider to Maximum.

IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.

On the General tab, make sure all of the boxes are checked.

On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.

Click Create Report to run it.

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

PegJM · Jan 12, 2013

Here you go! Thanks.
http://www.getsysteminfo.com/read.php?file=93239159bb567d9b18d9702c6b576a94

Jay Pfoutz · Jan 13, 2013

Hitman Pro

Please download Hitman Pro

After the download completes please double click the program to run it.

Accept the terms of the license agreement and click Next

Let the scan run. It will not take long

When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next

Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location

Upload log.xml here for review please

PegJM · Jan 13, 2013

I am on it. Gimme a few minutes.

PegJM · Jan 13, 2013

It did not quite do what you said it should do. There is no Export Scan Results To XML File option, so I hit Save Log (see attached screenshot), clicked on the .xml file type and put it on the desktop. But when I tried to upload it, I got an error msg saying it is not an allowed file type. So next, I will try to copy & paste it in. ALSO, please look at the screen shot and tell me if you want to click NEXT or CLOSE. I have it sitting open for now.

PegJM · Jan 13, 2013

And is the content of the .xml it generated.

<Log computer="PEG-PC" windows="6.1.1.7601.X64/2" scan="Normal" version="3.7.0.185" date="2013-01-13T15:06:23" timeSpentInSecs="1031" filesProcessed="378795"><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:a1.interclick.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:ad.yieldmanager.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:adbrite.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:ads.blogtalkradio.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:ads.cnn.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:ads.pubmatic.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:ads.shorttail.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:ads.undertone.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:adserving.autotrader.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:advertising.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:apmebf.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:atdmt.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:bs.serving-sys.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:casalemedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:collective-media.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:doubleclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:fastclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:googleads.g.doubleclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:interclick.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:invitemedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:media6degrees.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:network.realmedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqliteverture.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqliteointroll.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:questionmarket.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:realmedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:revsci.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:ru4.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:segment-pixel.invitemedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:serving-sys.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:statse.webtrendslive.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:t3.trackalyzer.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:trackalyzer.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:tribalfusion.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:www.googleadservices.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:yieldmanager.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\jzev5kcp.default\cookies.sqlite:zedo.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:eset.122.2o7.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookiesasc05134.247realmedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.prd.inpwrd.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:a1.interclick.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:ad.360yield.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:ad.wsod.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:adinterax.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:ads.fatvine.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:ads.ogdenpubs.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:ads.pubmatic.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:ads.undertone.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:atdmt.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:c.atdmt.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:collective-media.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:doubleclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:googleads.g.doubleclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:in.getclicky.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:interclick.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:invitemedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:media6degrees.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:mm.chitika.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqliteointroll.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default\cookies.sqlite:www.googleadservices.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:a1.interclick.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ad.360yield.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:adinterax.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.cleveland.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.fatvine.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.masslive.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.mlive.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.nj.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.nola.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.ogdenpubs.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.oregonlive.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.pubmatic.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.shorttail.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ads.undertone.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:advertising.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:atdmt.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:c.atdmt.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:cn.clickable.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:collective-media.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:doubleclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:in.getclicky.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:interclick.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:invitemedia.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:media6degrees.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:mm.chitika.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqliteointroll.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:ru4.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:statcounter.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:survey.g.doubleclick.net" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:t.pointroll.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:tribalfusion.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Peg\AppData\Roaming\Mozilla\Firefox\Profiles\m7m5fcma.default_novl\cookies.sqlite:www.googleadservices.com" /></Item><Item score="0.0" status="None"><File path="HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LivingPlay\" /></Item></Log>

PegJM · Jan 14, 2013

Hi Jay, at the risk of sounding impatient (I don't mean to, I know you are doing this for free and I appreciate that more than you know) is there any way possible to speed this up a bit? I would even be willing to drive to Dayton and pay you to fix it. I am getting desperate because this is the third week now that I have not been able to work and it is costing me a small fortune every day that this machine is down. I am reluctant to move/do anything without you telling me to because it is in the agreement not to but honestly, I may be forced to just reformat and reinstall everything so I can get back to business ... But I have done things like that before and ended up somehow getting reinfected anyway. I dont want to shoot myself in the foot here and alientate you in process. That would be stupid of me. A special kind of stupid. If I brought it to you, could you fix it, how long would it take, and what would charge me? Do you know yet what the problem is? Is there anyone you know in Columbus who could it today? I need my computer and is getting seriously expensive not to have it. Thanks so much and I am truly sorry if I sound impatient, I don't mean to. It is not your fault, it is just the situation.

PegJM · Jan 14, 2013

PS ... I went ahead and activated hitman pro to get things moving again, and let it delete all those infections it found. Went to run PCTools anti virus and it froze again. Will have to do another hard boot. So now we can add PCTOOLS to the list of apps that crash it.

Jay Pfoutz · Jan 14, 2013

A reformat and reinstall would manage the process a lot faster. I'm sure that the computer is overall clean, however, if it seems significantly problematic, then I would suggest to "start over" for the computer. Overall, there may be quite a bit of damage to the OS as a result of the virus attack. I don't want you to have to wait longer. It didn't seem clear to me you were waiting for so long to get back to business.

If you need help with the format & reinstall, let me know. I can point you to tutorials that would simplify the process significantly.

PegJM · Jan 14, 2013

That would be awesome! Thank you. Problem is I can't find (not sure I ever had) the OS on disk. All I have is the repair disk it had me make when I first got it. So I was going to resort to my little Inspiron set guide and do a factory image restore. Is there a better way?

Jay Pfoutz · Jan 15, 2013

Time to step it up, then, if you have no way of reformat...

CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.

A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.

On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.

Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Windows Signature Verification Scan

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.

MySystemSearch

Please download MySystem-Search from HERE

Save the file to your Desktop.

Double-click on mss.exe

Allow it to run, and follow the prompts.

Once done, it will launch a log.

Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

SpiderKill Rootkit Scanner

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.

Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.

Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

Jay Pfoutz · Jan 17, 2013

How's this working so far?

PegJM · Jan 18, 2013

Sorry, Jay. I have not been able to log in for a couple days. This darn thing rendered my PC completely unusable. The only thing we could do was install Linux (ubuntu) and honestly, I LOVE it. It has been stable ever since. (So Windows can officially kiss my ....) I doubt I will ever go back to Windows. This is slick. Anyway, sorry for all the trouble, thanks for trying but it was hopeless, I think, before we even started. So I think we can close this now. Have a great day. And thanks again.

Jay Pfoutz · Jan 18, 2013

Good work! I almost suggested to do that....no kidding. The only thing stopping me from recommending you just go with Ubuntu was if your work required certain programs that only run on Windows (I could've asked).

I completely love Ubuntu. I wish I had time for it. When my hard drive went kapoowi this past Fall, I had to wait for it to be shipped. While waiting, the only thing I could use was Ubuntu LiveCD. I ran Ubuntu from CD, which was actually cool, because I could put it to sleep for a couple days in a row without trouble. But, whenever you'd shut the computer down from Ubuntu LiveCD, it erased your current progress on your RAM.

I had serious thoughts about installing Ubuntu on my computer, since getting my new hard drive. I installed Windows 7 Ultimate, and never did anything else yet. But, yeah, it was crazy.

Well I appreciate your patience, and hope I didn't make you too impatient. Any other questions before I mark this resolved?

PegJM · Jan 18, 2013

Actually, I AM going to miss photoshop/bridge (I am a part time photographer) & Word & Excel. But if my OS is going actually be stable and I don't have to worry so much about a virus or trojan, so be it. I am already over it. Besides, my brother in law has a gently use two yr old laptop for sale for $200 and I can run photoshop on that. I will use ubuntu for everything else. So yes, MS can take it and put it someplace, if you know what I mean. Why can't Windows work this cleanly and this stable???? I didn't even have to configure my wireless adapter or printer. It just ... WORKED. Now, no other questions but if I run into something, I know where to find you. Thanks again for everything! Peg

Jay Pfoutz · Jan 18, 2013

That's cool. I know, Ubuntu is constantly being developed to work perfectly, versus Windows (they're always patching something in Windows).

Look in the Application center for OpenOffice or LibreOffice. They are the competitors to Microsoft Office. They should work with almost any document.

Anyway, you're welcome. If you need anything else, start a new topic or PM me.

Marked as solved.

TechSpot

Welcome to TechSpot

Exploit.drop.gs attacked me

Jay Pfoutz Malware Helper Posts: 4,286 +49

PegJM Newcomer, in training Posts: 26

PegJM Newcomer, in training Posts: 26

PegJM Newcomer, in training Posts: 26

Jay Pfoutz Malware Helper Posts: 4,286 +49

PegJM Newcomer, in training Posts: 26

Jay Pfoutz Malware Helper Posts: 4,286 +49

PegJM Newcomer, in training Posts: 26

PegJM Newcomer, in training Posts: 26

PegJM Newcomer, in training Posts: 26

PegJM Newcomer, in training Posts: 26

PegJM Newcomer, in training Posts: 26

Jay Pfoutz Malware Helper Posts: 4,286 +49

PegJM Newcomer, in training Posts: 26

Jay Pfoutz Malware Helper Posts: 4,286 +49

Jay Pfoutz Malware Helper Posts: 4,286 +49

PegJM Newcomer, in training Posts: 26

Jay Pfoutz Malware Helper Posts: 4,286 +49

PegJM Newcomer, in training Posts: 26

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.