Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i want to know what type and how to deal


  • This topic is locked This topic is locked
24 replies to this topic

#1 imlicious

imlicious

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 26 June 2010 - 02:05 PM

hi i am having a problem when i try to search on any type of webpage, i.e yahoo, bing, google. when i search for anything the search comes up, but then i click on the links and it keeps redirecting me to this site, i wont mention the name b/c idk if you all will be affected by it. I have avg anti virus software, but its not helping. I am running off of windows xp and ie8. I want to know what type of virus is this and what can i do about it. thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:45 PM

Posted 26 June 2010 - 02:35 PM

Hi imlicious, we need a couple scans/ logs and see how itis after these.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe

alternate download link 1

alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 26 June 2010 - 03:09 PM

Hi thank you for rMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4244

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/26/2010 3:07:31 PM
mbam-log-2010-06-26 (15-07-31).txt

Scan type: Quick scan
Objects scanned: 132052
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\c4c37e06-70ba-48f8-8d48-b2e99aab4a1f_37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.56 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.56\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\teacher\Application Data\c4c37e06-70ba-48f8-8d48-b2e99aab4a1f_40.avi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
esponding, this is the log

#4 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 26 June 2010 - 11:55 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/26/2010 at 07:59 PM

Application Version : 4.39.1002

Core Rules Database Version : 5123
Trace Rules Database Version: 2935

Scan type : Complete Scan
Total Scan Time : 04:01:35

Memory items scanned : 237
Memory threats detected : 0
Registry items scanned : 5874
Registry threats detected : 0
File items scanned : 53248
File threats detected : 161

Adware.Flash Tracking Cookie
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\SERVING-SYS.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\BC.YOUPORN.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\STATIC.YOUPORN.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\CACHE.SPECIFICMEDIA.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\CLOUDFRONT.MEDIAMATTERS.ORG
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\IA.MEDIA-IMDB.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\MACROMEDIA.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\MEDIA.SUBWAYFRESHBUZZ.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\MEDIA.WFAA.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\MEDIA1.BREAK.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\MEDIAFORGEWS.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\MSNBCMEDIA.MSN.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\PIXIMEDIA.FR
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\POLLTRACKER.TALKINGPOINTSMEMO.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\INTERCLICK.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\CRACKLE.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\WWW.CRACKLE.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\EC.ATDMT.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\WWW.NAIADSYSTEMS.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\M1.2MDN.NET
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\STATIC.2MDN.NET
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\S.NCP.IMRWORLDWIDE.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\SECURE-US.IMRWORLDWIDE.COM
C:\Documents and Settings\teacher\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDGUP23P\CONTENT.ODDCAST.COM

Adware.Tracking Cookie
bc.youporn.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
cache.specificmedia.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
cdn-www.pornhub.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
cdn.media.soapnet.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
cdn4.specificclick.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
cdn5.specificclick.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
cloudfront.mediamatters.org [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
content.oddcast.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
core.insightexpressai.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
crackle.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
ec.atdmt.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
ia.media-imdb.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
interclick.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
m1.2mdn.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
m3.2mdn.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
macromedia.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media-macys2.pictela.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media.mtvnservices.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media.scanscout.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media.socialvibe.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media.subwayfreshbuzz.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media.wfaa.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media01.kyte.tv [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media1.break.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
media1.spinletslab.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
mediaforgews.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
mediaplex.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
msnbcmedia.msn.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
objects.tremormedia.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
piximedia.fr [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
polltracker.talkingpointsmemo.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
rmd.atdmt.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
s.ncp.imrworldwide.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
s0.2mdn.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
secure-us.imrworldwide.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
serving-sys.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
spe.atdmt.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
speed.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
static.2mdn.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
static.youporn.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
udn.specificclick.net [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
www.crackle.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
www.bleeptube.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
www.naiadsystems.com [ C:\Documents and Settings\teacher\Application Data\Macromedia\Flash Player\#SharedObjects\XDGUP23P ]
.www.trackoptimize.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.z.blogads.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.zanox.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.yieldmanager.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.oatracking.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.insightexpress.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.insightexpress.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.insightexpress.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.insightexpress.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.insightexpress.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.burstnet.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.burstnet.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.clickerpicker.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.clickmanage.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.clickmanage.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.burstbeacon.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.www.googleadservices.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.us.sitestat.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.us.sitestat.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.walmart.112.2o7.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.w3track.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.w3track.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.warnerbros.112.2o7.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.videoegg.adbureau.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.usatoday1.112.2o7.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.traveladvertising.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.timeinc.122.2o7.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.traffic.prod.cobaltgroup.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.tracking.publicidees.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.tracking.publicidees.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.tracking.publicidees.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.traveladvertising.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.tns-counter.ru [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.track.webbranddeals.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.track.webbranddeals.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\1n34ixd5.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.invitemedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.invitemedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.invitemedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.invitemedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.invitemedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.invitemedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.invitemedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.oasn04.247realmedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.oasn04.247realmedia.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.content.yieldmanager.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.content.yieldmanager.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.www.burstbeacon.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.www.burstnet.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]
.www.burstnet.com [ C:\Documents and Settings\teacher\Application Data\Mozilla\Firefox\Profiles\k5hpmdts.default\cookies.txt ]

Trojan.Agent/Gen-Dropper[Wrk]
C:\DOCUMENTS AND SETTINGS\TEACHER\LOCAL SETTINGS\TEMP\INSB8.TMP

#5 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 26 June 2010 - 11:57 PM

thanks so much for the help i have not tried to see if it worked yet but hopefully this info above can help you help me

#6 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 27 June 2010 - 12:45 AM

sorry to write again but i have tried and it is getting worse than before. I dont know why i cannot open mail or look at videos or photos. help please

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:45 PM

Posted 27 June 2010 - 01:02 PM

Hi,, Please run TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Now ESET online scan
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 27 June 2010 - 02:42 PM

This is from the tdsskiller
14:40:42:015 2328 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:40:42:015 2328 ================================================================================
14:40:42:015 2328 SystemInfo:

14:40:42:015 2328 OS Version: 5.1.2600 ServicePack: 3.0
14:40:42:015 2328 Product type: Workstation
14:40:42:015 2328 ComputerName: S96F-IMG
14:40:42:015 2328 UserName: teacher
14:40:42:015 2328 Windows directory: C:\WINDOWS
14:40:42:015 2328 Processor architecture: Intel x86
14:40:42:015 2328 Number of processors: 2
14:40:42:015 2328 Page size: 0x1000
14:40:42:015 2328 Boot type: Normal boot
14:40:42:015 2328 ================================================================================
14:40:42:156 2328 Initialize success
14:40:42:156 2328
14:40:42:156 2328 Scanning Services ...
14:40:42:640 2328 Raw services enum returned 335 services
14:40:42:640 2328
14:40:42:640 2328 Scanning Drivers ...
14:40:43:453 2328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:40:43:593 2328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:40:43:687 2328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:40:43:828 2328 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:40:43:890 2328 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:40:44:109 2328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:40:44:156 2328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:40:44:265 2328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:40:44:375 2328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:40:44:453 2328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:40:44:546 2328 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:40:44:687 2328 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:40:44:734 2328 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys
14:40:44:843 2328 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
14:40:44:968 2328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:40:45:093 2328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:40:45:296 2328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:40:45:375 2328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:40:45:515 2328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:40:45:625 2328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:40:45:750 2328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:40:45:812 2328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:40:45:890 2328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:40:45:984 2328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:40:46:093 2328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:40:46:187 2328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:40:46:281 2328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:40:46:343 2328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:40:46:421 2328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:40:46:515 2328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:40:46:593 2328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:40:46:734 2328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:40:46:875 2328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:40:47:000 2328 FTDIBUS (782f67cfc6c362257916bbb50bc55de9) C:\WINDOWS\system32\drivers\ftdibus.sys
14:40:47:093 2328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:40:47:250 2328 FTSER2K (4a995111f44cd6f35775865903f4f41e) C:\WINDOWS\system32\drivers\ftser2k.sys
14:40:47:312 2328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:40:47:453 2328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:40:47:687 2328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:40:47:937 2328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:40:48:078 2328 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:40:48:234 2328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:40:48:703 2328 IntcAzAudAddService (a575138ad572c12cffa122b89a382b7e) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:40:48:875 2328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:40:48:968 2328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:40:49:015 2328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:40:49:078 2328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:40:49:234 2328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:40:49:265 2328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:40:49:406 2328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:40:49:468 2328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:40:49:484 2328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:40:49:609 2328 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:40:49:781 2328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:40:49:921 2328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:40:50:046 2328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:40:50:171 2328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:40:50:281 2328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:40:50:359 2328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:40:50:484 2328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:40:50:640 2328 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:40:50:734 2328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:40:50:812 2328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:40:50:859 2328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:40:50:890 2328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:40:50:968 2328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:40:51:046 2328 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
14:40:51:187 2328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:40:51:234 2328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:40:51:375 2328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:40:51:500 2328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:40:51:656 2328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:40:51:890 2328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:40:52:125 2328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:40:52:453 2328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:40:53:093 2328 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
14:40:53:250 2328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:40:53:281 2328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:40:53:453 2328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:40:53:531 2328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:40:53:687 2328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:40:53:718 2328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:40:53:781 2328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:40:53:937 2328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:40:54:015 2328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:40:54:156 2328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:40:54:265 2328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:40:54:453 2328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:40:54:531 2328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:40:54:765 2328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:40:54:859 2328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:40:54:921 2328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:40:55:000 2328 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:40:55:234 2328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:40:55:312 2328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:40:55:421 2328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:40:55:500 2328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:40:55:640 2328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:40:55:734 2328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:40:55:875 2328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:40:55:953 2328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:40:56:078 2328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:40:56:218 2328 rimmptsk (b6e686aab08bc276d0000293f9fba0bb) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:40:56:296 2328 rimsptsk (bcff51e0be86d6f0e2180e5142203527) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
14:40:56:453 2328 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:40:56:625 2328 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:40:56:734 2328 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:40:56:953 2328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:40:57:031 2328 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:40:57:156 2328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:40:57:296 2328 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:40:57:390 2328 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:40:57:484 2328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:40:57:890 2328 smserial (ce2e9d6b8c26c38779581cff1f14b65b) C:\WINDOWS\system32\DRIVERS\smserial.sys
14:40:58:046 2328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:40:58:156 2328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:40:58:281 2328 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:40:58:437 2328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:40:58:500 2328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:40:58:859 2328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:40:59:015 2328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:40:59:156 2328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:40:59:265 2328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:40:59:390 2328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:40:59:531 2328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:40:59:718 2328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:40:59:875 2328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:40:59:968 2328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:41:00:171 2328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:41:00:281 2328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:41:00:468 2328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:41:00:515 2328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:41:00:765 2328 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
14:41:00:906 2328 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
14:41:00:984 2328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:41:01:156 2328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:41:01:312 2328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:41:01:453 2328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:41:01:546 2328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:41:01:546 2328
14:41:01:546 2328 Completed
14:41:01:546 2328
14:41:01:546 2328 Results:
14:41:01:562 2328 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:41:01:562 2328 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:41:01:562 2328
14:41:01:562 2328 KLMD(ARK) unloaded successfully

#9 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 27 June 2010 - 02:47 PM

As for the eset scanner the computer wont let me download anything, i click the link and it will not open, same for my emails, same for videos, i cant see any videos at all. and it is still redirecting me to the same site about traffic udates. its always this site and no other, and i have blocked it but the url comes up and just a blank page

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:45 PM

Posted 27 June 2010 - 04:12 PM

Man! something is in here deep..

We are giong to have to mive to the Malware Removal Forum.

We need to at least try to run DDS and post that log there.. Let'sun these first then move thru the guide ...
You may need to download all these to a USB flash drive or CD and run from there.

First try to run these and see if you can download.
>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

^^

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 27 June 2010 - 04:37 PM

hey ok the defogger did not ask me to reboot so do i just keep following the steps

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:45 PM

Posted 27 June 2010 - 04:47 PM

Ok, that's it we need at least the DDS log here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 27 June 2010 - 04:52 PM

Ok, that's it we need at least the DDS log here.

ok i downloaded but see no sign of its scan i have no script blocking i dnt think at least i seen the black box but thats as far as ive gotten so far

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:45 PM

Posted 27 June 2010 - 04:59 PM

Try it several times ... Sometimes it needs to kill a few one at a time to break thru.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 imlicious

imlicious
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:45 PM

Posted 27 June 2010 - 05:15 PM

how do i know whether or not its trying to break through as oppossed to being blocked b/c its a script and how would i know if its being blocked? sorry for being so bothersome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users