Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't find a Trojan - Windows Update not working and Getting redirects in Firefox


  • Please log in to reply
7 replies to this topic

#1 DRWFishes

DRWFishes

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 23 June 2010 - 05:45 PM

Hi all,

I am new to this forum. I am having a problem in that I am sure I have a Trojan or the like as Windows Update has stopped working and I am getting redirects to various webpages in Firefox as well Google Chrome just hangs when I start it. When I try to go to the Windows Update or any Microsoft Help pages I get the "connection reset" message and can go no further.

So far I have run a full AVG scan as well as Full MalwareBytes Scan and both have found nothing. I have checked my Java release level and it is the latest. Am at a loss as to what else I should be looking at, so any help or advice would be appreciated.

Many Thanks

DRW
Windows Vista Home Premium (32bit)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 23 June 2010 - 09:26 PM

Hi, please run these so we can review the logs.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DRWFishes

DRWFishes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 24 June 2010 - 06:33 PM

Hi Boopme,

Thanks for you help. I really appreciate it.

OK - ATF Cleaner ran o.k. in SAFE mode - no problems

Ran the SAS and Log is below..... again run in SAFE mode.

Tried to run the GMER both in normal and SAFE mode and it failed and closed twice before I got it to run in normal mode. GMER log below also.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2010 at 11:05 PM

Application Version : 4.39.1002

Core Rules Database Version : 5113
Trace Rules Database Version: 2925

Scan type : Complete Scan
Total Scan Time : 05:45:06

Memory items scanned : 293
Memory threats detected : 0
Registry items scanned : 9514
Registry threats detected : 0
File items scanned : 429306
File threats detected : 391

Adware.Flash Tracking Cookie
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\WWWSTATIC.MEGAPN.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\ACVS.MEDIAONENETWORK.NET
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53\IA.MEDIA-

IMDB.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\MEDIA.FOXSPORTS.COM.AU
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\MEDIA.MTVNSERVICES.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\MEDIA.SCANSCOUT.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\MEDIA.TATTOMEDIA.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\INTERCLICK.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\RMD.ATDMT.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\NAIADSYSTEMS.COM
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53

\M1.AU.2MDN.NET
C:\Users\David\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JUKTBQ53\SECURE-

US.IMRWORLDWIDE.COM

Trojan.Agent/Gen-Nullo[Short]
C:\CRYPTLOAD\CRYPTLOAD_1.1.6\OCR\NETLOAD.IN\ASMCAPTCHA\TEST.EXE
C:\GAMES\DINER DASH INSTALL\ALL.REFLEXIVE.ARCADE.GAMES.V2.0_CRK-FFF 2007\FFF-REFLEXV2.EXE

Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

Adware.Tracking Cookie
C:\Users\CCFlyClub\AppData\Roaming\Microsoft\Windows\Cookies\ccflyclub@2o7[2].txt
acvs.mediaonenetwork.net [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
cdn.insights.gravity.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
cdn5.specificclick.net [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
ia.media-imdb.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
interclick.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
m1.au.2mdn.net [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
media.foxsports.com.au [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
media.mtvnservices.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
media.perthnow.com.au [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
media.scanscout.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
media.tattomedia.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
naiadsystems.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
rmd.atdmt.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
secure-us.imrworldwide.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
stat.easydate.biz [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
static.xxxmatch.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
tc-cdn-1.porned.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
tools.latinteencash.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
www.p.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
wwwstatic.mega.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash

Player\#SharedObjects\JUKTBQ53 ]
.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.imrworldwide.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.imrworldwide.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.doubleclick.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.atdmt.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.atdmt.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
statse.webtrendslive.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.bizzclick.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.overture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.overture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
.overture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d6u7hx4u.DRW\cookies.sqlite ]
www.bb.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.bb.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adworld.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adworld.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tube5.ipo.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.youtube.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.bigfree.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.bigfree.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.bigfree.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tube4.ip.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
chili-warez.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
chili-ware.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.socialmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.lockedonmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.lockedonmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ads.lockedonmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
chili-ware.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.hornblog.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.stats.paypal.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.hornmatches.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.psphere.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.poad.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.chitika.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.newzfind.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.naiadsystems.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.naiadsystems.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.nocash.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.webmasterplan.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.101.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.101.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
am.101.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.101.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.webstats4u.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediaonenetwork.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediaonenetwork.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.media.photobucket.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.wallpapers-sexy.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediafire.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediafire.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
eas.apm.emediate.eu [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.freegiants.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.whichstar.co.uk [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.whichstar.co.uk [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
zbox.zanox.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.usenext.de [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.clicksor.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.clicksor.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
clicktorrent.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
clicktorrent.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
clicktorrent.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
angelforum.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
angelforum.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mega.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mega.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adfusionmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.cyonix.to [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.webstats4u.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad1.emediate.dk [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad1.emediate.dk [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.myimage.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.myimage.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adworld.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.bb.biz [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.bb.biz [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
rts.pgmediaserve.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving.webtraffic.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving.webtraffic.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.icuploader.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.icuploader.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mydiary.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mydiary.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.mydiary.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.mydiary.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
p.profitstat.biz [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
p.promostats.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
pix.lets.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
myimage.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
myimage.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.yourbook.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.d.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.e-2dj6wcmiejcpgao.stats.esomniture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.e-2dj6wmlyqldzwfo.stats.esomniture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.e-2dj6wmkiqgdpsko.stats.esomniture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
screenlist.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
screenlist.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
p.profstats.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.openstat.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
secure.partyaccount.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partyaccount.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.nmp.co.uk [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.rabbits.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.smladserver.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.www.rabbits.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.www.rabbits.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
easyadservice.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sharing.org [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
p.profstat.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
int.sitestat.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
int.sitestat.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tracking.percentmobile.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.centrefold.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.centrefold.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
statse.webtrendslive.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.ausmedia.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.ausmedia.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.doubleclick.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.bluestreak.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad.yieldmanager.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad.yieldmanager.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.atdmt.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.atdmt.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.imrworldwide.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.imrworldwide.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.questionmarket.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.msnportal.112.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.hub.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.hub.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad.yieldmanager.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adbrite.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adbrite.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.azjmp.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adbrite.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.clicksor.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.clicksor.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.rambler.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.statcounter.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.zedo.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.zedo.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad.zanox.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.stats.adbrite.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ads2.vasmg.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.iacas.adbureau.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.revsci.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad.yieldmanager.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.yadro.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.friendfinder.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.bs.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.cba.122.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tacoda.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tacoda.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tacoda.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.advertising.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.advertising.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.at.atwola.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.paypal.112.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.apmebf.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediaplex.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediafire.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.casalemedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.casalemedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.casalemedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediafire.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adbrite.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.lfstmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.lfstmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
d.mediaforceads.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
sales.liveperson.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
sales.liveperson.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.media6degrees.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.media6degrees.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.media6degrees.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.free.dirt.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.free.dirt.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.clickintext.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.clickintext.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.weborama.fr [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tradedoubler.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tradedoubler.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
tracking.publicidees.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
tracking.publicidees.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
tracking.publicidees.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.smartadserver.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.smartadserver.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.smartadserver.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.smartadserver.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.advertising.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.xiti.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.advertising.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.kontera.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.statcounter.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.fastclick.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.fastclick.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.xm.xtendmedia.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
clicktorrent.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
clicktorrent.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
g.o.d.cltomedia.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.cltomedia.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
cltomedia.info [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.collective-media.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.statcounter.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.statcounter.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.112.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
videoindex.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.videoindex.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.videoindex.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
adprotraffic.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.mediaplex.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.ad.au.doubleclick.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.kontera.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.kontera.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.e-2dj6wcmiuoczeho.stats.esomniture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
p.profistats.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.atdmt.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tourismnz.122.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.forums.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.forums.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
forums.crackberry.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.rabbits.videosz.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.rabbits.videosz.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.sensismediasmart.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.myroitracking.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.clicksor.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.statcounter.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.e-2dj6wjmyojajokp.stats.esomniture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.cnetaustralia.122.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.statcounter.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
abbit.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tns-counter.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.promisland.user.madbanner.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.promisland.user.madbanner.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.promisland.user.madbanner.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.promisland.user.madbanner.ru [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
rts.pgmediaserve.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
rts.pgmediaserve.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
rts.pgmediaserve.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adtech.de [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.optus.112.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
counter2.hitslink.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.zanox-affiliate.de [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.zanox.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
tour1.match.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
wt.match.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.at.atwola.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
media.sensis.com.au [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.fastclick.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.overture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.overture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.viacom.adbureau.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.viacom.adbureau.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.serving-sys.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.questionmarket.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.e-2dj6wjmyoncjako.stats.esomniture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.perf.overture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.match.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
openx.match.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www1.match.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
in.getclicky.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.hub.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ads1.advertising.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
click.mooter.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.overture.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
adultadincome.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
adserver.adreactor.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.philips.112.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.revsci.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
rotator.adjuggler.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
rotator.adjuggler.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.content.yieldmanager.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
d.mediadakine.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.revsci.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.revsci.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.revsci.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.revsci.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.zedo.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adbrite.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.zedo.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.sellmeyourtraffic.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.trafficrevenue.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.pornrabbit.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.partypoker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
sunlightmedia1.aglnahnjcmvlbg.asklots.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
www.visit-tracker.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.advertise.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.adbrite.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
ad.yieldmanager.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.f2network.112.2o7.net [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.bizzclick.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
.tribalfusion.com [

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\s77b3cyh.default\cookies.sqlite ]
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.bighealthtree[2].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.financialcontent

[2].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz5.91469.asklots

[1].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@msnportal.112.2o7[1].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\WINDOWS\System32

\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt




GMER LOG:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-25 09:08:33
Windows 6.0.6002 Service Pack 2
Running: 8xl5gy0u.exe; Driver: C:\Users\David\AppData\Local\Temp\uxliraow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwOpenProcess [0xA3916730]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x9100D620]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateThread [0xA3916880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwWriteVirtualMemory [0xA3916920]

INT 0x52 ? 879EFF00
INT 0x62 ? 85BA4BF8
INT 0x62 ? 85BA4BF8
INT 0x62 ? 85BA4BF8
INT 0x62 ? 85BA4BF8
INT 0x62 ? 85BA4BF8
INT 0x82 ? 879EFF00
INT 0x82 ? 879EFF00
INT 0x82 ? 879EFF00
INT 0x92 ? 879EFF00
INT 0xA2 ? 879EFF00
INT 0xA2 ? 85BA2EA8
INT 0xA2 ? 85BA2EA8
INT 0xA2 ? 85BA2EA8
INT 0xA2 ? 85BA2EA8
INT 0xA2 ? 879EFF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 824B2B54 4 Bytes [30, 67, 91, A3]
.text ntkrnlpa.exe!KeSetEvent + 621 824B2D84 8 Bytes [20, D6, 00, 91, 80, 68, 91, ...] {AND DH, DL; ADD [ECX-0x5c6e9780], DL}
.text ntkrnlpa.exe!KeSetEvent + 681 824B2DE4 4 Bytes [20, 69, 91, A3]
? System32\Drivers\spnc.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload 82BEEB2E 5 Bytes JMP 85BA41D8
.text USBPORT.SYS!DllUnload 8FCF641B 5 Bytes JMP 879EF4E0

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[3368] ntdll.dll!NtProtectVirtualMemory 77C64D34 5 Bytes JMP 0025000A
.text C:\Windows\Explorer.EXE[3368] ntdll.dll!NtWriteVirtualMemory 77C65674 5 Bytes JMP 0026000A
.text C:\Windows\Explorer.EXE[3368] ntdll.dll!KiUserExceptionDispatcher 77C65DC8 5 Bytes JMP 0024000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[7040] ntdll.dll!NtProtectVirtualMemory 77C64D34 5 Bytes JMP 0035000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[7040] ntdll.dll!NtWriteVirtualMemory 77C65674 5 Bytes JMP 0036000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[7040] ntdll.dll!KiUserExceptionDispatcher 77C65DC8 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[7688] ntdll.dll!NtProtectVirtualMemory 77C64D34 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[7688] ntdll.dll!NtWriteVirtualMemory 77C65674 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[7688] ntdll.dll!KiUserExceptionDispatcher 77C65DC8 5 Bytes JMP 0081000A
.text C:\Windows\system32\svchost.exe[7688] ole32.dll!CoCreateInstance 76419EA6 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[7688] USER32.dll!GetCursorPos 77DE0B88 5 Bytes JMP 00E2000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D6] \SystemRoot\System32\Drivers\spnc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E042] \SystemRoot\System32\Drivers\spnc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E800] \SystemRoot\System32\Drivers\spnc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0C0] \SystemRoot\System32\Drivers\spnc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13E] \SystemRoot\System32\Drivers\spnc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069DB90] \SystemRoot\System32\Drivers\spnc.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B87817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BDA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B8BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B7F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B7E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BB8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B8DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B7FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B7FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BAC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B7D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B76853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B7687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B82AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865581F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \FileSystem\cdfs \Cdfs 85E531F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218664415d
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218664415d (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xFC 0x1E 0xAC 0x54 ...

---- EOF - GMER 1.0.15 ----


Thanks again! DRW

Edited by DRWFishes, 25 June 2010 - 01:47 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 24 June 2010 - 10:04 PM

Man!! let's run 2 more, if it's not here we''ll have to move to using DDS.

TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Now an online scan with ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DRWFishes

DRWFishes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 25 June 2010 - 06:49 AM

Thanks again Boopme....

I think we got it this time. I ran both scans and the logs are below. After the ESET scan had finished Windows Update came up :thumbsup:

Here is the TDSSKiller log:

16:37:58:312 5540 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
16:37:58:312 5540 ================================================================================
16:37:58:312 5540 SystemInfo:

16:37:58:312 5540 OS Version: 6.0.6002 ServicePack: 2.0
16:37:58:312 5540 Product type: Workstation
16:37:58:312 5540 ComputerName: HOMEOFFICE
16:37:58:312 5540 UserName: David
16:37:58:312 5540 Windows directory: C:\Windows
16:37:58:313 5540 Processor architecture: Intel x86
16:37:58:313 5540 Number of processors: 2
16:37:58:313 5540 Page size: 0x1000
16:37:58:314 5540 Boot type: Normal boot
16:37:58:314 5540 ================================================================================
16:38:08:392 5540 Initialize success
16:38:08:393 5540
16:38:08:393 5540 Scanning Services ...
16:38:12:595 5540 Raw services enum returned 495 services
16:38:12:625 5540
16:38:12:631 5540 Scanning Drivers ...
16:38:15:608 5540 Accelerometer (5c41679e1a2e0830069e45d288fa8499) C:\Windows\system32\DRIVERS\Accelerometer.sys
16:38:15:878 5540 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:38:16:213 5540 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:38:16:309 5540 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:38:16:380 5540 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:38:16:447 5540 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:38:16:696 5540 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
16:38:16:979 5540 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys
16:38:17:387 5540 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:38:17:533 5540 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:38:17:696 5540 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:38:17:848 5540 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:38:18:091 5540 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:38:18:281 5540 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:38:18:353 5540 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
16:38:18:421 5540 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:38:18:464 5540 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:38:18:553 5540 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:38:18:671 5540 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:38:18:857 5540 AVerBDA6x (7e57500e0c9b412e8eb5757bab0e9816) C:\Windows\system32\DRIVERS\AVerBDA716x.sys
16:38:19:067 5540 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
16:38:19:276 5540 AVGIDSDrivervtx (1bf5706111544aefe29f64783c22d8fb) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys
16:38:19:565 5540 AVGIDSErHrvtx (3efc8f7eae54b780d1e0730da23dad25) C:\Windows\system32\Drivers\AVGIDSvx.sys
16:38:19:828 5540 AVGIDSFiltervtx (a19902063d7368864cc5708f4d1b1c97) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys
16:38:19:887 5540 AVGIDSShimvtx (034df5434a092e3bb963d1febff7aabf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys
16:38:20:045 5540 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
16:38:20:155 5540 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
16:38:20:353 5540 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
16:38:20:402 5540 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
16:38:20:557 5540 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:38:20:652 5540 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:38:20:708 5540 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:38:20:772 5540 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
16:38:20:817 5540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:38:20:894 5540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:38:20:952 5540 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:38:20:992 5540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:38:21:031 5540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:38:21:064 5540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:38:21:118 5540 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
16:38:21:149 5540 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
16:38:21:228 5540 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:38:21:329 5540 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
16:38:21:438 5540 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
16:38:21:484 5540 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys
16:38:21:532 5540 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys
16:38:21:593 5540 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys
16:38:21:674 5540 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:38:21:728 5540 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
16:38:21:830 5540 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:38:21:915 5540 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
16:38:22:010 5540 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:38:22:071 5540 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:38:22:100 5540 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:38:22:128 5540 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:38:22:155 5540 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:38:22:191 5540 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:38:22:261 5540 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
16:38:22:325 5540 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:38:22:448 5540 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:38:22:533 5540 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:38:22:598 5540 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:38:22:678 5540 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:38:22:757 5540 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
16:38:22:918 5540 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:38:23:007 5540 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:38:23:084 5540 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:38:23:194 5540 enecir (6c74035909b31f873d85b25e00beb984) C:\Windows\system32\DRIVERS\enecir.sys
16:38:23:277 5540 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:38:23:354 5540 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:38:23:421 5540 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:38:23:475 5540 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:38:23:531 5540 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:38:23:571 5540 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:38:23:641 5540 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:38:23:751 5540 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:38:23:823 5540 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
16:38:23:898 5540 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:38:23:934 5540 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:38:23:979 5540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:38:24:058 5540 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:38:24:146 5540 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:38:24:260 5540 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
16:38:24:307 5540 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
16:38:24:455 5540 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:38:24:653 5540 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:38:24:745 5540 hpdskflt (cc2148a432c351b9b0d289cde198b530) C:\Windows\system32\DRIVERS\hpdskflt.sys
16:38:24:807 5540 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:38:24:838 5540 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
16:38:24:970 5540 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:38:25:070 5540 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:38:25:463 5540 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:38:26:135 5540 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:38:26:173 5540 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:38:26:213 5540 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:38:26:270 5540 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:38:26:308 5540 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:38:26:341 5540 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:38:26:389 5540 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:38:26:450 5540 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:38:26:499 5540 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:38:26:541 5540 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:38:26:572 5540 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:38:26:646 5540 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:38:26:730 5540 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:38:26:774 5540 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:38:26:871 5540 JMCR (a485fee80eb39ca259343468c7069de2) C:\Windows\system32\DRIVERS\jmcr.sys
16:38:26:938 5540 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:38:27:065 5540 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:38:27:140 5540 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
16:38:27:220 5540 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:38:27:284 5540 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:38:27:368 5540 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:38:27:441 5540 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:38:27:485 5540 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:38:27:513 5540 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:38:27:541 5540 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:38:27:626 5540 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:38:27:681 5540 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:38:27:775 5540 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:38:27:975 5540 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:38:28:116 5540 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:38:28:298 5540 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:38:28:388 5540 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:38:28:448 5540 MountMgr (bf8a2f6785671ad07ea5dbc1f77b812a) C:\Windows\system32\drivers\mountmgr.sys
16:38:28:453 5540 Suspicious file (Forged): C:\Windows\system32\drivers\mountmgr.sys. Real md5: bf8a2f6785671ad07ea5dbc1f77b812a, Fake md5: bdafc88aa6b92f7842416ea6a48e1600
16:38:28:453 5540 File "C:\Windows\system32\drivers\mountmgr.sys" infected by TDSS rootkit ... 16:38:28:999 5540 Backup copy found, using it..
16:38:29:071 5540 will be cured on next reboot
16:38:29:300 5540 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:38:29:366 5540 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:38:29:431 5540 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:38:29:486 5540 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:38:29:552 5540 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:38:29:583 5540 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:38:29:640 5540 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:38:29:697 5540 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
16:38:29:747 5540 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:38:29:840 5540 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:38:30:002 5540 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:38:30:094 5540 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:38:30:138 5540 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:38:30:192 5540 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:38:30:249 5540 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:38:30:290 5540 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:38:30:357 5540 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:38:30:442 5540 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:38:30:507 5540 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:38:30:614 5540 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:38:30:741 5540 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:38:30:802 5540 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:38:30:885 5540 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:38:30:940 5540 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:38:31:025 5540 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:38:31:131 5540 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:38:31:350 5540 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:38:31:721 5540 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:38:31:794 5540 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:38:31:838 5540 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:38:32:018 5540 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:38:32:212 5540 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:38:32:293 5540 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:38:32:346 5540 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
16:38:32:463 5540 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
16:38:33:471 5540 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:38:34:103 5540 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:38:34:191 5540 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:38:34:253 5540 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:38:34:361 5540 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:38:34:412 5540 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:38:34:526 5540 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:38:34:579 5540 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:38:34:651 5540 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:38:34:683 5540 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:38:34:743 5540 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:38:34:866 5540 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:38:34:993 5540 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:38:35:072 5540 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:38:35:128 5540 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:38:35:200 5540 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:38:35:297 5540 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:38:35:337 5540 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:38:35:365 5540 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:38:35:419 5540 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:38:35:481 5540 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:38:35:572 5540 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:38:35:669 5540 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:38:35:749 5540 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:38:35:865 5540 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:38:35:896 5540 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:38:35:967 5540 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:38:36:020 5540 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
16:38:36:080 5540 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
16:38:36:146 5540 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
16:38:36:215 5540 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
16:38:36:275 5540 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:38:36:390 5540 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:38:36:570 5540 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:38:36:612 5540 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:38:36:789 5540 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:38:36:877 5540 SCREAMINGBDRIVER (51ad731a5be7c3f06726ca92c7cb7df1) C:\Windows\system32\drivers\ScreamingBAudio.sys
16:38:36:937 5540 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
16:38:36:994 5540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:38:37:038 5540 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:38:37:086 5540 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:38:37:147 5540 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:38:37:192 5540 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:38:37:223 5540 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:38:37:291 5540 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:38:37:329 5540 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:38:37:388 5540 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:38:37:427 5540 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:38:37:470 5540 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:38:37:530 5540 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:38:37:571 5540 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:38:37:644 5540 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
16:38:37:651 5540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
16:38:37:710 5540 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
16:38:37:824 5540 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
16:38:37:893 5540 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
16:38:37:961 5540 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
16:38:38:127 5540 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
16:38:38:166 5540 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:38:38:356 5540 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:38:38:461 5540 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:38:38:535 5540 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:38:38:656 5540 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
16:38:38:748 5540 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
16:38:38:900 5540 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
16:38:39:012 5540 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:38:39:195 5540 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:38:39:353 5540 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:38:39:398 5540 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:38:39:538 5540 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:38:39:595 5540 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:38:39:646 5540 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:38:39:711 5540 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:38:39:773 5540 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:38:39:855 5540 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:38:39:955 5540 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:38:39:991 5540 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:38:40:033 5540 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:38:40:049 5540 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:38:40:085 5540 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:38:40:174 5540 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
16:38:40:275 5540 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:38:40:394 5540 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:38:40:717 5540 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:38:40:899 5540 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:38:41:025 5540 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:38:41:072 5540 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
16:38:41:124 5540 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:38:41:149 5540 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:38:41:361 5540 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:38:41:509 5540 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:38:41:627 5540 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:38:41:673 5540 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
16:38:41:736 5540 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
16:38:41:770 5540 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:38:41:797 5540 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:38:41:845 5540 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:38:41:882 5540 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:38:41:923 5540 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:38:41:957 5540 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:38:42:197 5540 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:38:42:626 5540 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:38:43:000 5540 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:38:43:116 5540 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:38:43:154 5540 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:38:43:160 5540 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:38:43:185 5540 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:38:43:227 5540 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:38:43:361 5540 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:38:43:432 5540 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:38:43:692 5540 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:38:44:042 5540 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:38:44:087 5540 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:38:44:093 5540 Reboot required for cure complete..
16:38:44:492 5540 Cure on reboot scheduled successfully
16:38:44:492 5540
16:38:44:493 5540 Completed
16:38:44:493 5540
16:38:44:493 5540 Results:
16:38:44:493 5540 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:38:44:493 5540 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:38:44:494 5540
16:38:44:526 5540 KLMD(ARK) unloaded successfully

And here is the ESET Log


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6a7316e6856c704aa6a842c1bd7a4037
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-25 10:17:14
# local_time=2010-06-25 08:17:14 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1029 16777213 100 100 0 11609985 0 0
# compatibility_mode=5892 16776573 100 100 987966 114978871 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=470121
# found=1
# cleaned=1
# scan_time=11291
C:\Games\Miltos Raynor's TS Trainer +2.exe Win32/Keylogger.HotKeysHook.A virus (deleted - quarantined) 00000000000000000000000000000000 C





I am quite surprised that none of the antivirus packages found it.

Anyway....... Thanks again and let me know if you think I need to do more.

Cheers

DRW

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 25 June 2010 - 10:18 AM

Yes,they are getting better at hiding. Sometimes it'll take several scans or tools...

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DRWFishes

DRWFishes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 25 June 2010 - 05:24 PM

Thank you Boopme....... All working just fine. I have learned a lot from this go round. Appreciate it! :thumbsup:

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 25 June 2010 - 10:39 PM

You're welcome from us all. Hey learn a bit more.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users