Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected so now what


  • This topic is locked This topic is locked
15 replies to this topic

#1 pattat11

pattat11

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 29 July 2011 - 10:18 PM

I'm running windowes XP professional.
I'm with comcast and have norton but this one got through with no warning or anything.
I can not open and of my programs in normal mode and only in safe mode do I have access.
Restore to factory defaultss is out of the question since I have no disks.
I started out with system restore, no luck, I have a malware program and found 170 the first scan and 31 the second scan.
Norton shows nothing except a sonar something is not working...
The virus looks real with windows shield and all but I know its not the real deal.
Can anyone help me get rid of this thing...I'm intermediate here so I may be able to help you help me if you are patient and give good direction.

Patti

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 PM

Posted 29 July 2011 - 10:39 PM

Hi pattat11,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

Try following these instructions: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

Please post the latest Malwarebytes log in your reply. How's your computer running now?

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#3 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 30 July 2011 - 05:40 AM

Hello Jason.


Thank you for your quick reply.
I have something to do this morning but will be able to get on my lap top later to print these instructions.
Will I be able to do what I need to do in safe mode since nothing launches in normal.
I'm also getting hit with pop ups here in safe mode...
not sure how i got this thing since comacast had been pretty good about giving warnings of possible virus etc... In fact it was a comcast email that I seen on my ipod that alerted me, I immediatly called home and told them to not use the computer till I look at it and thats when I seen the windos shield and the fake warnings that I'd been hacked and that my identity was stolen etc...
Well before I ask too many questions and annoy you I'll stop here and post the log that I
had from my malwarebytes.
I have this set to notify me so I will be sure to respond back wuickly to you as well.





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4182

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/29/2011 7:16:31 AM
mbam-log-2011-07-29 (07-16-31).txt

Scan type: Quick scan
Objects scanned: 194604
Time elapsed: 14 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 173
Registry Values Infected: 11
Registry Data Items Infected: 4
Folders Infected: 22
Files Infected: 129

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d298-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aaa9c380-e19a-4436-88f6-02942c31cc9e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aaa9c381-e19a-4436-88f6-02942c31cc9e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl.1 (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819ffe20-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819ffe21-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819ffe22-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ffdf636-0d87-4b33-b9e9-79a53f6e1dae} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417f-46b6-8751-a3a2b8345e1a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{db507187-9746-458c-97da-c458131eede7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858af6-42ad-4914-95d2-ac3ab0dc8e28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858af6-42ad-4914-95d2-ac3ab0dc8e28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.thirdpartyinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.thirdpartyinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\LocalService\Local Settings\Application Data\rdy.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbar.dll (Adware.Zugo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000327AD (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0009FFE0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000A2B35 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\16D99B54.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\16D99D67.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\16D99EBF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\16D9A026.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\16D9A47B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\16D9A602.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\42F9C7B3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\42F9CAEF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkez.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgs.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bklf.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkrg.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzc.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzl.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzn.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzq.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzu.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzv.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzw.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4b.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4c.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,757 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 PM

Posted 30 July 2011 - 06:18 AM

Your Malwarebytes Anti-Malware log indicates you are using an older version (1.46) with with an outdated database. Please download and install the most current version (v1.51.1.1800) from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

The database shows 4182. Last I checked it was 7323.

Update the database through the program's interface <- preferable method. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally will prevent Malwarebytes from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply for jntkwx to review.


Note: Malwarebytes uses Inno Setup instead of the Windows Installer Service to install the program so installation in safe mode is possible if you still cannot use normal mode.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#5 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 30 July 2011 - 09:53 PM

yes, I figured that out when I seen that the maleware bytes I was told to use above is updated.
Thanks for jumping in and offering some information.
I didnp;t realize Jason wanted a copy of the new log and not the one I had run but didn;t realize it till after...

#6 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 30 July 2011 - 10:01 PM

jason,
The Rkill report does say completed but also shows terminated by Rkill and does not ask me to restart or anything....not sure if its working.
I ran the maleware bytes as directed but still can't log in to get into anything to upload the current log..

I still have a red windows security shield in my tool bar, don;t know if it's real or virus at this point. ANd my noton also has an x in it and says my sonar protection is not on and I am not protected. again, don;t know if this is real or virus.
I'm also seeing norton one click telling me to clear my norton and reinstall...not sure if I want to delete the only protection I might have if any at this point but figured to tell you as much of whats going on as I can.

I'll see what happens after running the maleware byte scan once again.,...if I can log in tomorrow, I will try to get to post the new maleare log for your review.

thank you
Patti

#7 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 31 July 2011 - 09:59 AM

7/31/11 10:00A.M

this is the log from the malewarebyte you asked me to post...I'll wait for your next post.
Computer let me access internet in normal mode but very slow and norton one click keeps poppong up and the windows defender shield is red in my toolbar. not sure if it's the real deal or the virus still. running slow.



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7324

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/30/2011 4:23:15 PM
mbam-log-2011-07-30 (16-23-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 361507
Time elapsed: 4 hour(s), 19 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2867478884 (Trojan.FakeAlert) -> Value: 2867478884 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\LocalService\Local Settings\Application Data\rdy.exe" -a "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\LocalService\Local Settings\Application Data\rdy.exe" -a "firefox.exe") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\LocalService\Local Settings\Application Data\rdy.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\localservice\local settings\application data\rdy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178641.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178642.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178643.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178644.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178650.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178654.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178659.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178660.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178664.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178687.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{367f5e95-f9cb-4df6-9f78-38d124b0e25e}\RP1531\A0178655.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\my documents\setupgamevance-1.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\my documents\setupgamevance.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 PM

Posted 31 July 2011 - 10:51 AM

Hi pattat11,

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this log, like this, but without the x: [xcode] MiniToolBox log [/xcode]

:step2: Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

:step3: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

:step4: Please download SystemLook from one of the links below and save it to your Desktop.
Download
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    %AllUsersProfile%\ /t14
    %LocalAppData%\ /t14
    %Temp%\ /t14
    %AppData%\ /t14
    %windir%\system32 /t7
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


In your next reply, please include:
  • MiniToolBox log
  • SUPERAntiSpyware log
  • GMER log
  • SystemLook log
  • How's your computer running now? Please provide a detailed description of any remaining problems, detailed word-for-word error messages that you are receiving, and/or screenshots of strange behavior.

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#9 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 01 August 2011 - 07:25 PM

Jason,
Took me a long time to get all four logs for you. I feel like I followed your direction well.
My windows security shield icon is still displayed in my tool bar red. When opening windows security, it shows my automatic updates turned off and when I click on "turn on updates" a error message pops up stating tht it can not turn it on and I have to do it throughthe system icon. When I go that route, the circle is already checked for updates adn to updte daily at 3:00 A.M.
SO far my norton has stayed in the tray but it has dissappeared and only returns to to the tray upon restart.
Some of my programs did the same thing, would be ok but after a while, I would not be able to launch them until restart....
So far I have been on now for about an hour so I really don;t know what to say about how my computer is working.
I know it's very slow on start up right now and accessing the internet took about 5 minutes to load..
I'm just going to wait and see what you tell me after you look at these logs...
I may have more to report to you as far as changes to my computer and how it's working after more time goes by...
I'm hanging in there but this is very frustrating...I hope you know that your help is appreciated...
Patti





MiniToolBox by Farbar
Ran by Patti (administrator) on 31-07-2011 at 17:00:11
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default diroctory========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : OFFICECOMPUTER Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : hsd1.il.comcast.net. Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-13-D4-68-2D-F8 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.104 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : ? Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 68.87.72.134 68.87.77.134 192.168.1.1 68.87.72.134 68.87.77.134 ? ? ? Lease Obtained. . . . . . . . . . : Sunday, July 31, 2011 4:51:02 PM Lease Expires . . . . . . . . . . : Monday, August 01, 2011 4:51:02 PMTunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : ? Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : DisabledServer: cns.area4.il.chicago.comcast.net
Address: 68.87.72.134

Name: google.com
Addresses: 74.125.225.83, 74.125.225.81, 74.125.225.82, 74.125.225.80
74.125.225.84

Pinging google.com [74.125.225.81] with 32 bytes of data:Reply from 74.125.225.81: bytes=32 time=12ms TTL=55Reply from 74.125.225.81: bytes=32 time=13ms TTL=55Ping statistics for 74.125.225.81: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 13ms, Average = 12msServer: cns.area4.il.chicago.comcast.net
Address: 68.87.72.134

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=85ms TTL=48Reply from 98.137.149.56: bytes=32 time=84ms TTL=48Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 84ms, Maximum = 85ms, Average = 84msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d4 68 2d f8 ...... SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.104 192.168.1.104 20
192.168.1.0 255.255.255.0 192.168.1.104 192.168.1.104 20
192.168.1.104 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.104 192.168.1.104 20
224.0.0.0 240.0.0.0 192.168.1.104 192.168.1.104 20
255.255.255.255 255.255.255.255 192.168.1.104 192.168.1.104 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2011 04:51:14 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (07/31/2011 11:42:16 AM) (Source: MsiInstaller) (User: Patti)Patti
Description: Product: Java™ 6 Update 26 -- Error 25099. Unzipping core files failed.

Error: (07/31/2011 11:40:40 AM) (Source: iNOSSO®) (User: )
Description: Adobe Reader 9.4.0
(C:\Program Files\Secunia\PSI\9a849824193a5e590d2a471b204902c0\AdbeRdr940_en_US.exe)
The system cannot find the path specified.

File: C:\Program Files\Secunia\PSI\9a849824193a5e590d2a471b204902c0\AdbeRdr940_en_US.exe
Info ID: 3.1241.03.2.20055
Please send the Info ID and file name to http://www.adobe.com/misc/bugreport.html

Error: (07/31/2011 09:44:35 AM) (Source: WmiAdapter) (User: Administrators)Administrators
Description: Open of service failed.


System errors:
=============
Error: (07/31/2011 02:56:59 PM) (Source: Service Control Manager) (User: )
Description: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2011 09:44:34 AM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service failed to start due to the following error:
%%1053

Error: (07/31/2011 09:44:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.

Error: (07/31/2011 09:44:33 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (07/31/2011 09:44:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error: (07/31/2011 08:13:42 AM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPATTILAPTOPNetBT_Tcpip_{1868BE63-0335-42

Error: (07/31/2011 06:46:12 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (07/31/2011 06:46:04 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (07/31/2011 06:45:59 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (07/31/2011 06:45:55 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (07/31/2011 04:51:14 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (07/31/2011 11:42:16 AM) (Source: MsiInstaller)(User: Patti)Patti
Description: Product: Java™ 6 Update 26 -- Error 25099. Unzipping core files failed.(NULL)(NULL)(NULL)

Error: (07/31/2011 11:40:40 AM) (Source: iNOSSO®)(User: )
Description: Adobe Reader 9.4.0
(C:\Program Files\Secunia\PSI\9a849824193a5e590d2a471b204902c0\AdbeRdr940_en_US.exe)
The system cannot find the path specified.

File: C:\Program Files\Secunia\PSI\9a849824193a5e590d2a471b204902c0\AdbeRdr940_en_US.exe
Info ID: 3.1241.03.2.20055
Please send the Info ID and file name to http://www.adobe.com/misc/bugreport.html

Error: (07/31/2011 09:44:35 AM) (Source: WmiAdapter)(User: Administrators)Administrators
Description:


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 10 Plugin (Version: 10.2.159.1)
Adobe Reader 9.1.3 (Version: 9.1.3)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
AiO_Scan (Version: 50.0.227.000)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
ArcSoft Multimedia Email
ArcSoft PhotoImpression 4
ArcSoft PhotoImpression 5
Art Explosion Scrapbook Factory Deluxe (Version: 1.04.4100)
Ask Toolbar (Version: 1.12.2.0)
AudibleManager (Version: 2089884432.-1.2089884374.2090320032)
Avery Wizard 4.0 (Version: 4.0.4)
Bejeweled 3
Big Fish Games Client (Version: 1.2.0.4)
Bonjour (Version: 2.0.4.0)
Brother MFL-Pro Suite MFC-490CW (Version: 1.1.5.0)
CameraHelperMsi (Version: 13.10.1217.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Creative Audio Pack
Creative MediaSource 5 (Version: 5.00)
Data Fax SoftModem with SmartCP
erLT (Version: 1.20.138.34)
FaceFilter Studio Brother Edition (Version: 1.0)
Fast Browser Search (My Web Tattoo) (Version: 2.0)
FinePixViewer Resource
FinePixViewer Ver.5.1
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
FrostWire 4.21.3 (Version: 4.21.3.0)
FUJIFILM USB Driver
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.2)
GearDrvs (Version: 1.00.0000)
Get Yahoo! Messenger
Google Chrome (Version: 12.0.742.122)
Google Earth (Version: 6.0.3.2197)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.0.1710.2246)
Google Update Helper (Version: 1.3.21.65)
Handmark® Magic Dogs™ for Palm OS
HP Driver Diagnostics (Version: 1.02.0014)
HP PSC & OfficeJet 5.3.B
ImageMixer VCD2 LE for FinePix (Version: 2.5.2.0)
ImageMixer3 (Version: 3.00.005)
iPod Updater 2004-10-20 (Version: 1.0)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Kazoo Player
KODAK EASYSHARE Gallery Upload ActiveX Control
Linksys EasyLink Advisor
Linksys EasyLink Advisor (Version: 3.11.9139.94)
Linksys Updater (Version: 1.1.8015.381)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.234)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.10.1216.0)
LWS Gallery (Version: 13.10.1216.0)
LWS Help_main (Version: 13.10.1224.0)
LWS Launcher (Version: 13.10.1224.0)
LWS Motion Detection (Version: 13.10.1218.0)
LWS Pictures And Video (Version: 13.10.1218.0)
LWS Twitter (Version: 13.00.1216.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.10.1216.0)
MAGIX Movie Edit Pro 17 (Version: 10.0.0.0)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed 2 (MSI) (Version: 6.0.1.2)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.5.0)
Mozilla Firefox (3.0.19) (Version: 3.0.19 (en-GB))
MSN
MSN Toolbar (Version: 3.0.983.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
MSXMLInstaller (Version: 1.00.0000)
Newsoft H264 Decoder (Version: 1.04.01)
Norton Security Suite (Version: 4.3.0.5)
PaperPort Image Printer (Version: 1.00.0000)
Peggle Deluxe
PENTAX Digital Camera Utility
Photo Viewer 2.4
PhotoPad Image Editor
Pixillion Image Converter
QFolder (Version: 1.00.0000)
Quicken 2008 (Version: 17.1.1.24)
Quicken Picks Toolbar
QuickTime (Version: 7.69.80.9)
RAW FILE CONVERTER LE
RealOne Player
Realtek AC'97 Audio
Resumes Quick & Easy
Retrospect 6.5 (Version: 6.50.0000)
Safari (Version: 5.33.19.4)
Scan (Version: 5.2.0.0)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Secunia PSI (2.0.0.3003)
SunPlus PMP Transcoding
The Print Shop® 6.0
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 94%
Total physical RAM: 895.48 MB
Available physical RAM: 52.2 MB
Total Pagefile: 1592.34 MB
Available Pagefile: 170.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:87.05 GB) NTFS

========================= Users: ========================================

User accounts for \\OFFICECOMPUTER

Administrator Brandy Brian
Guest HelpAssistant Patti
Spencer SUPPORT_388945a0


== End of log ==


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2011 at 08:05 PM

Application Version : 4.56.1000

Core Rules Database Version : 7493
Trace Rules Database Version: 5305

Scan type : Complete Scan
Total Scan Time : 02:42:13

Memory items scanned : 659
Memory threats detected : 0
Registry items scanned : 7994
Registry threats detected : 40
File items scanned : 27599
File threats detected : 400

Adware.CouponBar
HKU\S-1-5-21-2052111302-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKU\S-1-5-21-2052111302-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKU\S-1-5-21-2052111302-261903793-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}

Adware.Tracking Cookie
C:\Documents and Settings\Patti\Cookies\[email protected][1].txt
C:\Documents and Settings\Patti\Cookies\patti@couponmountain[1].txt
C:\Documents and Settings\Patti\Cookies\patti@statcounter[1].txt
sales.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qqw68ugm.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qqw68ugm.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qqw68ugm.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qqw68ugm.default\cookies.sqlite ]
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
ads1.msn.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
interclick.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
media.fliptrack.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
media.scanscout.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
media.tattomedia.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
msntest.serving-sys.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
oddcast.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
udn.specificclick.net [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
vidego.multicastmedia.com [ C:\Documents and Settings\Brandy\Application Data\Macromedia\Flash Player\#SharedObjects\HHF7BY3S ]
.socialmedia.com [ C:\Documents and Settings\Brandy\Application Data\Mozilla\Firefox\Profiles\n189t900.default\cookies.sqlite ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
convoad.technoratimedia.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
msnbcmedia.msn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\MBJHKRK4 ]
C:\Documents and Settings\mommy\Cookies\mommy@doubleclick[1].txt
C:\Documents and Settings\mommy\Cookies\[email protected][2].txt
C:\Documents and Settings\mommy\Cookies\[email protected][1].txt
C:\Documents and Settings\mommy\Cookies\mommy@fastclick[1].txt
C:\Documents and Settings\mommy\Cookies\mommy@interclick[1].txt
C:\Documents and Settings\mommy\Cookies\[email protected][1].txt
C:\Documents and Settings\mommy\Cookies\mommy@atdmt[1].txt
ad.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
cdn.assets.evolvemediacorp.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
interclick.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
media.tattomedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
spe.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Z7UE3RPD ]
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][7].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@azjmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@admarketplace[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@traveladvertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@uiadserver[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@uiadserver[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adviva[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@linksynergy[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@entrepreneur[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@getclicky[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaforge[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lzjl[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@p142t1s758994.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.findsmy[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.orfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.321findit[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findallofit[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@p469t1s5833913.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@marchex.bafind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.intergi[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksare[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@p216t1s859074.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@marchex.bafind[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ybdev.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.orfind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@marchex.bafind[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clickbowl[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@marchex.bafind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@rotator.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@hpi.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@p441t1s4979869.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@track.clickpayz[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lfstmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@nhl.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@stat.onestat[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@homestore.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@cn.clickable[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@totalbeauty.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaquantics[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.adengage[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interchangecorporation.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@dealfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@server.cpmstar[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.happytofind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dealtime[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ghmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@counter.hitslink[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adknowledge[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mtvn.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@elitecreditoptions[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficking.nabbr[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficking.nabbr[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficking.nabbr[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@segment-pixel.invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.amazeclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@t.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@msnbc.112.2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@msnbc.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@p306t1s4792606.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.hippofind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@theclickcheck[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-fast-answers[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
.pointroll.com [ C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\0k92qzt9.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\0k92qzt9.default\cookies.sqlite ]
.mywebsearch.com [ C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\0k92qzt9.default\cookies.sqlite ]
.mywebsearch.com [ C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\0k92qzt9.default\cookies.sqlite ]
.mywebsearch.com [ C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\0k92qzt9.default\cookies.sqlite ]
149.memecounter.com [ C:\Documents and Settings\Spencer\Application Data\Macromedia\Flash Player\#SharedObjects\ERAE37JL ]
memecounter.com [ C:\Documents and Settings\Spencer\Application Data\Macromedia\Flash Player\#SharedObjects\ERAE37JL ]
udn.specificclick.net [ C:\Documents and Settings\Spencer\Application Data\Macromedia\Flash Player\#SharedObjects\ERAE37JL ]
C:\Documents and Settings\Spencer\Cookies\spencer@invitemedia[1].txt
C:\Documents and Settings\Spencer\Cookies\spencer@media6degrees[2].txt
C:\Documents and Settings\Spencer\Cookies\spencer@ad.wsod[2].txt
C:\Documents and Settings\Spencer\Cookies\spencer@lucidmedia[1].txt
C:\Documents and Settings\Spencer\Cookies\spencer@ads.intergi[1].txt
C:\Documents and Settings\Spencer\Cookies\spencer@specificmedia[1].txt
C:\Documents and Settings\Spencer\Cookies\spencer@pointroll[2].txt

Adware.MyWebSearch/FunWebProducts
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

Browser Hijacker.Deskbar
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Rogue.Component/Trace
HKLM\Software\Microsoft\609BDC75
HKLM\Software\Microsoft\609BDC75#609bdc75
HKLM\Software\Microsoft\609BDC75#Version
HKLM\Software\Microsoft\609BDC75#609b71f5
HKLM\Software\Microsoft\609BDC75#609b1810

Adware.SelectRebates
C:\Program Files\SELECTREBATES\SelectRebatesDownload.exe
C:\Program Files\SELECTREBATES

Adware.Gamevance
HKCR\GamevanceText.Linker
HKCR\GamevanceText.Linker\CLSID
HKCR\GamevanceText.Linker\CurVer
HKCR\GamevanceText.Linker.1
HKCR\GamevanceText.Linker.1\CLSID


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-01 18:37:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3160021A rev.8.11
Running: y3dguzyf.exe gmer.exe; Driver: C:\DOCUME~1\Patti\LOCALS~1\Temp\fxtyrkob.sys


---- System - GMER 1.0.15 ----

SSDT 855BE240 ZwAlertResumeThread
SSDT 855BDFD0 ZwAlertThread
SSDT 854FE250 ZwAllocateVirtualMemory
SSDT 8545F120 ZwAssignProcessToJobObject
SSDT 850D7C10 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAC0B3210]
SSDT 855C71A8 ZwCreateMutant
SSDT 8517C220 ZwCreateSymbolicLinkObject
SSDT 853E35A8 ZwCreateThread
SSDT 85434140 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAC0B3490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAC0B39F0]
SSDT 85508E48 ZwDuplicateObject
SSDT 8562A418 ZwFreeVirtualMemory
SSDT 8546A078 ZwImpersonateAnonymousToken
SSDT 8546A008 ZwImpersonateThread
SSDT 850D7768 ZwLoadDriver
SSDT 853E1358 ZwMapViewOfSection
SSDT 85439A10 ZwOpenEvent
SSDT 854CC9E8 ZwOpenProcess
SSDT 854714A8 ZwOpenProcessToken
SSDT 85453E30 ZwOpenSection
SSDT 85478130 ZwOpenThread
SSDT 8517E860 ZwProtectVirtualMemory
SSDT 854556C8 ZwResumeThread
SSDT 8546BF58 ZwSetContextThread
SSDT 8546B448 ZwSetInformationProcess
SSDT 8500F650 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAC0B3C40]
SSDT 854517A0 ZwSuspendProcess
SSDT 85471A78 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA81A640]
SSDT 854512A0 ZwTerminateThread
SSDT 8545DCB0 ZwUnmapViewOfSection
SSDT 85648120 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 256C 80501DA4 8 Bytes [E8, C9, 4C, 85, A8, 14, 47, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 25A8 80501DE0 4 Bytes CALL DD8CA2FC
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[860] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: oleaut32.dllunknown module: oleaut32.dll
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C
.text C:\WINDOWS\Explorer.EXE[2192] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A
.text C:\WINDOWS\Explorer.EXE[2192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A
.text C:\WINDOWS\Explorer.EXE[2192] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [00401004] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7453060A
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 676E6972
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [00401010] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 69570A0B
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 74536564
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 676E6972
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401020] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 6156070C
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 6E616972
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [00408D74] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [00401030] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 6C4F0A0C
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 72615665
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00401088] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [00403600] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [00403604] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [00403608] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [004035FC] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [0040338C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [004033A8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [004033E4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 624F5407
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 7463656A
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [00401094] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 4F540707
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 63656A62
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 40108874
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 06000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 74737953
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 00006D65
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [004010B4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 49490A0F
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 7265746E
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 65636166
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000001
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 79530646
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 6D657473
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] FFFF0003
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [004010E4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 4449090F
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 61707369
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] B0686374
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 01004010
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00020400
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 000000C0
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 46000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 73795306
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 046D6574
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 90FFFF00
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 244483CC
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] BDE9F804
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 83000048
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] F8042444
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 24448300
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] E5E9F804
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] CC000048
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 401111CC
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 40111B00
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 40112500
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 00000100
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000
IAT C:\WINDOWS\System32\svchost.exe[860] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00000000
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01323880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01323930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01323A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [013239D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [0A473880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [0A473930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [0A473A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [0A4739D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 856FF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 856FF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 856FF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 856FF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 856FF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-1b 856FF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-13 856FF31B

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\system@addresses[2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UBU06LJH\herdaily_com[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UBU06LJH\prototype[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UBU06LJH\quotes_automotive_com[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UBU06LJH\dnserrordiagoff_webOC[2] 6766 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZPHXPNMD\custom[2].css 34 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZPHXPNMD\beautyriot_v1[1].css 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZPHXPNMD\eventCAI74C42.flow 0 bytes

---- EOF - GMER 1.0.15 ----


SystemLook 30.07.11 by jpshortstuff
Log created at 19:12 on 01/08/2011 by Patti
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users - Parameters: "/t14"

---Files---
None found.

---Folders---
Application Data dr-h--- [10:00 14/01/2008]
Desktop d------ [10:00 14/01/2008]
Documents dr----- [10:00 14/01/2008]
DRM d--hs-- [16:10 14/01/2008]
Favorites d------ [10:00 14/01/2008]
Start Menu dr----- [10:00 14/01/2008]
Templates d--h--- [10:00 14/01/2008]

%LocalAppData% - Unable to find folder.

C:\DOCUME~1\Patti\LOCALS~1\Temp - Parameters: "/t14"

---Files---
114264-966767.jpg --a---- 0 bytes [11:49 26/07/2011] [11:49 26/07/2011]
1608_appcompat.txt --a---- 23474 bytes [22:18 28/07/2011] [22:18 28/07/2011]
2559_appcompat.txt --a---- 53816 bytes [10:20 01/08/2011] [10:20 01/08/2011]
2741562872 --ahs-- 13416 bytes [02:41 29/07/2011] [11:30 30/07/2011]
3392604854 --ahs-- 13542 bytes [02:40 29/07/2011] [11:29 30/07/2011]
41frx3gr875o4 --ahs-- 13542 bytes [02:40 29/07/2011] [11:26 30/07/2011]
6d82_appcompat.txt --a---- 65982 bytes [10:14 30/07/2011] [10:14 30/07/2011]
6d93_appcompat.txt --a---- 67212 bytes [10:14 30/07/2011] [10:14 30/07/2011]
6da3_appcompat.txt --a---- 65982 bytes [10:14 30/07/2011] [10:14 30/07/2011]
6db3_appcompat.txt --a---- 65982 bytes [10:14 30/07/2011] [10:14 30/07/2011]
6dc4_appcompat.txt --a---- 65982 bytes [10:14 30/07/2011] [10:14 30/07/2011]
bdf0_appcompat.txt --a---- 304088 bytes [00:38 29/07/2011] [00:38 29/07/2011]
GoogleQuickSearchBox.log --a---- 0 bytes [00:07 12/07/2011] [23:54 01/08/2011]
IMT19F.xml --a---- 1994 bytes [02:31 29/07/2011] [02:31 29/07/2011]
IMT1A0.xml --a---- 426 bytes [02:31 29/07/2011] [02:31 29/07/2011]
IMT1A1.xml --a---- 707348 bytes [02:31 29/07/2011] [02:31 29/07/2011]
IMT1B3.xml --a---- 1994 bytes [02:31 29/07/2011] [02:31 29/07/2011]
IMT1B4.xml --a---- 426 bytes [02:31 29/07/2011] [02:31 29/07/2011]
IMT1B5.xml --a---- 707348 bytes [02:31 29/07/2011] [02:31 29/07/2011]
IMT1C8.xml --a---- 1994 bytes [02:32 29/07/2011] [02:32 29/07/2011]
IMT1C9.xml --a---- 426 bytes [02:32 29/07/2011] [02:32 29/07/2011]
IMT1CA.xml --a---- 707348 bytes [02:32 29/07/2011] [02:32 29/07/2011]
IMT2D2.xml --a---- 1994 bytes [02:34 29/07/2011] [02:34 29/07/2011]
IMT2D3.xml --a---- 426 bytes [02:34 29/07/2011] [02:34 29/07/2011]
IMT2D4.xml --a---- 707348 bytes [02:34 29/07/2011] [02:34 29/07/2011]
java_install.log --a---- 2109 bytes [16:41 31/07/2011] [16:42 31/07/2011]
java_install_reg.log --a---- 2131 bytes [16:37 31/07/2011] [16:42 31/07/2011]
jusched.log --a---- 1269 bytes [16:36 31/07/2011] [16:44 31/07/2011]
LuUpdater.log --a---- 0 bytes [12:22 29/07/2011] [12:22 29/07/2011]
LWSDebugOut.txt --a---- 197 bytes [10:55 28/07/2011] [11:26 30/07/2011]
MPC1.tmp --a---- 28314 bytes [10:59 28/07/2011] [00:38 28/07/2011]
MPC2.tmp --a---- 28314 bytes [22:23 28/07/2011] [00:38 28/07/2011]
MPC3.tmp --a---- 18848 bytes [21:47 31/07/2011] [15:45 31/07/2011]
MPCB.tmp --a---- 32044 bytes [15:35 31/07/2011] [02:43 29/07/2011]
MSI73b5c.LOG --a---- 182 bytes [16:42 31/07/2011] [16:43 31/07/2011]
qtsingleapp-camera-a689-0-lockfile --a---- 0 bytes [12:20 29/07/2011] [12:20 29/07/2011]
qtsingleapp-lwsexe-d03c-0-lockfile --a---- 0 bytes [12:20 29/07/2011] [12:20 29/07/2011]
SSUPDATE.EXE --a---- 386944 bytes [01:51 01/08/2011] [17:19 29/07/2011]
TWAIN.LOG --a---- 1238 bytes [11:26 08/07/2011] [00:03 02/08/2011]
Twain001.Mtx --a---- 5 bytes [11:26 08/07/2011] [00:03 02/08/2011]
Twunk001.MTX --a---- 156 bytes [11:26 08/07/2011] [00:03 02/08/2011]
Twunk002.MTX --a---- 0 bytes [12:20 29/07/2011] [12:20 29/07/2011]
~DF143C.tmp --a---- 16384 bytes [02:55 30/07/2011] [02:55 30/07/2011]
~DF1441.tmp --a---- 16384 bytes [02:55 30/07/2011] [02:55 30/07/2011]
~DF1DC6.tmp --a---- 0 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DF2128.tmp --a---- 16384 bytes [01:24 31/07/2011] [01:24 31/07/2011]
~DF2157.tmp --a---- 0 bytes [23:56 01/08/2011] [23:56 01/08/2011]
~DF305B.tmp --a---- 16384 bytes [00:02 02/08/2011] [00:05 02/08/2011]
~DF31E6.tmp --a---- 16384 bytes [02:00 01/08/2011] [10:25 01/08/2011]
~DF362B.tmp --a---- 16384 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF3878.tmp --a---- 16384 bytes [14:49 31/07/2011] [14:49 31/07/2011]
~DF459.tmp --a---- 16384 bytes [00:54 28/07/2011] [00:54 28/07/2011]
~DF462.tmp --a---- 16384 bytes [00:54 28/07/2011] [00:54 28/07/2011]
~DF479.tmp --a---- 16384 bytes [00:54 28/07/2011] [00:54 28/07/2011]
~DF4D7F.tmp --a---- 16384 bytes [00:15 28/07/2011] [00:15 28/07/2011]
~DF57A4.tmp --a---- 49152 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF584E.tmp --a---- 512 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF5A20.tmp --a---- 16384 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DF5ED3.tmp --a---- 16384 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF5F53.tmp --a---- 512 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF6129.tmp --a---- 32768 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF6210.tmp --a---- 512 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF644A.tmp --a---- 16384 bytes [02:53 30/07/2011] [02:53 30/07/2011]
~DF6459.tmp --a---- 16384 bytes [02:53 30/07/2011] [02:53 30/07/2011]
~DF64A6.tmp --a---- 49152 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF65AD.tmp --a---- 512 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF663E.tmp --a---- 16384 bytes [11:38 30/07/2011] [11:38 30/07/2011]
~DF6A6E.tmp --a---- 49152 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF6AF6.tmp --a---- 512 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DF736.tmp --a---- 0 bytes [02:00 01/08/2011] [02:00 01/08/2011]
~DF73D9.tmp --a---- 16384 bytes [22:17 28/07/2011] [22:17 28/07/2011]
~DF7A76.tmp --a---- 16384 bytes [02:51 30/07/2011] [02:51 30/07/2011]
~DF8431.tmp --a---- 16384 bytes [23:57 01/08/2011] [00:07 02/08/2011]
~DF8D58.tmp --a---- 49152 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DF8DA4.tmp --a---- 512 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DF9211.tmp --a---- 0 bytes [00:08 02/08/2011] [00:08 02/08/2011]
~DF9627.tmp --a---- 16384 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DF9743.tmp --a---- 512 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DF97B2.tmp --a---- 0 bytes [22:09 31/07/2011] [22:09 31/07/2011]
~DF98BA.tmp --a---- 49152 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF98E8.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF9A12.tmp --a---- 16384 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF9A2F.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF9EAC.tmp --a---- 49152 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF9ED4.tmp --a---- 32768 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF9EEB.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF9F7E.tmp --a---- 16384 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DF9F84.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA0D5.tmp --a---- 49152 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA0EE.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA13A.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA1E1.tmp --a---- 32768 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DFA3D6.tmp --a---- 49152 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA3E1.tmp --a---- 49152 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA474.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA4ED.tmp --a---- 512 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DFA50F.tmp --a---- 16384 bytes [12:22 29/07/2011] [12:22 29/07/2011]
~DFA58C.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFA75A.tmp --a---- 49152 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DFAD5E.tmp --a---- 512 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DFB09D.tmp --a---- 0 bytes [23:56 01/08/2011] [23:56 01/08/2011]
~DFB0BE.tmp --a---- 49152 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DFB138.tmp --a---- 512 bytes [23:57 01/08/2011] [23:57 01/08/2011]
~DFB168.tmp --a---- 49152 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFB291.tmp --a---- 512 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFB307.tmp --a---- 49152 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFB588.tmp --a---- 16384 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFB5B8.tmp --a---- 512 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFB5DB.tmp --a---- 16384 bytes [00:13 28/07/2011] [00:13 28/07/2011]
~DFB659.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFB863.tmp --a---- 32768 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFB8A4.tmp --a---- 512 bytes [02:54 30/07/2011] [02:54 30/07/2011]
~DFB8FD.tmp --a---- 32768 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFB964.tmp --a---- 512 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFB978.tmp --a---- 65536 bytes [00:21 30/07/2011] [00:21 30/07/2011]
~DFBD34.tmp --a---- 49152 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFBD6.tmp --a---- 65536 bytes [11:49 30/07/2011] [11:49 30/07/2011]
~DFBDEF.tmp --a---- 512 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFC0AA.tmp --a---- 49152 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFC0CE.tmp --a---- 512 bytes [21:56 31/07/2011] [21:56 31/07/2011]
~DFCDBD.tmp --a---- 16384 bytes [12:21 29/07/2011] [12:21 29/07/2011]
~DFCE1C.tmp --a---- 49152 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFCF71.tmp --a---- 512 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD040.tmp --a---- 16384 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD0AB.tmp --a---- 512 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD360.tmp --a---- 32768 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD370.tmp --a---- 512 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD3C9.tmp --a---- 49152 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD438.tmp --a---- 512 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD54B.tmp --a---- 49152 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFD55D.tmp --a---- 512 bytes [02:01 01/08/2011] [02:01 01/08/2011]
~DFDB77.tmp --a---- 16384 bytes [23:58 01/08/2011] [23:58 01/08/2011]
~DFDB7D.tmp --a---- 16384 bytes [23:58 01/08/2011] [23:58 01/08/2011]
~DFEF75.tmp --a---- 16384 bytes [02:52 30/07/2011] [02:52 30/07/2011]
~DFF2FE.tmp --a---- 16384 bytes [22:09 31/07/2011] [22:09 31/07/2011]

---Folders---
._msige52 d------ [12:09 03/09/2010]
3.dir d------ [11:15 13/07/2011]
APNLogs d------ [16:12 10/07/2011]
AskSearch d------ [16:14 10/07/2011]
Excel8.0 d------ [11:05 23/06/2011]
Google Quick Search Box d------ [12:20 29/07/2011]
hsperfdata_Patti d------ [16:37 31/07/2011]
outlook logging d------ [11:49 26/07/2011]
RarSFX0 d------ [11:25 30/07/2011]
RarSFX1 d------ [11:36 30/07/2011]
RarSFX2 d------ [11:29 30/07/2011]
RarSFX3 d------ [01:50 31/07/2011]
RarSFX4 d------ [02:03 31/07/2011]
RarSFX5 d------ [01:56 31/07/2011]
SUPERSetup d------ [22:09 31/07/2011]
WPDNSE d------ [23:54 01/08/2011]

C:\Documents and Settings\Patti\Application Data - Parameters: "/t14"

---Files---
None found.

---Folders---
Adobe d------ [16:09 26/01/2008]
Apple Computer d------ [00:41 15/01/2008]
ArcSoft d------ [03:51 05/11/2008]
Brother dr----- [14:01 03/10/2009]
CallingID d------ [18:52 09/01/2010]
comcasttb d------ [23:17 10/05/2010]
ComcastToolbar d------ [22:47 16/12/2008]
Creative d------ [11:54 15/01/2008]
FrostWire d------ [23:58 30/01/2011]
FUJIFILM d------ [01:54 15/01/2008]
Google d------ [00:03 15/01/2008]
Help d------ [19:58 11/05/2008]
Identities d------ [16:30 14/01/2008]
InstallShield d------ [18:44 19/07/2009]
Intuit d------ [00:36 15/01/2008]
Lavasoft d------ [00:05 15/01/2008]
Leadertech d------ [10:44 02/04/2008]
LEGO Company d------ [18:48 18/01/2011]
Macromedia d------ [16:06 26/01/2008]
MAGIX d------ [23:05 17/04/2011]
Malwarebytes d------ [02:46 17/06/2009]
McAfee d------ [18:10 17/12/2008]
Microsoft d---s-- [16:30 14/01/2008]
Mozilla d------ [23:59 12/06/2009]
MSNInstaller d------ [22:00 19/07/2009]
OpenCandy d------ [23:57 30/01/2011]
PC-FAX TX d------ [01:06 19/10/2009]
PopCapv1002 d------ [00:54 22/02/2010]
QuickenPicks_Toolbar d------ [16:54 10/01/2009]
Real d------ [17:50 25/01/2009]
SecuROM dr-h--- [16:58 07/08/2009]
Snapfish d------ [22:12 28/08/2008]
Sun d------ [00:02 15/01/2008]
SUPERAntiSpyware.com d------ [22:12 31/07/2011]
Symantec d------ [19:32 20/12/2008]
Teleca d------ [03:41 05/01/2010]
Tific d------ [11:18 28/07/2011]
Uniblue d------ [23:59 30/01/2011]
Unity d------ [18:19 11/06/2011]
W Photo Studio Viewer d------ [14:12 29/05/2008]
Yahoo! d------ [19:06 24/12/2009]

C:\WINDOWS\system32 - Parameters: "/t7"

---Files---
d3d9caps.dat --a---- 1324 bytes [19:36 20/01/2008] [23:44 01/08/2011]
java.exe --a---- 145184 bytes [16:41 31/07/2011] [22:29 12/04/2010]
perfc009.dat --a---- 91686 bytes [12:00 23/08/2001] [11:49 26/07/2011]
perfh009.dat --a---- 495482 bytes [12:00 23/08/2001] [11:49 26/07/2011]
terlmw32.dll --a---- 35840 bytes [10:45 29/07/2011] [10:45 29/07/2011]
term1w32.dll --a---- 218112 bytes [10:45 29/07/2011] [10:45 29/07/2011]
wpa.dbl --a---- 2206 bytes [12:00 23/08/2001] [23:55 01/08/2011]

---Folders---
1025 d------ [09:55 14/01/2008]
1028 d------ [09:55 14/01/2008]
1031 d------ [09:55 14/01/2008]
1033 d------ [09:55 14/01/2008]
1037 d------ [09:55 14/01/2008]
1041 d------ [09:55 14/01/2008]
1042 d------ [09:55 14/01/2008]
1054 d------ [09:55 14/01/2008]
2052 d------ [09:55 14/01/2008]
3076 d------ [09:55 14/01/2008]
3com_dmi d------ [09:55 14/01/2008]
appmgmt d------ [03:24 26/02/2009]
bits d------ [16:35 14/05/2009]
CatRoot d------ [10:00 14/01/2008]
CatRoot2 d------ [10:00 14/01/2008]
CBA d------ [16:38 14/01/2008]
Com d------ [16:07 14/01/2008]
config d------ [09:55 14/01/2008]
dhcp d------ [09:55 14/01/2008]
DirectX d------ [16:10 14/01/2008]
dllcache dr-hsc- [09:55 14/01/2008]
drivers d------ [09:55 14/01/2008]
DRVSTORE d----c- [00:40 15/01/2008]
en d------ [16:35 14/05/2009]
en-us d------ [23:44 20/05/2008]
export d------ [09:55 14/01/2008]
GroupPolicy d------ [03:09 13/06/2009]
ias d------ [09:55 14/01/2008]
icsxml d------ [09:55 14/01/2008]
IME d------ [09:55 14/01/2008]
inetsrv d------ [09:55 14/01/2008]
LogFiles d------ [20:41 18/05/2008]
logishrd d------ [23:00 28/03/2011]
Macromed d------ [16:09 14/01/2008]
Microsoft d---s-- [16:29 14/01/2008]
MsDtc d------ [16:07 14/01/2008]
mui d------ [09:55 14/01/2008]
N360_BACKUP d------ [20:29 20/12/2008]
npp d------ [09:55 14/01/2008]
NtmsData d------ [22:22 02/11/2008]
oobe d------ [09:55 14/01/2008]
PreInstall d------ [00:14 19/05/2008]
ras d------ [09:55 14/01/2008]
ReinstallBackups d------ [16:24 14/05/2009]
Restore d------ [16:09 14/01/2008]
scripting d------ [16:35 14/05/2009]
Setup d------ [09:55 14/01/2008]
ShellExt d------ [09:55 14/01/2008]
SoftwareDistribution d------ [19:40 18/05/2008]
spool d------ [09:55 14/01/2008]
usmt d------ [09:55 14/01/2008]
wbem d------ [09:55 14/01/2008]
windowspowershell d------ [03:12 13/06/2009]
wins d------ [09:55 14/01/2008]
xircom d------ [16:11 14/01/2008]
XPSViewer d------ [23:44 20/05/2008]

-= EOF =-

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 PM

Posted 01 August 2011 - 09:32 PM

Hi pattat11,

:step1: As this infection is known to be bundled with the TDSS rootkit infection, you should also run a program that can be used to scan for this infection. Please carefully follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller If you have previously downloaded TDSSkiller, please download a new version, as it is updated often.


:step2: Let's upload a couple files for a second opinion on what they actually are.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Virustotal: http://www.virustotal.com/

When the Virustotal page has finished loading, click the Choose File button and navigate to each of the following files and click Send File.

C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\terlmw32.dll
C:\WINDOWS\system32\term1w32.dll


If prompted to reanalyze a file, please do so.

Please post back the website addresses (URLs) of the Virustotal results in your next post.

Edited by jntkwx, 01 August 2011 - 09:37 PM.

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#11 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 02 August 2011 - 08:27 PM

Seems a bit slow starting up but so far I can stillaunch my stuff and access internet.
My windows security is still showing a red shield and says my automatic updates are not turned on...but they are.

Here are the urls
http://www.virustotal.com/file-scan/report.html?id=fa2fa11b5c98a5bebb21581e97acf6be18cbba8acb352db01dec7988698fd462-1312332000
http://www.virustotal.com/file-scan/report.html?id=6e88e64071dcc4fff68c854a63b3ffd614fab9d4fbc674c96bf1f927cff914a2-1312332342
http://www.virustotal.com/file-scan/report.html?id=64aaba421825b2c30eded21338d7356cd3436cf59922b6ddfed886b766b59395-1312332520
http://www.virustotal.com/file-scan/report.html?id=7997a8a74edc8a868a7406186846bfb4c5d6509489bdc8d400ec6f7a1fa3a28c-1312332660

Patti

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 PM

Posted 02 August 2011 - 08:29 PM

pattat11,

Did you do step 1? If so, please post the TDSSkiller log located at C:\

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#13 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 03 August 2011 - 06:48 AM

Sorry, I got so nervos doing those steps I was just glad it was over so I could get away from that...
By the way, I woke up this morning and came to my desktop only to find that I could not access my stuff nor log onto the internet and after 4 minutes shut down and restarted. I logged on in safe mode to be able to get quicker access since I am almost out the door for work.
I could hear my computer running but nothing was happening...
usually after a reboot, everything works.

Heres the TDskiller log
2011/08/02 19:26:37.0796 3652 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 19:26:39.0812 3652 ================================================================================
2011/08/02 19:26:39.0812 3652 SystemInfo:
2011/08/02 19:26:39.0812 3652
2011/08/02 19:26:39.0812 3652 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/02 19:26:39.0812 3652 Product type: Workstation
2011/08/02 19:26:39.0812 3652 ComputerName: OFFICECOMPUTER
2011/08/02 19:26:39.0812 3652 UserName: Patti
2011/08/02 19:26:39.0812 3652 Windows directory: C:\WINDOWS
2011/08/02 19:26:39.0812 3652 System windows directory: C:\WINDOWS
2011/08/02 19:26:39.0812 3652 Processor architecture: Intel x86
2011/08/02 19:26:39.0812 3652 Number of processors: 1
2011/08/02 19:26:39.0812 3652 Page size: 0x1000
2011/08/02 19:26:39.0812 3652 Boot type: Normal boot
2011/08/02 19:26:39.0812 3652 ================================================================================
2011/08/02 19:26:49.0906 3652 Initialize success
2011/08/02 19:26:58.0171 5092 ================================================================================
2011/08/02 19:26:58.0171 5092 Scan started
2011/08/02 19:26:58.0171 5092 Mode: Manual;
2011/08/02 19:26:58.0171 5092 ================================================================================
2011/08/02 19:27:01.0968 5092 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 19:27:02.0515 5092 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 19:27:04.0656 5092 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 19:27:05.0484 5092 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/08/02 19:27:06.0234 5092 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/02 19:27:08.0671 5092 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/02 19:27:11.0781 5092 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/02 19:27:12.0453 5092 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 19:27:13.0156 5092 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 19:27:14.0015 5092 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 19:27:14.0468 5092 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 19:27:14.0953 5092 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 19:27:15.0890 5092 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx86.sys
2011/08/02 19:27:17.0000 5092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 19:27:17.0796 5092 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/02 19:27:18.0609 5092 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
2011/08/02 19:27:19.0375 5092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 19:27:19.0750 5092 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 19:27:20.0062 5092 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/08/02 19:27:20.0531 5092 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 19:27:22.0187 5092 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/02 19:27:22.0890 5092 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/02 19:27:23.0406 5092 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/02 19:27:24.0203 5092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/02 19:27:24.0718 5092 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/02 19:27:25.0625 5092 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/02 19:27:25.0953 5092 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/02 19:27:26.0515 5092 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/02 19:27:26.0812 5092 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/02 19:27:27.0140 5092 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/02 19:27:27.0312 5092 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/02 19:27:27.0468 5092 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/02 19:27:27.0656 5092 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/02 19:27:27.0859 5092 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/02 19:27:28.0046 5092 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/02 19:27:28.0312 5092 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/08/02 19:27:28.0500 5092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/02 19:27:28.0687 5092 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/02 19:27:29.0015 5092 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/02 19:27:29.0500 5092 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/02 19:27:29.0765 5092 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/02 19:27:30.0000 5092 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/02 19:27:30.0203 5092 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/02 19:27:30.0484 5092 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/02 19:27:30.0750 5092 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/02 19:27:31.0078 5092 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/02 19:27:31.0531 5092 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110801.030\IDSxpx86.sys
2011/08/02 19:27:31.0984 5092 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/02 19:27:32.0375 5092 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/02 19:27:32.0562 5092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/02 19:27:32.0703 5092 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/02 19:27:32.0875 5092 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/02 19:27:33.0078 5092 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/02 19:27:33.0265 5092 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/02 19:27:33.0406 5092 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 19:27:33.0609 5092 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/02 19:27:33.0781 5092 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/02 19:27:33.0968 5092 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/02 19:27:34.0125 5092 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/02 19:27:34.0468 5092 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/08/02 19:27:34.0656 5092 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/08/02 19:27:35.0062 5092 LVUVC (3703406af0726badd24c5e552493e5b1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/08/02 19:27:35.0437 5092 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/02 19:27:35.0625 5092 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/08/02 19:27:35.0781 5092 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/08/02 19:27:35.0984 5092 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/08/02 19:27:36.0187 5092 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/08/02 19:27:36.0718 5092 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/08/02 19:27:36.0890 5092 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/02 19:27:37.0109 5092 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/02 19:27:37.0296 5092 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/02 19:27:37.0500 5092 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/02 19:27:37.0656 5092 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/02 19:27:37.0843 5092 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/02 19:27:39.0484 5092 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/02 19:27:40.0046 5092 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/02 19:27:40.0437 5092 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/02 19:27:40.0796 5092 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/02 19:27:41.0125 5092 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/02 19:27:41.0656 5092 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/02 19:27:41.0812 5092 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/02 19:27:42.0500 5092 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/02 19:27:43.0281 5092 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/02 19:27:44.0171 5092 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110802.003\NAVENG.SYS
2011/08/02 19:27:45.0875 5092 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110802.003\NAVEX15.SYS
2011/08/02 19:27:47.0656 5092 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/02 19:27:47.0984 5092 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/02 19:27:48.0406 5092 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/02 19:27:48.0781 5092 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/02 19:27:49.0218 5092 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/02 19:27:49.0531 5092 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/02 19:27:50.0218 5092 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/02 19:27:50.0578 5092 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/02 19:27:51.0000 5092 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/02 19:27:51.0515 5092 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/02 19:27:51.0703 5092 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/02 19:27:52.0156 5092 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/02 19:27:52.0593 5092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/02 19:27:53.0046 5092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/02 19:27:53.0250 5092 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/02 19:27:53.0484 5092 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/02 19:27:53.0718 5092 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/02 19:27:53.0859 5092 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/02 19:27:54.0015 5092 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/02 19:27:54.0281 5092 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/02 19:27:54.0421 5092 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/02 19:27:55.0203 5092 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/02 19:27:55.0359 5092 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/02 19:27:55.0531 5092 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/02 19:27:55.0687 5092 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/08/02 19:27:55.0828 5092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/02 19:27:55.0984 5092 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/02 19:27:56.0437 5092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/02 19:27:56.0593 5092 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/02 19:27:56.0734 5092 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/02 19:27:56.0921 5092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/02 19:27:57.0046 5092 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/02 19:27:57.0218 5092 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/02 19:27:57.0359 5092 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/02 19:27:57.0750 5092 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/02 19:27:57.0859 5092 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/02 19:27:58.0078 5092 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/02 19:27:58.0484 5092 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/02 19:27:58.0796 5092 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/02 19:27:59.0015 5092 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/02 19:27:59.0250 5092 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/02 19:27:59.0453 5092 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/02 19:27:59.0687 5092 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/08/02 19:27:59.0859 5092 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/08/02 19:28:00.0015 5092 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/08/02 19:28:00.0187 5092 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/02 19:28:00.0437 5092 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/02 19:28:00.0562 5092 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/02 19:28:00.0765 5092 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
2011/08/02 19:28:01.0015 5092 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
2011/08/02 19:28:01.0265 5092 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/02 19:28:01.0468 5092 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/02 19:28:01.0625 5092 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/02 19:28:01.0750 5092 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/02 19:28:01.0890 5092 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/02 19:28:02.0218 5092 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
2011/08/02 19:28:02.0453 5092 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
2011/08/02 19:28:02.0640 5092 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/08/02 19:28:02.0875 5092 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
2011/08/02 19:28:03.0093 5092 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
2011/08/02 19:28:03.0515 5092 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/02 19:28:03.0656 5092 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/02 19:28:03.0937 5092 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/08/02 19:28:04.0109 5092 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/02 19:28:04.0281 5092 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/02 19:28:04.0375 5092 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/02 19:28:04.0671 5092 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/02 19:28:04.0812 5092 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2011/08/02 19:28:05.0000 5092 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/02 19:28:05.0281 5092 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/02 19:28:05.0500 5092 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/02 19:28:05.0656 5092 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/02 19:28:05.0796 5092 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/02 19:28:05.0984 5092 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/02 19:28:06.0203 5092 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/02 19:28:06.0343 5092 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/02 19:28:06.0484 5092 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/02 19:28:06.0625 5092 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/02 19:28:06.0765 5092 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/02 19:28:06.0953 5092 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/02 19:28:07.0140 5092 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/02 19:28:07.0453 5092 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/02 19:28:07.0703 5092 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/02 19:28:07.0984 5092 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/02 19:28:08.0375 5092 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/02 19:28:08.0531 5092 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/02 19:28:08.0843 5092 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/08/02 19:28:09.0078 5092 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/02 19:28:09.0234 5092 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/02 19:28:09.0390 5092 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/02 19:28:09.0531 5092 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/02 19:28:09.0546 5092 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/02 19:28:09.0562 5092 Boot (0x1200) (a8f4c282634062d66f6da3400c1ecef4) \Device\Harddisk0\DR0\Partition0
2011/08/02 19:28:09.0578 5092 ================================================================================
2011/08/02 19:28:09.0578 5092 Scan finished
2011/08/02 19:28:09.0578 5092 ================================================================================
2011/08/02 19:28:09.0609 3988 Detected object count: 1
2011/08/02 19:28:09.0609 3988 Actual detected object count: 1
2011/08/02 19:32:27.0109 3988 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/02 19:32:27.0140 3988 \Device\Harddisk0\DR0 - copied to quarantine
2011/08/02 19:32:27.0281 3988 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/02 19:32:27.0312 3988 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
2011/08/02 19:32:27.0375 3988 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
2011/08/02 19:32:27.0500 3988 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
2011/08/02 19:32:27.0609 3988 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
2011/08/02 19:32:30.0203 3988 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
2011/08/02 19:32:30.0234 3988 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
2011/08/02 19:32:31.0218 3988 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
2011/08/02 19:32:33.0203 3988 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
2011/08/02 19:32:35.0078 3988 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
2011/08/02 19:32:35.0406 3988 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
2011/08/02 19:32:37.0437 3988 \Device\Harddisk0\DR0\TDLFS\lsflt7.ver - copied to quarantine
2011/08/02 19:32:37.0593 3988 \Device\Harddisk0\DR0\TDLFS\talsag - copied to quarantine
2011/08/02 19:32:37.0625 3988 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Quarantine

Edited by pattat11, 03 August 2011 - 06:50 AM.


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 PM

Posted 03 August 2011 - 10:37 AM

Hi pattat11,

Given what you said at the beginning of your post, I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and please be patient. There is currently a large backlog of people being helped. It may take several days for someone to respond.

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#15 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 04 August 2011 - 07:14 AM

I appreciate your help and efforts.
I will do as suggested and try again.
Patti




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users