Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of this Trojan Virus, if you can please help


  • Please log in to reply
16 replies to this topic

#1 Savannah0410

Savannah0410

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 07 August 2010 - 06:48 PM

This past week my computer has been painfully slow. I checked my Norton idle scan log and it shows that there was a Trojan Horse and a Downloader detected by the Norton virus scanner on 7/11, 7/27 and lastly on 8/5 . Norton says it was quarantined and resolved and that no action is needed. This is definitely not the case. I scanned with Malewarebytes right after I realized it had picked up those two things and that scan came up clean. I thought it was going to be okay but every time I boot up the computer it's so slow. I can't open anything, programs stop responding and ultimately I have to wait forever for it to unlock or restart. I tried scanning with Super Anti Spyware for another opinion and that showed tracking cookies and a Windows Police Pro virus. It quarantined all of those and I thought it was finally over. It still isn't fixed. Last night Norton performed a full system scan and now found 6 virus threats, it doesn't give any specific information as to what the viruses are, because it was found during a full system idle scan. It says that those threats were resolved. I don't know what to do. Obviously there is still something there and it keeps saying it's resolved yet my computer still is not functioning correctly. If you could give me advice on what to try next. I am sorry if I left out any information or if this thread is to long. I am trying to be specific as possible and hoping that someone can help me. I am just afraid this is never going to end. Thanks in advance.

Edited to add I am running Windows XP

Edited by Savannah0410, 07 August 2010 - 06:49 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 AM

Posted 08 August 2010 - 04:43 PM

Hi,let's try turning off Norton and doing an online scan. Then turn it back on.

ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Savannah0410

Savannah0410
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 08 August 2010 - 08:52 PM

Hi,let's try turning off Norton and doing an online scan. Then turn it back on.

ESET

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.



Thank you for the reply. I just have two questions before I begin. Is it okay to keep this window ( mybleepingcomputer) open while the Eset is running? My second question is about Normal Mode...that would be how it is when I turn my computer on? As in not booting into Safe Mode? So for both scans I am not going into any other mode? I am definitely far from tech savvy. Thanks =)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 AM

Posted 08 August 2010 - 09:10 PM

It's OK. Run both in normal. Use Internet Explorer for ESET if you can.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Savannah0410

Savannah0410
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 08 August 2010 - 10:21 PM

It's OK. Run both in normal. Use Internet Explorer for ESET if you can.



Here are the results from the scan

C:\Documents and Settings\Local Settings\Temp\plugtmp-33\plugin-mgzyw.pdf JS/Exploit.Pdfka.OCB trojan



I was not sure if I was supposed to let that program remove it or not, you didn't specify that option to be checked so it was not removed. I then ran Eset scan over again with that option checked because I was afraid I didn't follow directions the first time. The second time it said that file was cleaned, but did not give me a log. I am hoping I did not do something I shouldn't have done and being the worrier that I am, I am now paranoid. I really appreciate your help.

Here is the malewarebytes log from the scan I just ran

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4408

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2010 1:52:23 AM
mbam-log-2010-08-09 (01-52-23).txt

Scan type: Quick scan
Objects scanned: 161526
Time elapsed: 28 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

Edited by Savannah0410, 09 August 2010 - 12:56 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 AM

Posted 09 August 2010 - 09:22 AM

If you still have an issue yhen run these.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Savannah0410

Savannah0410
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 August 2010 - 08:15 PM

Sorry it takes me so long to do anything. I just got home from work but now I am going to follow the instructions for the next two. My computer is still slow for the first maybe ten minutes after it starts up. It boots up fine and loads everything on desktop fast but once I try to do anything on it, it still hangs or stops responding. Norton flags that ATF Cleaner as a site with threats on it. It is safe to use, right? I am unable to access Safe Mode so I will have to do it in Normal Mode.

Edited by Savannah0410, 09 August 2010 - 08:35 PM.


#8 Savannah0410

Savannah0410
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 August 2010 - 10:07 PM

Here is my latest Super scan log ( after I used the ATF Cleaner)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2010 at 11:12 PM

Application Version : 4.41.1000

Core Rules Database Version : 5340
Trace Rules Database Version: 3152

Scan type : Complete Scan
Total Scan Time : 01:11:42

Memory items scanned : 535
Memory threats detected : 0
Registry items scanned : 6027
Registry threats detected : 0
File items scanned : 72559
File threats detected : 116

Adware.Tracking Cookie
core.insightexpressai.com [ C:\Documents and Settings\Application Data\Macromedia\Flash Player\#SharedObjects\3PU9PX78 ]
.collective-media.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.wegmansfoods.112.2o7.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.walmart.112.2o7.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.ehg-eset.hitbox.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
pixel.invitemedia.com [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\sskfrcmo.default\cookies.sqlite ]


Should I uninstall that ATF Cleaner?

Edited by Savannah0410, 09 August 2010 - 10:22 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 AM

Posted 09 August 2010 - 10:32 PM

Norton is a PITA.. LOL uninstall ATF if you want. Every program I or any Staff of BC recommends is safe and tested.
It would be good to know if safe mode will work or we have other problems.

SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2010-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Savannah0410

Savannah0410
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 August 2010 - 11:19 PM

You are a genius!! I did the repair the safebootkey and tested it out. It worked!! I was able to boot into safe mode but I didn't download that Norman Maleware cleaner first because I thought with the luck I am having it wouldn't work. I just noticed that on the Norman link it says that tool will not work in safe mode?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 AM

Posted 09 August 2010 - 11:29 PM

Ok cool an Update ...I will change the canned .. Run it in normal.
You can rerun SUPER in safe if you want.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Savannah0410

Savannah0410
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 August 2010 - 10:12 PM

I haven't done the last scan yet because I thought my computer was fixed and I was going to give it a day to be sure. However I have noticed that when my computer is at it's slowest ( right after it boots up and loads desktop) and things won't respond that when I bring up Task Mgr- Wuauclt.exe and one instance of Svchost.exe both keep climbing higher and higher around 100,000k until everything freezes up....My cpu doesn't really get that high but I am pretty sure that's part of my lagging problem. Do you think that is a virus or just an issue with the Wuauclt/ Svchost? I hit end process of Wuauclt in task mgr and right after it ended, my computer was working as normal.

Edited by Savannah0410, 10 August 2010 - 10:45 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 AM

Posted 10 August 2010 - 10:44 PM

The wuauclt.exe file is located in the folder C:\Windows\System32. In other cases, wuauclt.exe is malware.
do a search for wuauclt.exe

Windows Update AutoUpdate Client. This is a background process which checks with the Microsoft website for updates to the operating system. It shows up on the Task Manager's processes list when it is waiting for a response, such as to confirm permission to download an update.

Do you have al service Packs installed?

Run Norman as it may find and clean it if it is malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Savannah0410

Savannah0410
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 August 2010 - 10:53 PM

Thanks for the quick reply! When I search my computer I have one Wuauclt.exe-399A8E72.pf in C:\windows\prefetch
one in C:\windows\system32 and one in C:\windows/ServicePackFiles\

I believe I have windows service pack 3 installed

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 AM

Posted 10 August 2010 - 11:01 PM

You're welcome, this may get it now. But I have to go until tomorrow.
please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users