Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I keep getting redirected and it won't go...


  • Please log in to reply
11 replies to this topic

#1 Dire Need

Dire Need

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 06 June 2010 - 04:09 PM

Hi. This is my first post, I hope it is in the correct section.
Yesterday I started getting redirected from my google search engine when clicking the links it provided. I would sometimes be placed on a page with a green globe, sometimes a page with a blue "a" as the "symbol." My computer is running slower than normal and sometimes random web pages open in new tabs. Twice the toolbar, or taskbar... the thing at the bottom with start at the edge, has gone white when it is normally blue, this has also had a change on the text in my start menu. I do not know what to do, I scanned with ZoneAlarm Security Suite and Malwarebytes' Anti-Malware (free version of the latter) and although they picked up a variety of things, my problem persists. Any help would be much appreciated, I do not know what to do next. Also my sound was randomly disabled twice (not just muted, disabled, which I had to remedy with more online searching) and many random things which I have never seen before are asking permission for access to things like internet.
Someone in Dire Need, struggling.

P.S. I am Windows XP and this is my latest scan of Malwarebytes' logs.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4170

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

06/06/2010 19:15:39
mbam-log-2010-06-06 (19-15-39).txt

Scan type: Quick scan
Objects scanned: 242191
Time elapsed: 2 hour(s), 45 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\For Spore\Local Settings\Temp\cewmornxas.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\For Spore\Local Settings\Temp\nmeocrwxas.tmp (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\For Spore\Local Settings\Temp\waxmrnoces.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\For Spore\Local Settings\Temporary Internet Files\Content.IE5\CFZ08TY8\n002102318807r0809J0e000601Reb9a0b4cWec569f27Xc7e0d777Y8c05f68fZ03003f360[1] (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\For Spore\Local Settings\Temporary Internet Files\Content.IE5\G05E6MBZ\n002102807r0809Reb9a0b4cXc7e0d742Y8c05f68fZ03003f36316P000000070[1] (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

Edited by Dire Need, 06 June 2010 - 04:26 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 06 June 2010 - 05:33 PM

Hello, this as a good scan.. Now do these and see how we are.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dire Need

Dire Need
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 07 June 2010 - 03:58 PM

I was lagging in safe mode, but I managed to use ATF to clear Firefox. Every time I tried to use it to clear IE (which I do have downloaded, also) it would just go not responding. Also I clicked the download update button on SUPER and scanned, then it told me another update was available and my problem is still here, I will post my logs of malwarebytes' soon, but it is late here and I don't have time for a scan right now. Thanks for the help so far, maybe we will fix my problem.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2010 at 09:47 PM

Application Version : 4.38.1004

Core Rules Database Version : 5039
Trace Rules Database Version: 2852

Scan type : Complete Scan
Total Scan Time : 05:40:18

Memory items scanned : 257
Memory threats detected : 0
Registry items scanned : 6539
Registry threats detected : 14
File items scanned : 125119
File threats detected : 378

Trojan.Agent/Gen-AdBot
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622748FB-D02D-4E18-8EAF-EE469682A8FA}
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}#AppID
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}\InprocServer32
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}\InprocServer32#ThreadingModel
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}\ProgID
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}\Programmable
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}\TypeLib
HKCR\CLSID\{622748FB-D02D-4E18-8EAF-EE469682A8FA}\VersionIndependentProgID
HKCR\adgj.agHlp.1
HKCR\adgj.agHlp
HKCR\TypeLib\{7B6A2552-E65B-4A9E-ADD4-C45577FFD8FD}
C:\WINDOWS\SYSTEM32\WDVUGYYP.DLL
HKU\S-1-5-21-2165012078-4020385640-3082964161-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622748FB-D02D-4E18-8EAF-EE469682A8FA}

Adware.Flash Tracking Cookie
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\BC.YOUPORN.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\ACVS.MEDIAONENETWORK.NET
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\IA.MEDIA-IMDB.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\MEDIA.IGN.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\MEDIA.NOOB.US
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\MEDIA.SCANSCOUT.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\MEDIA1.BREAK.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\MEDIA1.THEGAMEHOMEPAGE.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\VIDEOMEDIA.IGN.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\I.ADULTSWIM.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\CRACKLE.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\EC.ATDMT.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\SPE.ATDMT.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\M1.EMEA.2MDN.NET
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\S0.2MDN.NET
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\STATIC.2MDN.NET
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\SECURE-UK.IMRWORLDWIDE.COM
C:\Documents and Settings\For Spore\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JF2FWPAS\SECURE-US.IMRWORLDWIDE.COM

Adware.Tracking Cookie
C:\Documents and Settings\amy\Cookies\amy@adopt.euroclick[2].txt
C:\Documents and Settings\amy\Cookies\amy@adrevolver[2].txt
C:\Documents and Settings\amy\Cookies\amy@ads.anm.co[1].txt
C:\Documents and Settings\amy\Cookies\amy@ads.cnn[1].txt
C:\Documents and Settings\amy\Cookies\amy@ads.pointroll[1].txt
C:\Documents and Settings\amy\Cookies\amy@ads.telegraph.co[1].txt
C:\Documents and Settings\amy\Cookies\amy@adserver.s-cool.co[2].txt
C:\Documents and Settings\amy\Cookies\amy@adserver[1].txt
C:\Documents and Settings\amy\Cookies\amy@adtech[1].txt
C:\Documents and Settings\amy\Cookies\amy@advertising[1].txt
C:\Documents and Settings\amy\Cookies\amy@adviva[1].txt
C:\Documents and Settings\amy\Cookies\amy@anad.tacoda[1].txt
C:\Documents and Settings\amy\Cookies\amy@anat.tacoda[1].txt
C:\Documents and Settings\amy\Cookies\amy@apmebf[1].txt
C:\Documents and Settings\amy\Cookies\amy@atdmt[1].txt
C:\Documents and Settings\amy\Cookies\amy@bannersng.yell[1].txt
C:\Documents and Settings\amy\Cookies\amy@bluestreak[2].txt
C:\Documents and Settings\amy\Cookies\amy@bs.serving-sys[2].txt
C:\Documents and Settings\amy\Cookies\amy@collective-media[1].txt
C:\Documents and Settings\amy\Cookies\amy@content.yieldmanager[2].txt
C:\Documents and Settings\amy\Cookies\amy@content.yieldmanager[3].txt
C:\Documents and Settings\amy\Cookies\amy@d.blogads[2].txt
C:\Documents and Settings\amy\Cookies\amy@doubleclick[1].txt
C:\Documents and Settings\amy\Cookies\amy@doubleclick[2].txt
C:\Documents and Settings\amy\Cookies\amy@doubleclick[3].txt
C:\Documents and Settings\amy\Cookies\amy@ehg-dig.hitbox[2].txt
C:\Documents and Settings\amy\Cookies\amy@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\amy\Cookies\amy@ehg-hotcourses.hitbox[1].txt
C:\Documents and Settings\amy\Cookies\amy@ehg-mgnlimited.hitbox[1].txt
C:\Documents and Settings\amy\Cookies\amy@f.blogads[2].txt
C:\Documents and Settings\amy\Cookies\amy@fastclick[2].txt
C:\Documents and Settings\amy\Cookies\amy@findmadeleine.blogspot[2].txt
C:\Documents and Settings\amy\Cookies\amy@hcourses.adbureau[2].txt
C:\Documents and Settings\amy\Cookies\amy@hitbox[1].txt
C:\Documents and Settings\amy\Cookies\amy@iacas.adbureau[2].txt
C:\Documents and Settings\amy\Cookies\amy@insightexpressai[1].txt
C:\Documents and Settings\amy\Cookies\amy@interclick[1].txt
C:\Documents and Settings\amy\Cookies\amy@keywordmax[1].txt
C:\Documents and Settings\amy\Cookies\amy@kontera[2].txt
C:\Documents and Settings\amy\Cookies\amy@media.adrevolver[1].txt
C:\Documents and Settings\amy\Cookies\amy@monstersandcritics.advertserve[1].txt
C:\Documents and Settings\amy\Cookies\amy@neocounter2[2].txt
C:\Documents and Settings\amy\Cookies\amy@operationfindachild[1].txt
C:\Documents and Settings\amy\Cookies\amy@overture[2].txt
C:\Documents and Settings\amy\Cookies\amy@pro-market[1].txt
C:\Documents and Settings\amy\Cookies\amy@questionmarket[2].txt
C:\Documents and Settings\amy\Cookies\amy@realmedia[1].txt
C:\Documents and Settings\amy\Cookies\amy@revsci[2].txt
C:\Documents and Settings\amy\Cookies\amy@roiservice[1].txt
C:\Documents and Settings\amy\Cookies\amy@server.cpmstar[1].txt
C:\Documents and Settings\amy\Cookies\amy@server.iad.liveperson[1].txt
C:\Documents and Settings\amy\Cookies\amy@serving-sys[1].txt
C:\Documents and Settings\amy\Cookies\amy@specificclick[2].txt
C:\Documents and Settings\amy\Cookies\amy@statcounter[2].txt
C:\Documents and Settings\amy\Cookies\amy@statse.webtrendslive[1].txt
C:\Documents and Settings\amy\Cookies\amy@tacoda[2].txt
C:\Documents and Settings\amy\Cookies\amy@track.adform[1].txt
C:\Documents and Settings\amy\Cookies\amy@tradedoubler[1].txt
C:\Documents and Settings\amy\Cookies\amy@tribalfusion[1].txt
C:\Documents and Settings\amy\Cookies\amy@viacom.adbureau[1].txt
C:\Documents and Settings\amy\Cookies\amy@videoegg.adbureau[2].txt
C:\Documents and Settings\amy\Cookies\amy@www.burstbeacon[1].txt
C:\Documents and Settings\amy\Cookies\amy@www.googleadservices[2].txt
C:\Documents and Settings\amy\Cookies\amy@www.googleadservices[3].txt
C:\Documents and Settings\amy\Cookies\amy@xiti[1].txt
C:\Documents and Settings\james\Cookies\james@247realmedia[2].txt
C:\Documents and Settings\james\Cookies\james@2o7[2].txt
C:\Documents and Settings\james\Cookies\james@a.websponsors[2].txt
C:\Documents and Settings\james\Cookies\james@account.live[2].txt
C:\Documents and Settings\james\Cookies\james@accounts[1].txt
C:\Documents and Settings\james\Cookies\james@accounts[2].txt
C:\Documents and Settings\james\Cookies\james@ad.allvoices[2].txt
C:\Documents and Settings\james\Cookies\james@ad.associatedcontent[1].txt
C:\Documents and Settings\james\Cookies\james@ad.httpool[1].txt
C:\Documents and Settings\james\Cookies\james@ad.jemm-traffic.co[1].txt
C:\Documents and Settings\james\Cookies\james@ad.proxad[2].txt
C:\Documents and Settings\james\Cookies\james@ad.warcraftmovies[2].txt
C:\Documents and Settings\james\Cookies\james@ad.yieldmanager[2].txt
C:\Documents and Settings\james\Cookies\james@ad1.emediate[1].txt
C:\Documents and Settings\james\Cookies\james@ad2.adecn[1].txt
C:\Documents and Settings\james\Cookies\james@adbrite[1].txt
C:\Documents and Settings\james\Cookies\james@adbureau[1].txt
C:\Documents and Settings\james\Cookies\james@AdDisplayTrackerServlet[2].txt
C:\Documents and Settings\james\Cookies\james@adecn[2].txt
C:\Documents and Settings\james\Cookies\james@adinterax[2].txt
C:\Documents and Settings\james\Cookies\james@adlegend[1].txt
C:\Documents and Settings\james\Cookies\james@adopt.euroclick[2].txt
C:\Documents and Settings\james\Cookies\james@ads.ad4game[1].txt
C:\Documents and Settings\james\Cookies\james@ads.adap[2].txt
C:\Documents and Settings\james\Cookies\james@ads.adultswim[1].txt
C:\Documents and Settings\james\Cookies\james@ads.anm.co[1].txt
C:\Documents and Settings\james\Cookies\james@ads.aol.co[1].txt
C:\Documents and Settings\james\Cookies\james@ads.cartoonnetwork[1].txt
C:\Documents and Settings\james\Cookies\james@ads.cnn[1].txt
C:\Documents and Settings\james\Cookies\james@ads.contactmusic[1].txt
C:\Documents and Settings\james\Cookies\james@ads.cooperhosting[1].txt
C:\Documents and Settings\james\Cookies\james@ads.gamesbannernet[1].txt
C:\Documents and Settings\james\Cookies\james@ads.habbogroup[2].txt
C:\Documents and Settings\james\Cookies\james@ads.habbohotel.co[2].txt
C:\Documents and Settings\james\Cookies\james@ads.incgamers[1].txt
C:\Documents and Settings\james\Cookies\james@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\james\Cookies\james@ads.monster[2].txt
C:\Documents and Settings\james\Cookies\james@ads.nexstardigital[1].txt
C:\Documents and Settings\james\Cookies\james@ads.planetactive[1].txt
C:\Documents and Settings\james\Cookies\james@ads.sun[2].txt
C:\Documents and Settings\james\Cookies\james@ads.telegraph.co[2].txt
C:\Documents and Settings\james\Cookies\james@ads1.admeld[1].txt
C:\Documents and Settings\james\Cookies\james@adserver.adtechus[1].txt
C:\Documents and Settings\james\Cookies\james@adserver.incgamers[1].txt
C:\Documents and Settings\james\Cookies\james@adserver.mmoguru[2].txt
C:\Documents and Settings\james\Cookies\james@adtech[1].txt
C:\Documents and Settings\james\Cookies\james@adultcirc.co[1].txt
C:\Documents and Settings\james\Cookies\james@adultswim[1].txt
C:\Documents and Settings\james\Cookies\james@advertising[2].txt
C:\Documents and Settings\james\Cookies\james@adviva[1].txt
C:\Documents and Settings\james\Cookies\james@anad.tacoda[1].txt
C:\Documents and Settings\james\Cookies\james@apmebf[1].txt
C:\Documents and Settings\james\Cookies\james@atdmt[1].txt
C:\Documents and Settings\james\Cookies\james@banners.battleon[2].txt
C:\Documents and Settings\james\Cookies\james@banners.dragonfable[1].txt
C:\Documents and Settings\james\Cookies\james@banners2.battleon[1].txt
C:\Documents and Settings\james\Cookies\james@battleon.directtrack[2].txt
C:\Documents and Settings\james\Cookies\james@bs.serving-sys[1].txt
C:\Documents and Settings\james\Cookies\james@burstbeacon[1].txt
C:\Documents and Settings\james\Cookies\james@c.blogads[1].txt
C:\Documents and Settings\james\Cookies\james@cassava[1].txt
C:\Documents and Settings\james\Cookies\james@cgm.adbureau[1].txt
C:\Documents and Settings\james\Cookies\james@chitika[2].txt
C:\Documents and Settings\james\Cookies\james@clickbank[1].txt
C:\Documents and Settings\james\Cookies\james@clicktorrent[1].txt
C:\Documents and Settings\james\Cookies\james@collective-media[1].txt
C:\Documents and Settings\james\Cookies\james@content.yieldmanager[2].txt
C:\Documents and Settings\james\Cookies\james@cracked[2].txt
C:\Documents and Settings\james\Cookies\james@d.blogads[2].txt
C:\Documents and Settings\james\Cookies\james@delivery.crispadvertising[2].txt
C:\Documents and Settings\james\Cookies\james@directtrack[1].txt
C:\Documents and Settings\james\Cookies\james@dmtracker[1].txt
C:\Documents and Settings\james\Cookies\james@doubleclick[1].txt
C:\Documents and Settings\james\Cookies\james@e-2dj6wbkikjdzcao.stats.esomniture[2].txt
C:\Documents and Settings\james\Cookies\james@eaeacom.112.2o7[1].txt
C:\Documents and Settings\james\Cookies\james@eas.apm.emediate[2].txt
C:\Documents and Settings\james\Cookies\james@ehg-futurepub.hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@ehg-machinas.hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@ehg-researchinmotion.hitbox[2].txt
C:\Documents and Settings\james\Cookies\james@ehg-rodale.hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@ehg-upperdeck.hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@euroclick[1].txt
C:\Documents and Settings\james\Cookies\james@f.blogads[1].txt
C:\Documents and Settings\james\Cookies\james@findarticles[2].txt
C:\Documents and Settings\james\Cookies\james@focalex[1].txt
C:\Documents and Settings\james\Cookies\james@forums.govteen[2].txt
C:\Documents and Settings\james\Cookies\james@gjacket.adbureau[2].txt
C:\Documents and Settings\james\Cookies\james@go.globaladsales[1].txt
C:\Documents and Settings\james\Cookies\james@gostats[1].txt
C:\Documents and Settings\james\Cookies\james@hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@imrworldwide[2].txt
C:\Documents and Settings\james\Cookies\james@indextools[1].txt
C:\Documents and Settings\james\Cookies\james@insightexpressai[1].txt
C:\Documents and Settings\james\Cookies\james@interclick[1].txt
C:\Documents and Settings\james\Cookies\james@kontera[1].txt
C:\Documents and Settings\james\Cookies\james@login.tracktor.co[1].txt
C:\Documents and Settings\james\Cookies\james@m1.webstats.motigo[2].txt
C:\Documents and Settings\james\Cookies\james@media.mtvnservices[2].txt
C:\Documents and Settings\james\Cookies\james@media.wow-europe[1].txt
C:\Documents and Settings\james\Cookies\james@media6degrees[2].txt
C:\Documents and Settings\james\Cookies\james@mediaplex[2].txt
C:\Documents and Settings\james\Cookies\james@partyaccount[1].txt
C:\Documents and Settings\james\Cookies\james@partypoker[1].txt
C:\Documents and Settings\james\Cookies\james@phg.hitbox[1].txt
C:\Documents and Settings\james\Cookies\james@premiumtv.122.2o7[1].txt
C:\Documents and Settings\james\Cookies\james@prospect.adbureau[1].txt
C:\Documents and Settings\james\Cookies\james@revsci[2].txt
C:\Documents and Settings\james\Cookies\james@richmedia.yahoo[2].txt
C:\Documents and Settings\james\Cookies\james@rotator.adjuggler[2].txt
C:\Documents and Settings\james\Cookies\james@scan.winspywareprotectscan[1].txt
C:\Documents and Settings\james\Cookies\james@servedby.advertising[2].txt
C:\Documents and Settings\james\Cookies\james@servedby.adxpower[1].txt
C:\Documents and Settings\james\Cookies\james@server.cpmstar[1].txt
C:\Documents and Settings\james\Cookies\james@server.iad.liveperson[1].txt
C:\Documents and Settings\james\Cookies\james@server.lon.liveperson[1].txt
C:\Documents and Settings\james\Cookies\james@serving-sys[2].txt
C:\Documents and Settings\james\Cookies\james@sexperienceuk.channel4[2].txt
C:\Documents and Settings\james\Cookies\james@smartadserver[2].txt
C:\Documents and Settings\james\Cookies\james@specificclick[1].txt
C:\Documents and Settings\james\Cookies\james@specificmedia[1].txt
C:\Documents and Settings\james\Cookies\james@stats.adbrite[1].txt
C:\Documents and Settings\james\Cookies\james@stats.gamestop[1].txt
C:\Documents and Settings\james\Cookies\james@stats.routesgame[1].txt
C:\Documents and Settings\james\Cookies\james@statse.webtrendslive[2].txt
C:\Documents and Settings\james\Cookies\james@tacoda[2].txt
C:\Documents and Settings\james\Cookies\james@thenakedscientists[1].txt
C:\Documents and Settings\james\Cookies\james@toplist[2].txt
C:\Documents and Settings\james\Cookies\james@track.adform[2].txt
C:\Documents and Settings\james\Cookies\james@tradedoubler[2].txt
C:\Documents and Settings\james\Cookies\james@tribalfusion[2].txt
C:\Documents and Settings\james\Cookies\james@trvlnet.adbureau[2].txt
C:\Documents and Settings\james\Cookies\james@valueclick[2].txt
C:\Documents and Settings\james\Cookies\james@viacom.adbureau[2].txt
C:\Documents and Settings\james\Cookies\james@videoegg.adbureau[1].txt
C:\Documents and Settings\james\Cookies\james@w00tpublishers.wootmedia[2].txt
C:\Documents and Settings\james\Cookies\james@weborama[2].txt
C:\Documents and Settings\james\Cookies\james@www.3pintracking[1].txt
C:\Documents and Settings\james\Cookies\james@www.burstbeacon[2].txt
C:\Documents and Settings\james\Cookies\james@www.clash-media[1].txt
C:\Documents and Settings\james\Cookies\james@www.cluestats[1].txt
C:\Documents and Settings\james\Cookies\james@www2.mystats[1].txt
C:\Documents and Settings\james\Cookies\james@xiti[1].txt
C:\Documents and Settings\james\Cookies\james@yadro[2].txt
C:\Documents and Settings\james\Cookies\james@z.blogads[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adviva[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn5.specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@247realmedia[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@3.adbrite[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ad.flux[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ad.yieldmanager[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ad1.clickhype[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ad1.emediate[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@adbrite[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@AdDisplayTrackerServlet[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@adecn[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@admse013.adbureau[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@adopt.euroclick[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.anm.co[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.aol.co[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.bittorrent[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.bridgetrack[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.cnn[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.fairinvestment.co[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.jossip[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.planetactive[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.pointroll[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.realtechnetwork[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.socialreach[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.soft32[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads.telegraph.co[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ads1.helloecho[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@adserver.adtechus[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@adserver.easyad[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@adserver.ringro[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@adserver1.mokono[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@advertising[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@adviva[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@anad.tacoda[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@anat.tacoda[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@apmebf[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@at.atwola[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@atdmt[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@atwola[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@azjmp[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@banner.bingo.blackpoolclub.co[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@banner.casino.blackpoolclub.co[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@bs.serving-sys[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@burstnet[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@c.blogads[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@casalemedia[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@cassava[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@chitika[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@clicktorrent[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@content.yieldmanager[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@content.yieldmanager[3].txt
C:\Documents and Settings\sophi\Cookies\sophi@d.blogads[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@dc.tremormedia[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@dmtracker[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@doubleclick[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@eas.apm.emediate[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ehg-debenhams.hitbox[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ehg-francetel.hitbox[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ehg-penguingroupusa.hitbox[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@ehg-twi.hitbox[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@f.blogads[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@findarticles[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@findmypromdress[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@go.globaladsales[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@gostats[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@hitbox[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@imrworldwide[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@indextools[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@insightexpressai[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@interclick[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@kontera[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@login.tracktor.co[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@media.egotastic[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@media6degrees[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@mediaplex[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@optimize.indieclick[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@pointroll[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@pr.valueclick[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@prospect.adbureau[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@questionmarket[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@revsci[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@richmedia.yahoo[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@rocku.adbureau[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@rotator.adjuggler[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@sales.liveperson[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@servedby.adxpower[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@server.cpmstar[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@server.iad.liveperson[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@serving-sys[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@socialmedia[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@specificclick[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@statcounter[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@stats.channel4[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@statse.webtrendslive[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@tacoda[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@track.adform[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@tracking.hearthstoneonline[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@tracking.summitmedia.co[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@tradedoubler[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@tribalfusion[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@umstreet.adbureau[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@valueclick[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@videoegg.adbureau[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@warnerbros.112.2o7[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@webpower[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@www.3pintracking[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@www.burstbeacon[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@www.clash-media[2].txt
C:\Documents and Settings\sophi\Cookies\sophi@www.fatpenguinmedia[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@www.googleadservices[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@www.hxtrack[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@xiti[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@yadro[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@z.blogads[1].txt
C:\Documents and Settings\sophi\Cookies\sophi@zedo[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@3.adbrite[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@ad.yieldmanager[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@adbrite[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@adecn[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@adopt.euroclick[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@adserver[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@adtech[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@advertising[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@apmebf[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@atdmt[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@bs.serving-sys[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@burstnet[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@casalemedia[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@doubleclick[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@fastclick[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@insightexpressai[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@mediaplex[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@msnportal.112.2o7[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@rotator.adjuggler[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@server.cpmstar[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@serving-sys[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@specificclick[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@tradedoubler[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@videoegg.adbureau[2].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@www.burstbeacon[1].txt
C:\Documents and Settings\sophi\Local Settings\Temp\Cookies\sophi@www.burstnet[2].txt

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 07 June 2010 - 07:36 PM

OK, post them when you can. Is this redirect predominantly in Google?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Dire Need

Dire Need
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 08 June 2010 - 12:29 PM

Looked like it was mainly google, here are the Malwarebytes' result:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4180

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

08/06/2010 18:21:25
mbam-log-2010-06-08 (18-21-25).txt

Scan type: Quick scan
Objects scanned: 222680
Time elapsed: 2 hour(s), 12 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Says nothing is there, but my problem is still here. Also, jusched.exe and qttask.exe keep wanting permission for internet access.

Edited by Dire Need, 08 June 2010 - 12:47 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 08 June 2010 - 02:16 PM

Hi,Let's run these 2 next, I think we'll get it now.

Please read and follow all these instructions.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Now TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Dire Need

Dire Need
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 09 June 2010 - 09:52 AM

This is all I get for Goored? I tried it twice, just to make sure...

GooredFix by jpshortstuff (08.01.10.1)
Log created at 15:52 on 09/06/2010 (For Spore)
Firefox version 3.6.3 (en-GB)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:17 15/11/2009]

C:\Documents and Settings\For Spore\Application Data\Mozilla\Firefox\Profiles\4h3osio0.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:22 06/06/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:48 22/06/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [19:09 12/01/2010]

---------- Old Logs ----------
GooredFix[14.52.02_09-06-2010].txt

-=E.O.F=-



Now TDSSKiller:

15:56:20:640 1332 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
15:56:20:640 1332 ================================================================================
15:56:20:640 1332 SystemInfo:

15:56:20:640 1332 OS Version: 5.1.2600 ServicePack: 2.0
15:56:20:640 1332 Product type: Workstation
15:56:20:640 1332 ComputerName: YOUR-192E5C24FC
15:56:20:640 1332 UserName: For Spore
15:56:20:640 1332 Windows directory: C:\WINDOWS
15:56:20:640 1332 Processor architecture: Intel x86
15:56:20:640 1332 Number of processors: 1
15:56:20:640 1332 Page size: 0x1000
15:56:20:640 1332 Boot type: Normal boot
15:56:20:640 1332 ================================================================================
15:56:27:000 1332 Initialize success
15:56:27:000 1332
15:56:27:000 1332 Scanning Services ...
15:56:27:437 1332 Raw services enum returned 369 services
15:56:27:453 1332
15:56:27:453 1332 Scanning Drivers ...
15:56:27:937 1332 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:56:28:000 1332 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:56:28:421 1332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:56:29:000 1332 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:56:29:421 1332 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
15:56:29:828 1332 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
15:56:30:015 1332 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:56:30:187 1332 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:56:30:234 1332 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:56:30:312 1332 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:56:30:453 1332 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:56:30:609 1332 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:56:30:875 1332 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:56:30:890 1332 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:56:30:906 1332 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:56:30:906 1332 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:56:30:921 1332 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:56:30:937 1332 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:56:31:062 1332 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:56:31:093 1332 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:56:31:109 1332 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:56:31:203 1332 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:56:31:437 1332 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:56:31:468 1332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:56:31:515 1332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:56:31:531 1332 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:56:31:546 1332 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:56:31:562 1332 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:56:31:578 1332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:56:31:625 1332 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:56:31:781 1332 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:56:31:796 1332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:56:31:859 1332 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:56:31:875 1332 Cdrom (77a3142dce0eb7f38cb93b267de6bc7e) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:56:31:875 1332 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 77a3142dce0eb7f38cb93b267de6bc7e, Fake md5: af9c19b3100fe010496b1a27181fbf72
15:56:31:875 1332 File "C:\WINDOWS\system32\DRIVERS\cdrom.sys" infected by TDSS rootkit ... 15:56:32:031 1332 Backup copy found, using it..
15:56:32:062 1332 will be cured on next reboot
15:56:32:296 1332 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:56:32:406 1332 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:56:32:421 1332 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:56:32:671 1332 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:56:32:687 1332 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:56:32:734 1332 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:56:33:000 1332 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:56:33:218 1332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:56:33:265 1332 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:56:33:312 1332 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:56:33:328 1332 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:56:33:359 1332 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
15:56:33:390 1332 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:56:33:406 1332 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:56:33:421 1332 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:56:33:437 1332 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:56:33:453 1332 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:56:33:484 1332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:56:33:500 1332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:56:33:531 1332 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:56:33:578 1332 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:56:33:625 1332 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:56:33:687 1332 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:56:33:750 1332 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:56:33:796 1332 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:56:33:843 1332 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:56:33:890 1332 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:56:33:937 1332 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
15:56:34:171 1332 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:56:34:234 1332 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:56:34:281 1332 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:56:34:390 1332 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:56:34:406 1332 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:56:34:421 1332 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:56:34:437 1332 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:56:34:453 1332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:56:34:468 1332 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:56:34:484 1332 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:56:34:500 1332 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:56:34:531 1332 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:56:34:546 1332 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:56:34:578 1332 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:56:34:640 1332 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
15:56:34:781 1332 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
15:56:34:906 1332 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
15:56:35:187 1332 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
15:56:35:343 1332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:56:35:343 1332 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:56:35:406 1332 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:56:35:453 1332 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:56:35:500 1332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:56:35:562 1332 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:56:35:562 1332 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:56:35:687 1332 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:56:35:718 1332 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:56:35:937 1332 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:56:36:250 1332 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:56:36:468 1332 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:56:36:640 1332 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:56:36:687 1332 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:56:36:703 1332 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:56:36:750 1332 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:56:36:859 1332 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
15:56:37:000 1332 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
15:56:37:062 1332 Mtlmnt5 (6433ec4bce450447c7947f6181a9e268) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
15:56:38:031 1332 Mtlstrm (30b87862b93574a20d78e1ff63c88694) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
15:56:38:468 1332 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:56:38:687 1332 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:56:38:734 1332 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:56:39:000 1332 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:56:39:218 1332 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:56:39:343 1332 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:56:39:484 1332 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:56:39:703 1332 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:56:39:828 1332 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:56:39:968 1332 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:56:40:203 1332 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:56:40:421 1332 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
15:56:40:671 1332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:56:40:921 1332 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:56:41:156 1332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:56:41:390 1332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:56:41:593 1332 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:56:41:812 1332 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:56:42:031 1332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:56:42:156 1332 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:56:42:484 1332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:56:42:640 1332 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:56:42:890 1332 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:56:43:093 1332 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:56:43:312 1332 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:56:43:484 1332 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
15:56:43:640 1332 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:56:43:750 1332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:56:43:765 1332 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:56:43:781 1332 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:56:43:796 1332 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:56:43:796 1332 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:56:43:812 1332 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:56:43:843 1332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:56:43:859 1332 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:56:43:875 1332 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:56:43:890 1332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:56:43:906 1332 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:56:44:156 1332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:56:44:187 1332 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:56:44:437 1332 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
15:56:44:656 1332 RecAgent (41315d97bb319bd5b5e1b367570e7b3c) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
15:56:44:703 1332 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:56:44:859 1332 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
15:56:45:078 1332 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
15:56:45:265 1332 rtl8139 (8be348f9aeeb4da0005b7f500f46f6ad) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:56:45:343 1332 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:56:45:375 1332 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:56:45:578 1332 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
15:56:45:765 1332 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
15:56:45:968 1332 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys
15:56:46:171 1332 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys
15:56:46:359 1332 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys
15:56:46:562 1332 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys
15:56:46:765 1332 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:56:46:812 1332 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:56:46:859 1332 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:56:46:906 1332 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:56:47:000 1332 SI3112r (0917eb303a2bc3e122f2777daef1a63c) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
15:56:47:109 1332 SiFilter (78b1a1523265e5dbcced0c814ac719de) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
15:56:47:125 1332 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:56:47:171 1332 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:56:47:250 1332 Slntamr (3af1d1cf5053ee50fc675e4036929d18) C:\WINDOWS\system32\DRIVERS\slntamr.sys
15:56:47:515 1332 SlNtHal (f06507086ff9bfdbcf3c5098a4848b5d) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
15:56:47:718 1332 SlWdmSup (cd4f4cee4481e11bda806a9366785a1d) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
15:56:48:109 1332 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
15:56:48:671 1332 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:56:48:687 1332 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
15:56:48:703 1332 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:56:48:843 1332 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
15:56:49:046 1332 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:56:49:250 1332 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:56:49:281 1332 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:56:49:421 1332 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:56:49:484 1332 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:56:49:500 1332 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:56:49:531 1332 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:56:49:562 1332 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:56:49:625 1332 Tcpip (88763a98a4c26c409741b4aa162720c9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:56:49:828 1332 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:56:49:859 1332 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:56:49:890 1332 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:56:49:906 1332 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:56:49:953 1332 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:56:49:984 1332 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:56:50:000 1332 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
15:56:50:265 1332 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:56:50:421 1332 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:56:50:546 1332 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:56:50:578 1332 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:56:50:687 1332 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:56:50:703 1332 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:56:50:734 1332 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:56:50:765 1332 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:56:50:890 1332 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:56:50:953 1332 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:56:51:000 1332 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:56:51:125 1332 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:56:51:203 1332 vsdatant (1045d05bbd5170565927d7653346c961) C:\WINDOWS\system32\vsdatant.sys
15:56:51:546 1332 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:56:51:578 1332 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
15:56:51:625 1332 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:56:51:640 1332 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:56:51:671 1332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:56:51:875 1332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:56:51:875 1332 Reboot required for cure complete..
15:56:52:203 1332 Cure on reboot scheduled successfully
15:56:52:203 1332
15:56:52:203 1332 Completed
15:56:52:203 1332
15:56:52:203 1332 Results:
15:56:52:203 1332 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:56:52:203 1332 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:56:52:203 1332
15:56:52:234 1332 KLMD(ARK) unloaded successfully

Edited by Dire Need, 09 June 2010 - 10:03 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 09 June 2010 - 10:29 AM

The second one should have it. How's it running now/?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Dire Need

Dire Need
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 09 June 2010 - 10:34 AM

Not been redirected yet, but I havn't been searching much. No random new tab pop-ups yet either and it appears to be running a bit faster, too. If you've managed to fix this I will be very grateful, I've been trying for days. Thankyou for the help regardless, I will post here again if I encounter a problem, I'll check for a couple days.

P.S. Is there anything I can do to stop a similar attack?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 09 June 2010 - 11:00 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Dire Need

Dire Need
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 09 June 2010 - 01:10 PM

Thank you so much, its finally gone and now I can browse happily again. I made the system restore thing and it is looking fine. Hopefully now I won't get another virus for a while.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 09 June 2010 - 03:13 PM

You're welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users