Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I must be infected!!


  • This topic is locked This topic is locked
71 replies to this topic

#1 Stila_R8dr

Stila_R8dr

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 24 April 2010 - 03:12 PM

Everything that I read here at Bleeping computers points me in the "OMG I must be infected" direction.

Redirect? I think so.
backdoor Trojans? I hope not, but sounds like.
Pop ups with virus alerts and scans? Yes I did click on one... But I tried to stop it!

I just don't know where to start?

And OMG talk about some personal info that has been on my computer!! I might as well see if I can join some kind of "I need a new identity program" or something.

Any one up for a challenge?

Help me please, I think that I am infected. (I know that I wasn't supposed to start my post like that... That is why I ended like this.)

Thanks In Advance

Tony



BC AdBot (Login to Remove)

 


#2 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 24 April 2010 - 04:48 PM

Hi Tony,

Have you run any anti-malware scans up to this point such as MBAM or SAS?

You could also try Dr.Web CureIt.

Try running a temporary file cleaner such as TFC by Old Timer which will also make the scans faster too. Follow the instructions on that page and make sure you close any open programs before you run it.

#3 Stila_R8dr

Stila_R8dr
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 25 April 2010 - 06:58 PM

Ok
I ran MBAM, SAS, and Dr WEB. All found and fixed problems.

One thing that seemed strange is that I was asked to protect my home page. I accepted the protection. I was asked what my home page was. It was displaying "www.comcast.net/" I changed it by removing the / "www.comcast.net" is what I told it to protect. It accepted and did the rest of its thing.

After all was done.. I launched my internet... It took me to my..... Wait! Homepage change being detected! window popped up asking me if I would allow it to be changed. I check the box that said to Block the change. It proceeded and my homepage had the / in the address again.


Also I now have an Email in my inbox (from a forum that I visited in the past) that said that I have a virus and that I should use THEIR tool (www dot remove trojans webcindario com/online-scanner/) to fix it. That seems strange (the timing) that a forum that i have not visited in a long time sent me mail telling me to fix a problem that I just fixed.

I saved the logs if anyone would like to see them.

thanks again

Tony



#4 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 25 April 2010 - 07:46 PM

I would ignore that email and then maybe go directly to the forums by typing in the web address by hand that you know is correct instead of using any links in the email, and then asking someone there in the forums what it might mean. As far as the home page protect portion of SAS, don't worry about it. There must have been a slight delay from the time you changed the \ to when SAS popped up telling you about the change. Probably fine there.

However, I wouldn't quite quit yet. I would recommend you do some more scans to be on the safer side. Speaker of the safer side, I would boot into safe mode, and then run a full scan using SAS.

After that, I would boot into normal mode and do a full scan with MBAM.

One last step would be to use an online scanner such as BitDefender for another opinion.

Could you post the SAS and MBAM logs from the first scan you did? Thanks and glad to hear things are working better. smile.gif

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:23 AM

Posted 25 April 2010 - 09:41 PM

It is important for us to review the logs there are several levels of info to review from them. It also steers me in what to do or not next.
There are some Identity stealers out there and we want to know. Also some that are not cureable and then there is no sense in further scans./// Thanks

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Stila_R8dr

Stila_R8dr
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 26 April 2010 - 03:07 PM

Post logs here?
I read (pinned topic title here) somewhere not to post logs here in this forum.
I will if you want me too.
Once I find the instructions on "How to post a log".

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:23 AM

Posted 26 April 2010 - 03:15 PM

Not to post ComboFix,DDS or HJT logs.. Post yours please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Stila_R8dr

Stila_R8dr
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 26 April 2010 - 04:03 PM

First to run...

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4033

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4/24/2010 9:58:12 PM
mbam-log-2010-04-24 (21-58-12).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 336468
Time elapsed: 1 hour(s), 37 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{FAB8715C-3152-49F1-8E4F-87FD166C47C8}\RP27\A0026257.exe (Trojan.Downloader) -> No action taken.


and then I ran....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/25/2010 at 00:00 AM

Application Version : 4.35.1000

Core Rules Database Version : 4848
Trace Rules Database Version: 2660

Scan type : Complete Scan
Total Scan Time : 01:21:04

Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 6431
Registry threats detected : 0
File items scanned : 68681
File threats detected : 216

Adware.Tracking Cookie
C:\Documents and Settings\Administrator.TONY-FF74133617\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator.TONY-FF74133617\Cookies\administrator@hlstatsx[2].txt
C:\Documents and Settings\Administrator.TONY-FF74133617\Cookies\administrator@invitemedia[1].txt
C:\Documents and Settings\Administrator.TONY-FF74133617\Cookies\administrator@collective-media[1].txt
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.automedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.automedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
findarticles.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
findarticles.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
findarticles.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.a.findarticles.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.a.findarticles.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.a.findarticles.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-traderpublishing.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-traderpublishing.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
adcache.cycletrader.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
adcache.cycletrader.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-techtarget.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-techtarget.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
bilbo.counted.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
stanley119.tripod.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
stanley119.tripod.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-comcast.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-comcast.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-gamespyinc.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
hc2.humanclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
hc2.humanclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wal4cldzgdq.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wgkisicjwlp.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6whk4agdjobq.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wjkyajcjibo.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wjkyamazkfp.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wjnycldjwlq.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wjny-1jcjwk.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.findartinfo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.findartinfo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
tracking.notabenestats.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.perf.overture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.marinedepot.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.ehg-ati.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.cbs.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wbkyejdzmgp.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.e-2dj6wjmiwkcjefo.stats.esomniture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.medianewsgroup.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
adserving.autotrader.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
app.insightgrit.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
www.free-internet-media.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ccy6lsv1.default\cookies.txt ]
C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hypertracker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.webtrafficinfo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@link.mercent[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@medianewsgroup[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.traffic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data1.perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a.websponsors[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findlaw[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@my.traffic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traffic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@caselaw.lp.findlaw[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt
C:\tony\Cookies\tony@nextag[2].txt


and last but not least....

Cant seem to find the Dr web log.
I found a log that was created just after the drweb file called "cure it". I checked the properties of the file it was a note pad log 45.5 Mb size, but I dont see if it is belonging to DrWeb.

is that it? is 45.5 Mb huge? or is it just me?

I used to be indecisive, but now I am not sure. dry.gif

Thanks
tony






#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:23 AM

Posted 26 April 2010 - 04:20 PM

hello need to ask if you clicked the Remove selected button after the MBAm scan?

DRWEB Log location

%USERPROFILE%\DoctorWeb\CureIt.log
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Stila_R8dr

Stila_R8dr
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 26 April 2010 - 07:01 PM

I think so.
I am so sure.. i dont know I want to say yes i did.
Should I do the scan again?

And this will be the third time that I try to post the cureit log. The first two attempts seemed to crash.
Come to think of it I think that I will post this first. In case it crashes again. Tired of typing. I am not the best typererrer.

#11 Stila_R8dr

Stila_R8dr
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 26 April 2010 - 07:21 PM

Tried to post the log and it returned an error again.
Here is a print screen of the error.



Strange that it is telling me that I must "enter a post"

#12 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 April 2010 - 08:18 PM

Unless boopme wants anything different, I would run the MBAM again and make sure you do an update first to update your defs to the latest and greatest. Make sure you check any and all threats detected and remove them.

Also when you ran SAS, did you do it in safe mode? If not please do it in safe mode. and remove what ever it finds.

Please do a quick scan using BitDefender and post the results.

Edited by certifiedgeek, 26 April 2010 - 08:18 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:23 AM

Posted 26 April 2010 - 10:58 PM

Probably just a glitch with the post.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Don't fret the SAS scan.

How is the machine running now?

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Stila_R8dr

Stila_R8dr
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 27 April 2010 - 10:42 AM

for what its worth. I found the log from the first MBam scan. here it is below.
Below that is the log from the scan that you just instructed me to do.


Wait a minute I just woke up.
Its not the SAS that is bugging me. Its the DrWeb log that isnt working out.



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4033

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4/24/2010 10:01:53 PM
mbam-log-2010-04-24 (22-01-53).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 336468
Time elapsed: 1 hour(s), 37 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{FAB8715C-3152-49F1-8E4F-87FD166C47C8}\RP27\A0026257.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



And then the last log..


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4041

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4/26/2010 11:03:38 PM
mbam-log-2010-04-26 (23-03-38).txt

Scan type: Quick scan
Objects scanned: 155483
Time elapsed: 25 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Stila_R8dr, 27 April 2010 - 10:45 AM.


#15 Stila_R8dr

Stila_R8dr
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 PM

Posted 27 April 2010 - 06:15 PM

I have run the programs again and it seems to run better.
I think that I still have problems because I have way to many things that just change by themselves. Folders that I dont have permission to enter anymore. Noticed that There is more then one admin account that is misspelled some how.

I swear!!
At this point I fell like starting over.

Anymore suggestions would be appreciated.

Thanks
Tony





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users