I’ve had a few viruses, malware, and everything on my computer recently. They completely took down my AVG system to where is it a useless icon that will not update, scan or uninstall. (It tells me that I do not have the authority. hum?)
The problem that is bothering me is that I will search for example, “eggs” and I’ll get results for “toast”. Kinda related but not really. I use google search. I still have the AVG toolbar. Once I hit enter in the search it takes me to the results of a different search engine like “info.com”. This will also happen if I click on an item in my favorites. It happens too when I directly type the address in on the address bar.
I’ve noticed that this is happening at my in laws house and my mothers as well as mine. Is this a common problem going around or is it a common virus that is going around? (We have all 3 recently been attacked by the personal antivirus ■■■■ but I thought I got rid of it.)
I tried to run hijack this. It got 2 seconds into it and quit. I now get an error message saying that I do not have assess or permission to run this program.
and I guess you’re having some windows pop-ups telling you that your system is being infected also no ?
well, I do think that you’re (still) infected with a rogue/malware. Please try What to do if you’re infected - eXPerience Rev.3.
After you are finished, please provide us with the A-Squared and HijackThis logs and the name(s) of the found virus(es).
This will give us the information we need to help you further, if needed.
Ran Super Antispyware just fine. It found Adware tracking cookies, Rootkit Agent/Gen, Trogan. Agent/Gen, Trogen.Agent/Gen-Dropper[UAC], and Rootkit.Agent/Gen-Rustock[KBI] deleted all of these.
Tried to run Malware Bytes and got error message:
Windows cannot access the specified device, path, or file. You may not have permissions to access the item.
Ran A-squared. Attached the log.
Tried to run Hijack this but got the same message that I got for Malware Bytes.
A squared log:
a-squared Free - Version 4.5
Last update: 9/24/2009 5:16:35 PM
Scan settings:
Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 9/24/2009 5:18:43 PM
c:\documents and settings\owner\start menu\programs\quad utilities detected: Trace.Directory.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_USERS\S-1-5-21-1343024091-484763869-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run → QUAD Windows service detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → CUSTOMERZONE_LINK detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → hwnd detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → JOIN_LINK detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → Language detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → Scheduler_State detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → SUPPORT_LINK detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → update_auto_check detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 → update_promt_user detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2\Links → 1 detected: Trace.Registry.QUAD Registry Cleaner v.1.5!A2
C:\Documents and Settings\Owner\Cookies\owner@adsremote.scrippsnetworks[1].txt detected: Trace.TrackingCookie.adsremote!A2
C:\Documents and Settings\Owner\Cookies\owner@comedycentral[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Owner\Cookies\owner@community.adobe[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Owner\Cookies\owner@community.adobe[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Owner\Cookies\owner@www.comedycentral[2].txt detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1214051611250006 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1216352050307750 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1216352050323375 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1217364669494960 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1219098733484375 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1219255244879899 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1219255245348713 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1221600479997482 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1222352636031251 detected: Trace.TrackingCookie.demr.opt.fimserve.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1223066214705785 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1227282040052211 detected: Trace.TrackingCookie.roia.biz!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1227282040052212 detected: Trace.TrackingCookie.roia.biz!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1227619482216945 detected: Trace.TrackingCookie.roia.biz!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1227718927765290 detected: Trace.TrackingCookie.ads.cnn.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1228078745676467 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1229875432551849 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1230048614722907 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233012632758074 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233884364126991 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233884364845741 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233884364908241 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233884369720742 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233884369720743 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233884369923867 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1233884369923868 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1235701131699088 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1237038339589376 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1237233333199037 detected: Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1238044104903333 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1238044104934585 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1240848915590750 detected: Trace.TrackingCookie.metrics.mms.mavenapps.net!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1242812209123319 detected: Trace.TrackingCookie.websponsors.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1242812209123320 detected: Trace.TrackingCookie.websponsors.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1242826686813250 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1243019366484375 detected: Trace.TrackingCookie.adsremote!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244743963937500 detected: Trace.TrackingCookie.lycos.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244743966687500 detected: Trace.TrackingCookie.lycos.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244744036500000 detected: Trace.TrackingCookie.lycos.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869866828126 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869868640625 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869868640627 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869896453126 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869896453128 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869897171877 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869897171879 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869897437503 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869897453125 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869897812504 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869897812506 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869955687505 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869955687507 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869956687506 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869956687508 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869957265632 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869957265634 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869958437509 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869973703134 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869973703136 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869974156260 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869974156262 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869975078136 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869975078138 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869975609387 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244869975609389 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244870111968763 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244870111968765 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244870112578139 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244870112578141 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244870114078139 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1244906426750004 detected: Trace.TrackingCookie.www.buy!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842702717282 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842735139348 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842736061230 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842736623752 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842796874139 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842797499144 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842798030397 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246842798452274 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1246970418430500 detected: Trace.TrackingCookie.demr.opt.fimserve.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247306673590500 detected: Trace.TrackingCookie.demr.opt.fimserve.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247497834051895 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247498031208143 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247498031895645 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247498031895647 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247498048676896 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247498049223771 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1247498049598769 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1248454694751125 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1249796299088274 detected: Trace.TrackingCookie.ecnext.advertserve.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1249860586473875 detected: Trace.TrackingCookie.redirect.clickshield.net!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1250874140109375 detected: Trace.TrackingCookie.www.primosearch.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1250990566765625 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1251189462046875 detected: Trace.TrackingCookie.demr.opt.fimserve.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1251274575781250 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1251311618546876 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1251644805765625 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1251781224265625 detected: Trace.TrackingCookie.roia.biz!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252066217265626 detected: Trace.TrackingCookie.ar.atwola.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252113850140625 detected: Trace.TrackingCookie.www.burstbeacon.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252547373375001 detected: Trace.TrackingCookie.am1.activemeter.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252720736859375 detected: Trace.TrackingCookie.www.buy!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252720738093750 detected: Trace.TrackingCookie.www.buy!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252888504718750 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252962506078126 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1252987070703126 detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253019138484379 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253019139921875 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253137455234375 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253137455234376 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253140679328125 detected: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253206251421875 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253223240421875 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253320278382456 detected: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253323048116831 detected: Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253323048273081 detected: Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253458019508500 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253479709227250 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253479709227251 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253609085656538 detected: Trace.TrackingCookie.roia.biz!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253663020826374 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253663020826375 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253663020826376 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253663020826377 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253663020826378 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253718432726375 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253805883484375 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253805883562501 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253805887234375 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253805887250000 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253805887281250 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\cookies.sqlite:1253823660171875 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ck0j57to.default\Cache\848CAF17d01 detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\PCBoosterSetup.exe/reimageBooster.exe detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\PCBoosterSetup.exe/REI_Booster.exe detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\PCBoosterSetup.exe/PostRebootExecuter.exe detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\ReimagePackage.exe/reimageBooster.exe detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\ReimagePackage.exe/REI_Booster.exe detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\ReimagePackage.exe/PostRebootExecuter.exe detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\ReimagePackage.exe/gui.css detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\Local Settings\Temp\ReimagePackage.exe/ReiFTPWatchDog.exe detected: Fraudtool.Win32.Reimage!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\Microsoft Serials.exe detected: Email-Worm.Win32.Generic!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\Text Files\Windows Longhorn Build 4074 Tweak Guide.mht detected: Win32.SuspectCrc!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\Win2K3 VLK KeyGen.exe detected: Riskware.Keygen.MS!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\Windows XP CD Key and Product ID Changer.rar/Windows XP CD Key and Product ID Changer.exe detected: Riskware.Hacktool.Win32.WXP-PID-changer!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\Windows Xp Genuine Forever (100%).rar/RemoveWGA.exe detected: Riskware.Risktool.RemoveWGA!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\Windows XP SP1a KeyGen.exe detected: Riskware.Keygen.MS!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\WinXP Corp. Key Changer.exe detected: Riskware.HackTool.XPKey!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads(app) windows xp KeyGens & Cracks & Appz\WinXP_RA.exe detected: Win32.SuspectCrc!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads\Guitar_Pro_5.1_Retail +keygen\keygen.exe detected: Riskware.Keygen.Guitar!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads\PowerISO v3.5 + Keygen\PowerISO v3.5 KEYGEN.exe detected: Riskware.Keygen.PowerISO!IK
C:\Documents and Settings\Owner\My Documents\Stuff\BitTorrent Downloads\Windows XP SP2 Professional CD FULLY WORKING DON’T HAVE TO CALL MICROSOFT to activate!\Program Needed to run the .daa file in the torrent\keygen.exe detected: Riskware.Hacktool.Keygen.brainmain!IK
C:\RECYCLER\S-1-5-21-1343024091-484763869-725345543-1003\Dc762.exe detected: Generic.HorstBased!IK
C:\RECYCLER\S-1-5-21-1343024091-484763869-725345543-1003\Dc773.exe detected: Fraudtool.Win32.Reimage!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP700\A0080218.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP703\A0080492.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP706\A0080840.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP708\A0081073.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP708\A0081089.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP708\A0081103.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP719\A0082445.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP719\A0082453.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP719\A0082484.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP722\A0082700.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP723\A0083020.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP724\A0083047.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP724\A0083051.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP730\A0084144.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP730\A0084252.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP730\A0084258.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP730\A0084360.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP731\A0084373.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP744\A0086369.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP746\A0086595.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP752\A0086943.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP752\A0086951.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP752\A0086958.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP752\A0086967.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP754\A0087183.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP754\A0087189.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP755\A0087202.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\System Volume Information_restore{3805928D-2765-4CCE-8213-7F77C6CC4394}\RP756\A0087216.sys:1 detected: Trojan.WinNT.Sirefef!IK
C:\WINDOWS\CouponPrinter.ocx detected: Riskware.AdWare.Win32.BHO!IK
My ex boyfriend “set up” my computer up and I really have no clue what he did. All I know is I paid $1,000 for my computer and it didn’t work until he messed with it. So I didn’t ask questions. In fact he was the type to put a keylogger or screen captures on my computer. (He is an ex for a reason.) Let me know if something looks weird.
I attached the log. The computer is running really slow today. I’m going to try to run the scans in safe mode that I couldn’t do yesterday. I tried doing that a few days ago and it would not go into safe mode. I’ll try it again now.
They did not work in safe mode either. I ran the Advanced System Cleaner in regular mode. It scanned, I clicked on repair. Seemed to fix everything. I went to diagnose, it scanned then it turned off. I can not get back in, I get the same error message. I did notice that it picked up a lot of problems under “diagnose” before it crashed.
So what now? Is there a way to rename hijack this so it isn’t a .exe & it still work? It seems like my biggest problem is I might get a 1 shot deal with an antispyware program before it figures it out. How do you get around that?
Try renaming hijackthis.exe to anything.exe. That may help sometimes.
Another way to go would be using the Dr Web’s Live CD. This is a CD you boot from which holds a mini OS and the Dr Web virus scanner. Since it works outside Windows it is more capable of getting malware.
First step is to download the ISO image of the Live CD from here: http://www.freedrweb.com/livecd/ . Then use a burn program to burn the ISO image to a CD.
Next step is to reboot the computer with the CD in your CD/DVD drive and see if it boots from the CD. When it doesn’t you will need some help to change the boot order of your system. Asking a computer savvy neighbour may work.
Otherwise we can instruct from a distance. To help you with this we then need to know the manufacturer and make of the motherboard of your system. To determine this you can use the freeware analysis program SIW: Thank you for downloading SIW Trial .
I tried to boot up using the disc I made with Dr Web but like you stated, it didn’t start up with the disc it just went on as normal. So I do need help changing the boot order. As scary as it sounds, I’m the only computer savvy person I know. I’m the one that my relatives and friends usually come to for help. (haha) AND now I’m coming to you, please help me.
To get it to boot from cd I thought I would only have to hit F10 at startup and click on boot from cd, but when I did that it started up normally. Is that not how I should do it?
Also, when I copied that program to the disc I chose the option, “Open writable cd folder using Windows Explorer”. Should I not use that and use a cd burning program like “deep burner” instead? I think that is the only other one I have other than “real player” or “jet audio”.
The ISO image provided by Dr Web is bootable. Assuming it was properly burned the CD should boot. Important for now is to change the boot order and see what happens.
A common button to enter the BIOS is the delete button. Start tapping it when the computer starts until you get in the BIOS screen. Look for the option to change the boot order. Let us know if that is enough information or not.
I managed to get it to boot from the cd earlier today. It scanned to about 70% then the screen went black and the hard drive stopped making any sounds for a long time. After waiting forever for any sounds or signs of life and nothing happening, I eventually turned it off by holding down the power button. Before it died I made note that 3 songs in my MP3 file came up on the scan as having a trojan attached to them. I went in and deleted them.
I’m going to try to run it again maybe this time it will make it all the way through.
I’ll keep you all updated. Thank you so very much for your help!
Ok…I’ve tried it several times now and every time it gets hung up on Quicken deluxe. I didn’t know I even had quicken. I don’t use it. I’m going to try to uninstall it because I definitely will not use it. Then I’ll try it again tonight. I’ll let you all know.
This looks like has something to do with AVG, right? AVG isn’t working correctly. It will not update or scan when scheduled. The only way to make it scan is to download the program again and hit scan. I have tried to uninstall AVG but I get an error message every time and I have tried everything I can think of to uninstall it. One more thing is that when I pull up the quarantined items in AVG it gives me an error message and exits out. Do you think the virus is trapped in there but still doing a job to my computer?
OMG that ■■■■ with the heur thing sucks !!! I have went days now without a computer and I almost gave up and went shopping. Thank God I stumbled on that thread. My computer is still slow but not like it was. I’m going to try the pc live service now. Thanks!
I tried one more thing before I went to the pc live… Bit defender
I had to update my IE also before I scanned, so that might have helped too.
It found:
Generic.HorstBased.6A562A6B 1
Trojan.Generic.2450059 31
Backdoor.Generic.95440 2
These were all in the C:\SystemVolumeInfo_restore.etc…
Does this mean anything to anyone? It claims to have deleted these files. (I just know how those boogars like to come back!)
BUT as of right now, my internet is going to the correct sites and everything seems to be back to normal.
To get rid off them you can open the System Restore folders. Follow How to gain access to the System Volume Information folder from the Microsoft Knowledge base. Now your security programs can clean the malware in the System Restore folders as well.
I think Bit defender got the rest of the viruses that time. I went online with the Comodo PC online help and Sean fixed it to where my antiviruses weren’t locking me out and got AVG off. I really think that reinstalling IE solved the url problem.
So you can close this thread right on up, I’m all fixed! ;D Thank you all for your help and patience with me!
