Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet connection problems.


  • Please log in to reply
26 replies to this topic

#1 CicconeUK

CicconeUK

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 05 April 2010 - 12:59 PM

Hi,

I have had help before from here (and found this place very useful) so I thought I'd come back with a couple more problems...

When I click on a link in Google I get a page cannot be displayed message (the address bar says adwordsdirect)

When I first try to log on it takes me about 6 attempts to get any of my saved favourite pages to show, the IE page comes up but stays white and I have to close it through task master.

I also had the XP security bug (ave.exe) show up every now and again.

My PC is running a lot slower than normal and webpages seem to struggle to display.

Thanks for any help.

Edited by Budapest, 05 April 2010 - 04:32 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:56 AM

Posted 06 April 2010 - 12:30 PM

Scan for Spyware/Adware

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware Free version and save it to your desktop.

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.


alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled

SAS, may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
  • First
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Please post the log from MBAM and SAS when complete.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#3 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 06 April 2010 - 01:39 PM

Thanks for helping me :thumbsup:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3960

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

06/04/2010 19:32:45
mbam-log-2010-04-06 (19-32-45).txt

Scan type: Quick scan
Objects scanned: 170588
Time elapsed: 18 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:56 AM

Posted 06 April 2010 - 02:01 PM

Can you post the SuperAntiSpyware log please.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#5 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 07 April 2010 - 12:55 AM

I'll do that as soon as possible. It takes me ages to get IE to display any internet connection, just keep getting the IE page but it stays white and I have to keep shutting it down using task master.

Please bare with me and I'll have it as soon as possible.

#6 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:56 AM

Posted 07 April 2010 - 07:16 AM

Check your Proxy settings in Internet Explorer to make sure malware did not alter them. If so, that can affect your ability to browse or download tools required for disinfection:

* Open Internet Explorer > click Tools > Internet Options > Connections tab.
* Click the LAN Settings... button and uncheck Use a proxy server for your LAN
or change the settings to the proxy you normally use if you previously reconfigured it.
* Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
* Click Ok and then click Ok again.
* Close Internet Explorer and restart the computer.
* An example of how to do this with screenshots can be found in steps 3-7 under the section Automated Removal Instructions... in this guide..

Check your Proxy settings in Firefox to make sure malware did not alter them:

* Open Firefox, click Tools > Options > Advanced and click the Network Tab.
* Under the Connection section click on the Settings... button.
* Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
* Click Ok and then click OK again.
* Close Firefox and restart the computer.

For other browsers, please refer to How to configure browser proxy settings.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#7 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 07 April 2010 - 12:04 PM

My internet settings were ok.

When I try to start my pc in safe mode I get a box with these options -

Please select boot device
SM Pioneer DVD-RW DVR-106D
1st Floppy drive
PM- ST3120022A

I haven't been able to start in safe mode so I haven't ran the SuperAntiSpyware in safe mode.

Edited by CicconeUK, 07 April 2010 - 12:50 PM.


#8 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:56 AM

Posted 07 April 2010 - 12:27 PM

Does your computer hang or blue screen when trying to boot in Safe Mode?

SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection.

Please download SUPERAntiSpyware Free
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.
or if it's already installed

SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.
Once you have completed this portion, please try running SuperAntiSpyware in Safe Mode. Post the log when complete.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#9 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 07 April 2010 - 01:38 PM

I did that but it's still just giving me the options I mentioned.

It took me about 10 attempts to connect to a webpage and just before it let me connect 'sysfader' appeared for a second in my task managetr.

#10 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:56 AM

Posted 07 April 2010 - 01:42 PM

Ok. Let's just run SuperAntispyware in Normal mode and post your log.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#11 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 07 April 2010 - 02:35 PM

Do I perform a full scan or quick scan?

#12 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 08 April 2010 - 01:23 AM

This is the Superantispyware log -

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/08/2010 at 02:22 AM

Application Version : 4.35.1002

Core Rules Database Version : 4775
Trace Rules Database Version: 2587

Scan type : Complete Scan
Total Scan Time : 04:48:43

Memory items scanned : 463
Memory threats detected : 0
Registry items scanned : 8960
Registry threats detected : 0
File items scanned : 194569
File threats detected : 250

Adware.Tracking Cookie
C:\Documents and Settings\Mark\Cookies\mark@media.community.madonna[1].txt
C:\Documents and Settings\Mark\Cookies\mark@ads.gmodules[2].txt
C:\Documents and Settings\Mark\Cookies\mark@yadro[2].txt
C:\Documents and Settings\Mark\Cookies\mark@collective-media[2].txt
C:\Documents and Settings\Mark\Cookies\mark@adbrite[1].txt
C:\Documents and Settings\Mark\Cookies\mark@content.yieldmanager[2].txt
C:\Documents and Settings\Mark\Cookies\mark@media6degrees[1].txt
C:\Documents and Settings\Mark\Cookies\mark@serving-sys[1].txt
C:\Documents and Settings\Mark\Cookies\mark@tribalfusion[2].txt
C:\Documents and Settings\Mark\Cookies\mark@xiti[1].txt
C:\Documents and Settings\Mark\Cookies\mark@chitika[1].txt
C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wckyukcpicp.stats.esomniture[1].txt
C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[2].txt
C:\Documents and Settings\Mark\Cookies\mark@revsci[1].txt
C:\Documents and Settings\Mark\Cookies\mark@kontera[2].txt
C:\Documents and Settings\Mark\Cookies\mark@content.yieldmanager[3].txt
C:\Documents and Settings\Mark\Cookies\mark@stopzilla[1].txt
C:\Documents and Settings\Mark\Cookies\mark@www.googleadservices[2].txt
C:\Documents and Settings\Mark\Cookies\mark@msnportal.112.2o7[1].txt
C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wal4uid5whp.stats.esomniture[1].txt
C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wgmyqnazoaq.stats.esomniture[2].txt
C:\Documents and Settings\Mark\Cookies\mark@247realmedia[2].txt
C:\Documents and Settings\Mark\Cookies\mark@bs.serving-sys[1].txt
C:\Documents and Settings\Mark\Cookies\mark@2o7[3].txt
C:\Documents and Settings\Mark\Cookies\mark@www.stopzilla[1].txt
C:\Documents and Settings\Mark\Cookies\mark@tacoda[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@247realmedia[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@2o7[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@ad.skyad[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@ad.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@ad.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@adbrite[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@ads.ad4game[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@ads.bleepingcomputer[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@ads.ctasnet[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@adserver.adtechus[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@adtech[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@azjmp[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@bs.serving-sys[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@cdn5.specificclick[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@cdn5.specificclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@cdn5.specificclick[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@chitika[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@click.bsftransmit2[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@clicks.pangora[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@clickshift[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@collective-media[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@content.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@content.yieldmanager[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wakyagc5gao.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wbloondjmgq.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wblyahczcko.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wckyukcpicp.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wdl4sgazcao.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wdmyakczago.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wfkykpc5oep.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wjk4eldzehq.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wjk4gld5kdo.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wjkyuodzaco.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wjmiqgcpeco.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wjmykkczohq.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wjnygjdzodo.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wjnyuoajoap.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@e-2dj6wmloqkd5aap.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@ero-advertising[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@highbeam.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@imagevenue.advertserve[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@imrworldwide[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@kontera[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@media.community.madonna[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@media.community.madonna[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@media6degrees[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@media6degrees[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@mediafire[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@msnportal.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@partypoker[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@paypal.112.2o7[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@perf.overture[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@questionmarket[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@revsci[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@serving-sys[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@serving-sys[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@specificclick[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@specificclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@specificclick[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@stats.paypal[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@stats.paypal[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@tacoda[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@track.adform[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@track.adform[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@tracking.dc-storm[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@tribalfusion[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@virginmedia[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@www.clicksafe.lloydstsb[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@www.googleadservices[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@www.googleadservices[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@www.mediafire[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@www7.addfreestats[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\mark@xiti[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@112.2o7[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@247realmedia[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@2o7[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@ad.skyad[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@ad.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@ad.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@adbrite[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@ads.ad4game[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@ads.bleepingcomputer[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@ads.ctasnet[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@adserver.adtechus[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@adtech[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@azjmp[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@bs.serving-sys[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@bs.serving-sys[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@cdn5.specificclick[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@cdn5.specificclick[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@chitika[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@click.bsftransmit2[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@clicks.pangora[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@clickshift[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@collective-media[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@content.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@content.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@content.yieldmanager[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wakyagc5gao.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wbloondjmgq.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wblyahczcko.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wckyukcpicp.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wdl4sgazcao.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wdmyakczago.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wjk4eldzehq.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wjk4gld5kdo.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wjkyuodzaco.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wjmiqgcpeco.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wjmykkczohq.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wjnygjdzodo.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wjnyuoajoap.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@e-2dj6wmloqkd5aap.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@ero-advertising[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@highbeam.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@imagevenue.advertserve[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@imrworldwide[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@kontera[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@media.community.madonna[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@media.community.madonna[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@media6degrees[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@media6degrees[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@mediafire[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@msnportal.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@partypoker[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@paypal.112.2o7[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@perf.overture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@questionmarket[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@revsci[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@serving-sys[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@specificclick[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@specificclick[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@stats.paypal[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@tacoda[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@track.adform[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@track.adform[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@tracking.dc-storm[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@tribalfusion[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@tribalfusion[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@virginmedia[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@www.clicksafe.lloydstsb[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@www.googleadservices[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@www.googleadservices[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@www.mediafire[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@www7.addfreestats[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4\Cookies\mark@xiti[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@ad.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@azjmp[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@bs.serving-sys[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@cdn5.specificclick[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@cdn5.specificclick[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@content.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@e-2dj6wfkykpc5oep.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@ero-advertising[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@media.community.madonna[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@media6degrees[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@msnportal.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@paypal.112.2o7[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@revsci[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@serving-sys[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@specificclick[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@specificclick[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@stats.paypal[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@virginmedia[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.000\Cookies\mark@www7.addfreestats[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@247realmedia[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@2o7[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@2o7[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@ad.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@ad.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@adbrite[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@adbrite[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@ads.gmodules[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@azjmp[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@bs.serving-sys[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@cdn5.specificclick[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@cdn5.specificclick[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@chitika[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@chitika[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@clickcompare[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@clickshift[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@collective-media[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@collective-media[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@content.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@content.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@content.yieldmanager[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@e-2dj6wal4uid5whp.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@e-2dj6wckyukcpicp.stats.esomniture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@e-2dj6wfkykpc5oep.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@e-2dj6wgmyqnazoaq.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@e-2dj6wjnyunajcgp.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@ero-advertising[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@kontera[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@media.community.madonna[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@media.community.madonna[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@media6degrees[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@msnportal.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@paypal.112.2o7[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@perf.overture[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@questionmarket[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@revsci[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@revsci[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@serving-sys[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@serving-sys[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@specificclick[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@specificclick[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@specificclick[3].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@stats.paypal[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@stopzilla[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@tacoda[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@tacoda[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@technologyquestions[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@tribalfusion[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@tribalfusion[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@virginmedia[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@www.googleadservices[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@www.stopzilla[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@www.technologyquestions[2].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@www7.addfreestats[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@xiti[1].txt
C:\Documents and Settings\HelpAssistant.YOUR-6R7DO13OX4.001\Cookies\mark@yadro[2].txt
C:\Documents and Settings\Mark\Cookies\mark@2o7[1].txt
C:\Documents and Settings\Mark\Cookies\mark@collective-media[1].txt
C:\Documents and Settings\Mark\Cookies\mark@perf.overture[1].txt

#13 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:56 AM

Posted 08 April 2010 - 07:16 AM

We need to run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)

    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.

  • When the scan is complete, click Save and save the log onto your desktop.
Post the log when complete.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#14 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 08 April 2010 - 03:17 PM

I tried both ways and got the blue screen 'Windows was shut down etc'

It seems to take around 10 attempts, closing IE by the task manager before it connects and then after a while everything freezes and there's a long conitunous beep coming from the system.

I don't know if this will help but this is the scan that GMER does when I open it, before I tried to scan as you said.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-08 19:56:09
Windows 5.1.2600 Service Pack 3
Running: ouv6q0b0.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\awpyapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAD74378A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAD743738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAD74374C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAD7437CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAD743710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAD743724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAD74379E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAD743776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAD743762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAD7437F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAD7437E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAD7437B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#15 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:56 AM

Posted 09 April 2010 - 06:58 AM

Ok. Let's make sure you can boot in Safe Mode.

When you start pressing F8, and you see this list:

SM Pioneer DVD-RW DVR-106D
1st Floppy drive
PM- ST3120022A

Highlight PM-ST3120022A Press enter and immediately start pressing F8 again.

You should then be presented with a list of boot options again. Use the Up and Down Arrow keys to select "Safe Mode with Networking" and again Press Enter.

Once in Safe Mode, please re-run GMER as instructed above.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users