Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus...Please help?


  • This topic is locked This topic is locked
63 replies to this topic

#1 7764jodie

7764jodie

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 09 June 2010 - 03:05 PM

Hi,
Firstly I know nothing at all about computers & I believe after some research & reading some of the topics posted on here my computer could possibly be infected with the 'Google redirect virus'....Please help sad.gif
Last week my computer had a virus & wouldnt load the internet at all, after some research I downloaded & ran 'Malware bytes', it took hours & hours to scan which found 19 infections!
After deleting these I thought the problem was solved but then when loading the Internet page it kept saying that there was no internet connection & it could be being blocked by Firewall, so after more research I followed the instructions from a Yahoo forum which told me to click on:

'Tools>>>Internet Options>>>Connections>>>LAN Settings....Then de-select 'Use a proxy server for your LAN'

I then rebooted my system & when loading the internet it was a bit slow but it worked....Well at least I thought it did sad.gif
My computer is still useable but now really slow & the problem iv got now is that everytime I do a search especially via Google it redirects me to totally random sites that are irrelevant to what iv searched for, it evan sometimes pops up a totally new Google search page! It has also once or twice closed the page down for no aparant reason.

Iv also tried to 'Reset advanced settings' & 'Restore Internet settings' but this didnt seem to do anything & now today I found some information on a site called 'Troublefixers.com' which didnt seem to help either as I got so far & couldnt find the next step to click on...They told me to click on:

'Start>>>Control Panel>>>System>>>Hardware>>>Device Manager>>>View>>>Show hidden devices'
Then scroll down & click 'Non-plug & play drivers'....this is as far as I got as they then told me to search & deselect 'TDSSserv.sys' which I could not find.


I hope this message makes sense Iv tried to cover everything, Iv read in other posts that I should post a 'Log file' but im unsure as to what this is or where to evan get it sorry sad.gif
Any help would be greatly appreciated....Many thanks smile.gif

Edited by Orange Blossom, 09 June 2010 - 05:22 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 11 June 2010 - 05:30 PM

Please run a Malwarebytes quick scan and post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 12 June 2010 - 06:43 AM

Hi thanks for getting back to me this is the Quick Scan Log......

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4039

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/06/2010 12:38:49
mbam-log-2010-06-12 (12-38-49).txt

Scan type: Quick scan
Objects scanned: 117225
Time elapsed: 21 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

....Would you like me to post the previous Full Scan Log aswell that shows all the infections that it detected as I see that the quick scan shows no infections? Thanks smile.gif

Edited by 7764jodie, 12 June 2010 - 06:45 AM.


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 12 June 2010 - 05:40 PM

Yes please post the original log. Also, try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 13 June 2010 - 06:53 AM

Hi thanks ill try the link now. Heres the 1st Log....

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4039

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

07/06/2010 09:57:02
mbam-log-2010-06-07 (09-57-02).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 212035
Time elapsed: 4 hour(s), 51 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\c0daa731.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d80961f-20cc-f73f-53dd-e8c501a5b949} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d80961f-20cc-f73f-53dd-e8c501a5b949} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\da9f434b (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31b87990-22e2-92b0-b520-f24c2bd7844c} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31b87990-22e2-92b0-b520-f24c2bd7844c} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\phisgtkc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmopvrgd (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\phisgtkc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmopvrgd (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ufludziebkzw (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\c0daa731.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\da9f434b.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\PAULY\Local Settings\Application Data\ihcmlirxs\lghppvvtssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.
C:\WINDOWS\Temp\n.exn (Trojan.Dropper) -> Quarantined and deleted successfully.


#6 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 13 June 2010 - 07:59 AM

Hi I tried the link you posted above, computers still a bit slow but the searching seems to be good at the mo with NO redirects!!! smile.gif Thankyou clapping.gif
If its ok though ill post back if it hasnt totally stopped, thanks smile.gif

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 13 June 2010 - 04:14 PM

Try this scan:

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 14 June 2010 - 03:31 AM

Ok thanks will do that now smile.gif



#9 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 15 June 2010 - 11:59 AM

Hi heres the Scan Log......

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2010 at 12:09 PM

Application Version : 4.39.1002

Core Rules Database Version : 5057
Trace Rules Database Version: 2869

Scan type : Complete Scan
Total Scan Time : 01:44:39

Memory items scanned : 269
Memory threats detected : 0
Registry items scanned : 7967
Registry threats detected : 26
File items scanned : 25716
File threats detected : 104

Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Trojan.Agent/Gen-Nullo[Micro]
HKLM\System\ControlSet010\Services\bhwkxtdr
C:\WINDOWS\SYSTEM32\DRIVERS\MSSADY.SYS
HKLM\System\ControlSet010\Enum\Root\LEGACY_bhwkxtdr
HKLM\System\ControlSet011\Services\bhwkxtdr
HKLM\System\ControlSet011\Enum\Root\LEGACY_bhwkxtdr
HKLM\System\ControlSet012\Services\bhwkxtdr
HKLM\System\ControlSet012\Enum\Root\LEGACY_bhwkxtdr
HKLM\System\CurrentControlSet\Services\bhwkxtdr
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_bhwkxtdr
C:\PROGRAM FILES\COMMON FILES\PARETOLOGIC\UUS2\UUS.DLL

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1329060044-2143088942-1739356187-1006\SOFTWARE\FunWebProducts
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

Adware.Flash Tracking Cookie
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\SERVING-SYS.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\IMG-CDN.MEDIAPLEX.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\MEDIA1.CLUBPENGUIN.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\VIRGINMEDIA.A.MMS.MAVENAPPS.NET
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\NAIADSYSTEMS.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\WWW.NAIADSYSTEMS.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\S0.2MDN.NET

Rogue.Agent/Gen
HKLM\SOFTWARE\02356420
HKLM\SOFTWARE\02356420#FirstRun

Adware.Tracking Cookie
atdmt.com [ C:\Documents and Settings\JODIE\Application Data\Macromedia\Flash Player\#SharedObjects\5T877HEB ]
m.uk.2mdn.net [ C:\Documents and Settings\JODIE\Application Data\Macromedia\Flash Player\#SharedObjects\5T877HEB ]
m1.2mdn.net [ C:\Documents and Settings\JODIE\Application Data\Macromedia\Flash Player\#SharedObjects\5T877HEB ]
media.tattomedia.com [ C:\Documents and Settings\JODIE\Application Data\Macromedia\Flash Player\#SharedObjects\5T877HEB ]
spe.atdmt.com [ C:\Documents and Settings\JODIE\Application Data\Macromedia\Flash Player\#SharedObjects\5T877HEB ]
virginmedia.a.mms.mavenapps.net [ C:\Documents and Settings\JODIE\Application Data\Macromedia\Flash Player\#SharedObjects\5T877HEB ]
www.opt-in-media.net [ C:\Documents and Settings\JODIE\Application Data\Macromedia\Flash Player\#SharedObjects\5T877HEB ]
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wjloqkcjsko.stats.esomniture[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wmlykid5gdq.stats.esomniture[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wgk4uoczkgo.stats.esomniture[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@atoc.112.2o7[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@tracking.quisma[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@hesperia.112.2o7[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.clash-media[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@112.2o7[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@imrworldwide[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wfloalc5keq.stats.esomniture[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@adtrafficstats[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.inteletrack[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.googleadservices[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.googleadservices[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.googleadservices[3].txt
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wbkiwgcpccp.stats.esomniture[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@media.igasa[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@server.iad.liveperson[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.opt-in-media[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@server.iad.liveperson[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@ukbingotraffic.directtrack[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wglyuiazacp.stats.esomniture[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@at.atwola[3].txt
C:\Documents and Settings\JODIE\Cookies\jodie@at.atwola[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.virginmedia[3].txt
C:\Documents and Settings\JODIE\Cookies\jodie@premiumtv.122.2o7[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@directtrack[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@cms.trafficmp[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.virginmedia[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wjmisgczskp.stats.esomniture[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@paydayfinders.co[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@virginmedia[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@virginmedia[3].txt
C:\Documents and Settings\JODIE\Cookies\jodie@viacom.adbureau[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@partygaming.122.2o7[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@paypal.112.2o7[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@login.tracktor.co[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@media.mtvnservices[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@ad.zanox[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@adtrafficsolution[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@advertstream[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@allyours.virginmedia[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@content.yieldmanager[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@e-2dj6wgliooazsao.stats.esomniture[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@media6degrees[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@server.lon.liveperson[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@server.lon.liveperson[3].txt
C:\Documents and Settings\JODIE\Cookies\jodie@server.lon.liveperson[4].txt
C:\Documents and Settings\JODIE\Cookies\jodie@stats.paypal[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@track.webgains[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@tracking.summitmedia.co[1].txt
C:\Documents and Settings\JODIE\Cookies\jodie@videoegg.adbureau[2].txt
C:\Documents and Settings\JODIE\Cookies\jodie@www.football.virginmedia[1].txt
media.podaddies.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KB37ATCL ]
stat.easydate.biz [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KB37ATCL ]
atdmt.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
cdn.insights.gravity.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
cdn5.specificclick.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
cloud.video.unrulymedia.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
ec.atdmt.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
img-cdn.mediaplex.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
interclick.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
m.uk.2mdn.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
m1.2mdn.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
m1.emea.2mdn.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
media.mtvnservices.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
media.noob.us [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
media.tattomedia.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
media1.break.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
media1.clubpenguin.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
naiadsystems.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
objects.tremormedia.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
rmd.atdmt.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
s0.2mdn.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
serving-sys.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
spe.atdmt.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
static.2mdn.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
track.webgains.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
virginmedia.a.mms.mavenapps.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
www.naiadsystems.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
www.virginmedia.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]

Trojan.Agent/Gen-FraudPack
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2CDFBA3B-FF6B-459F-9AA2-782B94B4127E}\RP1042\A0387859.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2CDFBA3B-FF6B-459F-9AA2-782B94B4127E}\RP1043\A0388884.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2CDFBA3B-FF6B-459F-9AA2-782B94B4127E}\RP1043\A0388885.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2CDFBA3B-FF6B-459F-9AA2-782B94B4127E}\RP1043\A0388887.EXE


#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 15 June 2010 - 04:12 PM

How's your computer running now?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 16 June 2010 - 03:00 AM

Hi
Its still quite slow on start up takes a while before I can click to open the Internet page....Other than that though when im actually on the net I can now go from page to page quickly with no redirects etc!
Thanks very much thumbup.gif

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 16 June 2010 - 04:11 AM

Let's try another scan:

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 19 June 2010 - 02:57 AM

Hi my computers been a nightmare to use so sorry for the late reply....going to try the scan you suggested now I can finally get on here for 5, let you know how it goes asap, thanks smile.gif

#14 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 23 June 2010 - 01:12 PM

Hi sorry for the late reply have been away.....Heres the results for the ESET Scan:

C:\Documents and Settings\PAULY\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-3398f7b8 probably a variant of Win32/Agent trojan
C:\Documents and Settings\PAULY\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-103cf267 a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\PAULY\Application Data\Sun\Java\Deployment\cache\6.0\43\556445eb-55443329 probably a variant of Win32/Agent trojan
C:\Documents and Settings\PAULY\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-6da0a937 a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\PAULY\Application Data\Sun\Java\Deployment\cache\6.0\51\2abe6a73-2a787acc a variant of Java/TrojanDownloader.Agent.NAN trojan

Thanks smile.gif


#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 23 June 2010 - 04:20 PM

Download this file and save it to your desktop:

http://download.bleepingcomputer.com/grinler/rkill.scr

Double-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users