Jump to content

Frustrated1893

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Frustrated1893
    Thanks for all the information. I've attached a copy of the log from the scan. I'm not sure if I have the right version of java - Think so but I was working off a printed copy of your email and didn't see you had a link. I tried to find the correct version and ended up going to the java sight and downloading and uninstalled past versions - however I noticed a number of java issues on the log. I can go back and use the link and information you provided - let me know what you think. K eset0616.txt
  2. Frustrated1893
    I'm sorry. I thought I emailed the resolution. The last fix worked and I attached the log. Thank you so much....a huge relief to give me control again of my homepage. log 6212.txt
  3. Frustrated1893
    OK. Here is the report.....It's pretty long. log 6112.txt
  4. Frustrated1893
    Sorry it took me so long to get back to you. I'm attaching the two reports from the DDS.scr scan. dds 6112.txt attach 6112.txt
  5. Frustrated1893
    I'm not an AOL customer and never agreed to any AOL products but somehow my homepage and browser were changed. I deleted AOL from browser options and selected Google and that works. However when I go to an address I want as my homepage and go to the House on the right it says http://www.aol.com/?...usaolp00000015. It just will take me to that page and not let me change it at all. I ran a quick scan with the updated Malwarebytes and found 0 issues. I attached the homepage source because it was too long for the post. I really appreciate the help!! Thanks, K
  6. Frustrated1893
    OK Mr. C, It appears all is clear. Hopefully I won't experience any additional problems. I've attached the last two reports from the scans MBAM and TDSSKiller. Unless you have any additional feedback for me then we'll assume every thing is fixed. Appreciate your help! Thanks. Karen mbam_log_2010_10_20__18_02_10_.txt TDSSKiller.2.4.4.0_20.10.2010_18.03.46_log.txt
  7. Frustrated1893
    It appears we might be making some progress. In between everything I was searching on Google and didn't get any redirects yet.....but that's happened before and it seems to start up again from ......... somewhere. copied the CFScript.txt and dragged to ComboFix.exe Attached is the report. Thanks again for your help! Karen ComboFix.txt
  8. Frustrated1893
    Thanks so much for all your help and suggestions!! I downloaded TDSSKiller and ran. Nothing reported. See attachment. I downloaded and ran ComboFix - have no idea what the report says or next steps. See attachment. One other question - I also have an F (hard drive) which I store lots of stuff on. Should I perform same steps on the F drive? i.e. save the TDSSKiller and ComboFix directly to the F drive. Karen TDSSKiller.2.4.4.0_20.10.2010_09.06.48_log.txt ComboFix.txt
  9. Frustrated1893
    I'm constantly on the internet and have been for years never had a problem until recently. First I had the Microsoft Security Virus which completely locked up my computer. That was resolved with your software. Now I have an issue with google redirects. It doesn't seem to happen all the time but once it starts is seems like everything gets redirects to some random ads or sites. I updated software which I've been doing regularly now ran a full scan the other day and a quick scan today. NOTHING DETECTED! See reports below. I've been reading alot of the forum submissions and it sounds like there are a number of next steps but there are many warnings. I have no idea what I'm looking for or at and need some help PLEASE! Also when I start up my computer I seem to be receiving this message in my desktop notepad - opens 2 copies every time I turn on the computer. [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4885 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 10/19/2010 4:30:25 PM mbam-log-2010-10-19 (16-30-25).txt Scan type: Quick scan Objects scanned: 154750 Time elapsed: 11 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) __________________________________________ HERE is the most recent log that detected anything Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4817 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 10/14/2010 5:57:08 AM mbam-log-2010-10-14 (05-57-08).txt Scan type: Full scan (C:\|) Objects scanned: 273720 Time elapsed: 1 hour(s), 30 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\dldodrs32.dll (Trojan.Tracur) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{007adc0c-020b-45be-936d-9779ecce4b91} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{007adc0c-020b-45be-936d-9779ecce4b91} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{007adc0c-020b-45be-936d-9779ecce4b91} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Karen Galena\Application Data\SysWin (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\dldodrs32.dll (Trojan.Tracur) -> Delete on reboot. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP781\A0112847.exe (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Documents and Settings\Karen Galena\Application Data\asdsada.bat (Malware.Trace) -> Quarantined and deleted successfully. _____________________________________________________________________ Here is the log from the scan that removed the Microsoft Security Virus Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4791 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 10/10/2010 12:54:19 PM mbam-log-2010-10-10 (12-54-19).txt Scan type: Quick scan Objects scanned: 151164 Time elapsed: 13 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 38 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\bthserv32.dll (Trojan.Tracur) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c85eb5fa982 (Trojan.Tracur) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a10c4948-b8b3-bcec-7870-ef688f177b89} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a10c4948-b8b3-bcec-7870-ef688f177b89} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a10c4948-b8b3-bcec-7870-ef688f177b89} (Trojan.Tracur) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Worm.Prolaco) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\bthserv32.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\bthserv32.dll -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\bthserv32.dll (Trojan.Tracur) -> Delete on reboot. C:\WINDOWS\system32\AE.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cryptdlg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\F7.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\11.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\118.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\12.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\125.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\137.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\145.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\14E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\160.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\194.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\19E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\1F2.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\CddbFileTaggerRoxio32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dldocaps32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dldoinsb32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\B7.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\27B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\2B9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\2D9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\2E3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3CC.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3D0.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3DD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\441.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\4CB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\55.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\56A.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\5E9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\69.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\6C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\A6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Documents and Settings\Karen Galena\Local Settings\Temp\19.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Documents and Settings\Karen Galena\Application Data\SysWin\lsass.exe (Worm.Prolaco) -> Delete on reboot. ________________________________________________________
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.