Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 CivilAU34

CivilAU34

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 01 July 2010 - 12:56 PM

I am having several computer issues; the google redirect virus and evertime my computer reboots, it reverts to Windows NT as the theme. I have to turn "themes" back on under services to get back to XP.

Any help would be appreciated.

EDIT: Moved from XP forum to Am I Infected ~ Hamluis.

Edited by hamluis, 01 July 2010 - 01:04 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:07 AM

Posted 01 July 2010 - 02:37 PM

Hello and welcome... Let's see where this gets us.

Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CivilAU34

CivilAU34
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 01 July 2010 - 06:00 PM

Thanks for the help, see logs below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2010 at 04:47 PM

Application Version : 4.40.1002

Core Rules Database Version : 5145
Trace Rules Database Version: 2957

Scan type : Complete Scan
Total Scan Time : 01:23:14

Memory items scanned : 399
Memory threats detected : 0
Registry items scanned : 7700
Registry threats detected : 0
File items scanned : 94219
File threats detected : 439

Adware.Tracking Cookie
C:\Documents and Settings\MattS\Cookies\matts@doubleclick[1].txt
C:\Documents and Settings\MattS\Cookies\matts@apmebf[1].txt
C:\Documents and Settings\MattS\Cookies\matts@mediaplex[2].txt
C:\Documents and Settings\MattS\Cookies\matts@tacoda[2].txt
C:\Documents and Settings\MattS\Cookies\matts@bs.serving-sys[1].txt
C:\Documents and Settings\MattS\Cookies\matts@fastclick[2].txt
C:\Documents and Settings\MattS\Cookies\matts@pointroll[2].txt
C:\Documents and Settings\MattS\Cookies\matts@atdmt[1].txt
C:\Documents and Settings\MattS\Cookies\matts@invitemedia[1].txt
C:\Documents and Settings\MattS\Cookies\matts@kaspersky.122.2o7[1].txt
C:\Documents and Settings\MattS\Cookies\matts@casalemedia[1].txt
C:\Documents and Settings\MattS\Cookies\matts@bizzclick[1].txt
C:\Documents and Settings\MattS\Cookies\matts@ads.pointroll[2].txt
C:\Documents and Settings\MattS\Cookies\matts@ads.bleepingcomputer[1].txt
C:\Documents and Settings\MattS\Cookies\matts@at.atwola[2].txt
C:\Documents and Settings\MattS\Cookies\matts@collective-media[2].txt
C:\Documents and Settings\MattS\Cookies\matts@ads.cnn[1].txt
C:\Documents and Settings\MattS\Cookies\matts@advertising[2].txt
C:\Documents and Settings\MattS\Cookies\matts@yieldmanager[1].txt
C:\Documents and Settings\MattS\Cookies\matts@ad.yieldmanager[2].txt
C:\Documents and Settings\MattS\Cookies\matts@foxinteractivemedia.122.2o7[1].txt
C:\Documents and Settings\MattS\Cookies\matts@revsci[2].txt
C:\Documents and Settings\MattS\Cookies\matts@zedo[1].txt
C:\Documents and Settings\MattS\Cookies\matts@serving-sys[1].txt
C:\Documents and Settings\GarrettB\Cookies\garrettb@2o7[1].txt
C:\Documents and Settings\JackM$\Cookies\jackm$@paypal.112.2o7[1].txt
C:\Documents and Settings\JackM$\Cookies\jackm$@stats.paypal[1].txt
convoad.technoratimedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
core.insightexpressai.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
media-glam.pictela.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
media.entertonement.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
media.onsugar.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXJ8HQPT ]
C:\Documents and Settings\LocalService\Cookies\system@1046.clicksvalidate[1].txt
C:\Documents and Settings\LocalService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.candystand[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[5].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adcloudmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adecn[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.gossipcenter[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.undertone[3].txt
C:\Documents and Settings\LocalService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[2].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[6].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\LocalService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bs.serving-sys[3].txt
C:\Documents and Settings\LocalService\Cookies\system@burstbeacon[2].txt
C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\LocalService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn1.trafficmp[2].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn4.specificclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn4.specificclick[3].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn4.specificclick[4].txt
C:\Documents and Settings\LocalService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\LocalService\Cookies\system@clickforensics[1].txt
C:\Documents and Settings\LocalService\Cookies\system@clickthrough.kanoodle[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\LocalService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\LocalService\Cookies\system@interclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@oasn04.247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@oasn04.247realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\LocalService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@specificclick[3].txt
C:\Documents and Settings\LocalService\Cookies\system@specificclick[4].txt
C:\Documents and Settings\LocalService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@specificmedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\LocalService\Cookies\system@www.burstbeacon[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.burstnet[2].txt
C:\Documents and Settings\LocalService\Cookies\system@xml.titusmedia[1].txt
2mdn.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
adsatt.espn.go.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
cdn4.specificclick.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
content.oddcast.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
core.insightexpressai.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
crackle.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
ds.serving-sys.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
ec.atdmt.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
espn360.channelfinder.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
interclick.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
m1.2mdn.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media.mtvnservices.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media.nbcbayarea.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media.oprah.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media.resulthost.org [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media.scanscout.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media.tattomedia.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media.tbo.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
media1.break.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
mediafileshost.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
mediaforgews.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
mediastore.verizonwireless.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
msnbcmedia.msn.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
naiadsystems.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
objects.tremormedia.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
oddcast.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
richmedia247.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
s0.2mdn.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
secure-us.imrworldwide.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
spe.atdmt.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
static.2mdn.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
static.plymedia.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
track.trackads.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
trackads.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
udn.specificclick.net [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
valuead.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
video.redorbit.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
www.crackle.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
www.pornhost.com [ C:\Documents and Settings\MattS\Application Data\Macromedia\Flash Player\#SharedObjects\KP85H4EP ]
C:\Documents and Settings\MattS\Cookies\matts@tacoda[1].txt
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
media.onsugar.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
sex.healthguru.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\885ZYPPH ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.jmg[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.localpages[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.localpages[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adcloudmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.addynamix[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.gossipcenter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.ourstage[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads2.drivelinemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@bluestreak[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bonniercorp.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@businessfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ccreate.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbank[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickforensics[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz2.91423.blueseek[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz3.91419.asklots[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz3.91469.blueseek[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz3.91469.blueseek[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz5.91469.blueseek[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz7.91469.blueseek[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz8.91469.blueseek[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@dr.findlinks[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@exoclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@feed.validclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@homestore.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@lockedonmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@madethecut.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@oasn04.247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@oasn04.247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@revenue[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revenue[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@statse.webtrendslive[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@top5countdown.mevio[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tracking.realtor[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@videoegg.adbureau[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@videoegg.adbureau[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.businessfind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.icityfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.happytofind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\DS.SERVING-SYS.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\ESPN360.CHANNELFINDER.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\WWW.PORNHOST.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\ACVS.MEDIAONENETWORK.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIA.NBCBAYAREA.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIA.OPRAH.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIA.RESULTHOST.ORG
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIA.SCANSCOUT.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIA.TATTOMEDIA.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIA1.BREAK.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIAFILESHOST.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MEDIAFORGEWS.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\MSNBCMEDIA.MSN.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\RICHMEDIA247.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\TRACK.TRACKADS.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\TRACKADS.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\INTERCLICK.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\CRACKLE.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\WWW.CRACKLE.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\CONTENT.YIELDMANAGER.EDGESUITE.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\NAIADSYSTEMS.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\VALUEAD.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\2MDN.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\M1.2MDN.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\STATIC.2MDN.NET
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\SECURE-US.IMRWORLDWIDE.COM
C:\Documents and Settings\MattS\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KP85H4EP\CONTENT.ODDCAST.COM

Rogue.AntiVirus7
C:\Program Files\AV7\





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4265

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/1/2010 5:21:23 PM
mbam-log-2010-07-01 (17-21-23).txt

Scan type: Quick scan
Objects scanned: 194261
Time elapsed: 24 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


So far, so good on NO google redirects or popups. I will have to follow up on the Services (themes, windows audio, and DHCP Client) stopping on their own. Let me know if you see anything glaring.

Thanks again.

#4 CivilAU34

CivilAU34
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 01 July 2010 - 06:45 PM

It looks like I am still having the problem with the "Themes" service stopping when my computer re-boots; but still no google redirects yet.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:07 AM

Posted 01 July 2010 - 07:49 PM

Hello, let's do 2 more scans and see if we get it now.

ESET Online Scan
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.


Now TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 CivilAU34

CivilAU34
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 01 July 2010 - 09:39 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b06e2606fa63ae4fa2e360154ac149e9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-02 02:32:56
# local_time=2010-07-01 09:32:56 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=96540
# found=0
# cleaned=0
# scan_time=3682



21:42:00:390 4884 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:42:00:390 4884 ================================================================================
21:42:00:390 4884 SystemInfo:

21:42:00:390 4884 OS Version: 5.1.2600 ServicePack: 3.0
21:42:00:390 4884 Product type: Workstation
21:42:00:390 4884 ComputerName: MASH-LT
21:42:00:390 4884 UserName: MattS
21:42:00:390 4884 Windows directory: C:\WINDOWS
21:42:00:390 4884 System windows directory: C:\WINDOWS
21:42:00:390 4884 Processor architecture: Intel x86
21:42:00:390 4884 Number of processors: 2
21:42:00:390 4884 Page size: 0x1000
21:42:00:390 4884 Boot type: Normal boot
21:42:00:390 4884 ================================================================================
21:42:00:625 4884 Initialize success
21:42:00:625 4884
21:42:00:640 4884 Scanning Services ...
21:42:01:203 4884 Raw services enum returned 410 services
21:42:01:203 4884
21:42:01:203 4884 Scanning Drivers ...
21:42:04:109 4884 !dthrs6
21:42:04:218 4884 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:42:04:265 4884 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:42:04:296 4884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:42:04:312 4884 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:42:04:343 4884 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:42:04:375 4884 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:42:04:421 4884 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:42:04:468 4884 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:42:04:500 4884 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:42:04:515 4884 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:42:04:546 4884 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:42:04:546 4884 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:42:04:562 4884 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:42:04:609 4884 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:42:04:625 4884 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:42:04:656 4884 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:42:04:687 4884 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:42:04:703 4884 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:42:04:718 4884 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:42:04:718 4884 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:42:04:765 4884 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:42:04:796 4884 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:42:04:828 4884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:42:04:859 4884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:42:04:906 4884 b57w2k (1ca87e228e9aed459d6439b9ace5089c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:42:04:921 4884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:42:04:937 4884 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:42:04:953 4884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:42:04:984 4884 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:42:05:015 4884 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:42:05:046 4884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:42:05:078 4884 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:42:05:109 4884 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:42:05:140 4884 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:42:05:171 4884 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:42:05:218 4884 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
21:42:05:218 4884 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:42:05:250 4884 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:42:05:281 4884 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:42:05:281 4884 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:42:05:296 4884 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:42:05:359 4884 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:42:05:453 4884 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:42:05:484 4884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:42:05:500 4884 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:42:05:546 4884 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
21:42:05:578 4884 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:42:05:609 4884 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:42:05:656 4884 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:42:05:734 4884 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:42:05:765 4884 eppvad_simple (802f427a85feb7cc5f63587f82e4479e) C:\WINDOWS\system32\drivers\EMP_UDAU.sys
21:42:05:828 4884 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:42:05:875 4884 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:42:05:906 4884 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:42:05:937 4884 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:42:05:968 4884 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:42:05:984 4884 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:42:06:031 4884 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:42:06:046 4884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:42:06:062 4884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:42:06:078 4884 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:42:06:109 4884 guardian2 (50113353ded9a0772741a1c6aa908fa7) C:\WINDOWS\system32\Drivers\oz776.sys
21:42:06:125 4884 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:42:06:140 4884 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:42:06:171 4884 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:42:06:218 4884 HPPLSBULK (32fe92018e28df54bf94d41fc7ff92ac) C:\WINDOWS\system32\drivers\hpplsbulk.sys
21:42:06:265 4884 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:42:06:296 4884 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:42:06:312 4884 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:42:06:406 4884 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
21:42:06:500 4884 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
21:42:06:562 4884 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:42:06:578 4884 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:42:06:609 4884 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:42:06:625 4884 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:42:06:750 4884 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:42:06:875 4884 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:42:06:890 4884 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:42:06:921 4884 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:42:06:953 4884 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:42:06:984 4884 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:42:07:015 4884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:42:07:062 4884 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:42:07:093 4884 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:42:07:109 4884 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:42:07:140 4884 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:42:07:156 4884 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:42:07:171 4884 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:42:07:218 4884 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:42:07:250 4884 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
21:42:07:296 4884 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:42:07:343 4884 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:42:07:390 4884 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:42:07:468 4884 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:42:07:515 4884 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
21:42:07:828 4884 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:42:08:125 4884 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:42:08:140 4884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:42:08:171 4884 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:42:08:171 4884 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:42:08:203 4884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:42:08:234 4884 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:42:08:281 4884 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:42:08:328 4884 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:42:08:390 4884 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:42:08:406 4884 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:42:08:421 4884 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:42:08:453 4884 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:42:08:468 4884 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:42:08:500 4884 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:42:08:515 4884 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:42:08:546 4884 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:42:08:578 4884 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:42:08:734 4884 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100701.018\NAVENG.SYS
21:42:08:843 4884 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100701.018\NAVEX15.SYS
21:42:09:078 4884 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:42:09:125 4884 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:42:09:156 4884 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:42:09:171 4884 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:42:09:203 4884 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:42:09:218 4884 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:42:09:234 4884 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:42:09:250 4884 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:42:09:359 4884 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:42:09:484 4884 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:42:09:515 4884 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:42:09:609 4884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:42:09:718 4884 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:42:09:859 4884 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
21:42:09:890 4884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:42:09:906 4884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:42:09:953 4884 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
21:42:09:984 4884 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
21:42:10:000 4884 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
21:42:10:046 4884 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
21:42:10:078 4884 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:42:10:109 4884 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:42:10:125 4884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:42:10:171 4884 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\drivers\PCASp50.sys
21:42:10:187 4884 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:42:10:218 4884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:42:10:234 4884 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:42:10:312 4884 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:42:10:328 4884 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:42:10:375 4884 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
21:42:10:390 4884 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:42:10:453 4884 PRISM_A02 (484e30bde1bf0c6670158289282942e0) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
21:42:10:484 4884 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:42:10:500 4884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:42:10:546 4884 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:42:10:546 4884 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:42:10:562 4884 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:42:10:578 4884 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:42:10:578 4884 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:42:10:625 4884 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
21:42:10:656 4884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:42:10:703 4884 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:42:10:718 4884 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:42:10:750 4884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:42:10:765 4884 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:42:10:781 4884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:42:10:812 4884 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:42:10:843 4884 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:42:10:859 4884 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:42:10:906 4884 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:42:10:984 4884 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:42:11:015 4884 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:42:11:109 4884 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:42:11:140 4884 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:42:11:156 4884 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:42:11:187 4884 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:42:11:250 4884 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:42:11:281 4884 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:42:11:328 4884 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:42:11:375 4884 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:42:11:500 4884 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:42:11:593 4884 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:42:11:625 4884 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:42:11:671 4884 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
21:42:11:718 4884 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
21:42:11:750 4884 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
21:42:11:812 4884 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:42:11:890 4884 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
21:42:12:000 4884 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:42:12:062 4884 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:42:12:093 4884 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:42:12:125 4884 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:42:12:156 4884 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys
21:42:12:187 4884 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:42:12:203 4884 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:42:12:250 4884 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:42:12:296 4884 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:42:12:328 4884 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:42:12:359 4884 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:42:12:375 4884 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:42:12:421 4884 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:42:12:468 4884 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:42:12:500 4884 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:42:12:531 4884 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:42:12:546 4884 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:42:12:578 4884 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:42:12:625 4884 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:42:12:640 4884 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:42:12:687 4884 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:42:12:718 4884 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:42:12:750 4884 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:42:12:765 4884 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:42:12:812 4884 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:42:12:843 4884 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:42:12:859 4884 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:42:12:875 4884 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:42:12:906 4884 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:42:12:937 4884 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:42:12:968 4884 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:42:12:984 4884 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:42:13:031 4884 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:42:13:062 4884 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:42:13:109 4884 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:42:13:125 4884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:42:13:156 4884 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:42:13:218 4884 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
21:42:13:281 4884 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:42:13:296 4884 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:42:13:328 4884 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:42:13:375 4884 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:42:13:390 4884 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:42:13:406 4884
21:42:13:406 4884 Completed
21:42:13:406 4884
21:42:13:406 4884 Results:
21:42:13:406 4884 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:42:13:406 4884 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:42:13:406 4884
21:42:13:406 4884 KLMD(ARK) unloaded successfully

#7 CivilAU34

CivilAU34
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 01 July 2010 - 09:50 PM

After re-booting, "themes" service was stopped again.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:07 AM

Posted 01 July 2010 - 10:02 PM

Rats!,,, We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:07 AM

Posted 02 July 2010 - 09:19 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/328634/google-redirect-themes-service/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users