Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

Keep getting redirected to bogus sites

Started by SHAR1222 , Jul 10 2010 06:56 PM

  • Please log in to reply
13 replies to this topic

#1 SHAR1222

SHAR1222

  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:46 AM

Posted 10 July 2010 - 06:56 PM

Hello,
For the past month i have been getting redirected on links and also bogus sites open tabs on my browser.I have used spybot,window defender,ewido anti malware etc. but still have the same problem.Can somebody please help me.

Edited by Orange Blossom, 10 July 2010 - 07:07 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB

BC AdBot (Login to Remove)

 

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 AM

Posted 10 July 2010 - 08:03 PM

Hello and welcome. Ewido is now very old and neither supported nor updated. You may as well remove it and install and use these.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe

alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SHAR1222

SHAR1222
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:46 AM

Posted 11 July 2010 - 02:12 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/3/2010 4:44:37 PM
mbam-log-2010-06-03 (16-44-37).txt

Scan type: Quick scan
Objects scanned: 137067
Time elapsed: 31 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/11/2010 at 02:41 AM

Application Version : 4.40.1002

Core Rules Database Version : 5181
Trace Rules Database Version: 2993

Scan type : Complete Scan
Total Scan Time : 01:05:50

Memory items scanned : 223
Memory threats detected : 0
Registry items scanned : 7169
Registry threats detected : 6
File items scanned : 25414
File threats detected : 173

Adware.Flash Tracking Cookie
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HJYXAPRE\MEDIA.OPRAH.COM
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HJYXAPRE\S0.2MDN.NET
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HJYXAPRE\SECURE-US.IMRWORLDWIDE.COM

Rogue.AntivirusSoft
HKU\.DEFAULT\Software\avsoft
HKU\S-1-5-18\Software\avsoft

Malware.Trace
HKU\.DEFAULT\SOFTWARE\AVSUITE
HKU\S-1-5-18\SOFTWARE\AVSUITE
HKLM\SOFTWARE\AVSUITE
HKLM\SOFTWARE\AVSOFT

Adware.Tracking Cookie
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e3nhqcyg.default\cookies.sqlite ]
convoad.technoratimedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4SGFKFZ2 ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4SGFKFZ2 ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4SGFKFZ2 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4SGFKFZ2 ]
convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8F9UJQN6 ]
adsatt.espn.go.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
advprotraffic.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
cdn.media.soapnet.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
media.king5.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
media.monster.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
media.mtvnservices.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
media.oprah.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
media.wcnc.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
media.whas11.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
media.wwltv.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
s0.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
www.ziporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\HJYXAPRE ]
.allbritton.122.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.bzresults.122.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
stats.townnews.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
stats.townnews.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
stats.townnews.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
stats.townnews.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
click.circuitcity-online.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
click.circuitcity-online.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.harpo.122.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
www.peoplefinders.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.peoplefinders.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.peoplefinders.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.peoplefinders.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.postnewsweekmedia.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.andomedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.walmart.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.bizzclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.ads.addynamix.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.electronicarts.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
stats.gamestop.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ic86n8g2.default\cookies.sqlite ]

Trojan.Agent/Gen-FakeAlert
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\MGOXIP\KUYAKMO.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP63\A0041054.EXE

Also my computer is still doing the same things as before.

Edited by SHAR1222, 11 July 2010 - 02:19 AM.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 AM

Posted 11 July 2010 - 11:22 AM

Hi, we still need to do a few things to get this.
Download FakeAlert Stinger and save to desktop.
Ddouble-click the Stinger application you saved to your desktop.

NOTE: If you are a Windows 7 or Windows Vista user, right-click and select Run As Administrator

If a security warning is displayed, click Yes or Run.
By default the C: drive is scanned. Click Add or Browse to add additional drives/directories.
Click Scan Now. By default, Stinger repairs all infected files found.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.



How is it now??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 SHAR1222

SHAR1222
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:46 AM

Posted 11 July 2010 - 06:00 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/11/2010 6:58:56 PM
mbam-log-2010-07-11 (18-58-56).txt

Scan type: Quick scan
Objects scanned: 138450
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\syssvc.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 AM

Posted 11 July 2010 - 08:27 PM

Bi, so how is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 SHAR1222

SHAR1222
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:46 AM

Posted 11 July 2010 - 10:31 PM

Seems to be working good now thanks alot.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 AM

Posted 11 July 2010 - 10:37 PM

You're welcome.. Looks good here.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 SHAR1222

SHAR1222
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:46 AM

Posted 12 July 2010 - 11:38 AM

Thanks also the redirecting stopped but bogus websites are still opening up tabs how do i stop that?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 AM

Posted 12 July 2010 - 02:30 PM

OK, we'll do this now...

TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 SHAR1222

SHAR1222
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:46 AM

Posted 12 July 2010 - 04:28 PM

16:56:34:843 5044 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
16:56:34:843 5044 ================================================================================
16:56:34:843 5044 SystemInfo:

16:56:34:843 5044 OS Version: 5.1.2600 ServicePack: 2.0
16:56:34:843 5044 Product type: Workstation
16:56:34:843 5044 ComputerName: SHARMAYNE
16:56:34:843 5044 UserName: Owner
16:56:34:843 5044 Windows directory: C:\WINDOWS
16:56:34:843 5044 System windows directory: C:\WINDOWS
16:56:34:843 5044 Processor architecture: Intel x86
16:56:34:843 5044 Number of processors: 1
16:56:34:843 5044 Page size: 0x1000
16:56:34:859 5044 Boot type: Normal boot
16:56:34:859 5044 ================================================================================
16:56:34:937 5044 Initialize success
16:56:34:937 5044
16:56:34:937 5044 Scanning Services ...
16:56:35:359 5044 Raw services enum returned 346 services
16:56:35:375 5044
16:56:35:375 5044 Scanning Drivers ...
16:56:36:046 5044 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:56:36:140 5044 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:56:36:234 5044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:56:36:328 5044 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:56:36:437 5044 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
16:56:36:531 5044 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
16:56:36:640 5044 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:56:36:750 5044 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:56:36:828 5044 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:56:36:890 5044 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:56:36:968 5044 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:56:37:171 5044 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:56:37:375 5044 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:56:37:421 5044 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:56:37:515 5044 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:56:37:593 5044 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:56:37:671 5044 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:56:37:796 5044 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:56:37:890 5044 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:56:37:984 5044 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:56:38:078 5044 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:56:38:203 5044 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:56:38:281 5044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:56:38:406 5044 BCMH43XX (f9f4d7f87c2ff01df41b00c01da26fe2) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
16:56:38:531 5044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:56:38:625 5044 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:56:38:718 5044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:56:38:796 5044 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:56:38:921 5044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:56:39:015 5044 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:56:39:109 5044 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:56:39:281 5044 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:56:39:359 5044 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:56:39:437 5044 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:56:39:531 5044 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:56:39:625 5044 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:56:39:765 5044 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
16:56:40:015 5044 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
16:56:40:296 5044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:56:40:421 5044 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:56:40:546 5044 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:56:40:671 5044 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:56:40:796 5044 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:56:40:937 5044 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:56:41:046 5044 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
16:56:41:187 5044 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:56:41:296 5044 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:56:41:375 5044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:56:41:437 5044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:56:41:515 5044 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:56:41:640 5044 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:56:41:750 5044 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:56:41:828 5044 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:56:41:953 5044 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:56:42:031 5044 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:56:42:109 5044 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:56:42:234 5044 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:56:42:359 5044 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
16:56:42:468 5044 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:56:42:578 5044 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:56:42:671 5044 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:56:42:781 5044 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\tsk98.tmp
16:56:42:796 5044 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk98.tmp. md5: f8aa320c6a0409c0380e5d8a99d76ec6
16:56:42:906 5044 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:56:43:015 5044 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:56:43:109 5044 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:56:43:203 5044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:56:43:296 5044 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:56:43:390 5044 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:56:43:484 5044 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:56:43:578 5044 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:56:43:671 5044 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:56:43:781 5044 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:56:43:875 5044 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:56:44:000 5044 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
16:56:44:078 5044 klmdb (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmdb.sys
16:56:44:187 5044 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
16:56:44:296 5044 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
16:56:44:421 5044 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:56:44:515 5044 mfeavfk (64b96de8c492bd435372d9130a535f1d) C:\WINDOWS\system32\drivers\mfeavfk.sys
16:56:44:625 5044 mfebopk (078e87a89d36cc3516f19d5fb518bddc) C:\WINDOWS\system32\drivers\mfebopk.sys
16:56:44:750 5044 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\WINDOWS\system32\drivers\mfehidk.sys
16:56:44:875 5044 mferkdk (e0842f67dc9bc4d21d1e319610ebe9e5) C:\WINDOWS\system32\drivers\mferkdk.sys
16:56:44:968 5044 mfesmfk (63dd7b6d8a31dce0298e86de3873d013) C:\WINDOWS\system32\drivers\mfesmfk.sys
16:56:45:062 5044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:56:45:156 5044 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
16:56:45:250 5044 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:56:45:343 5044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:56:45:453 5044 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:56:45:546 5044 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:56:45:703 5044 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:56:45:828 5044 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:56:45:953 5044 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:56:46:062 5044 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:56:46:187 5044 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:56:46:281 5044 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:56:46:578 5044 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:56:46:765 5044 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:56:46:843 5044 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
16:56:47:218 5044 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:56:47:328 5044 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
16:56:47:421 5044 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:56:47:515 5044 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:56:47:609 5044 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:56:47:734 5044 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:56:47:828 5044 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:56:47:921 5044 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:56:48:015 5044 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\DRIVERS\npf.sys
16:56:48:140 5044 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:56:48:265 5044 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
16:56:48:390 5044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:56:48:593 5044 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:56:48:796 5044 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:56:48:875 5044 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:56:48:968 5044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:56:49:062 5044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:56:49:156 5044 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
16:56:49:250 5044 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
16:56:49:343 5044 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:56:49:421 5044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:56:49:531 5044 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
16:56:49:656 5044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:56:49:750 5044 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:56:50:046 5044 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:56:50:187 5044 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:56:50:281 5044 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:56:50:390 5044 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
16:56:50:453 5044 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:56:50:562 5044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:56:50:640 5044 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:56:50:765 5044 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:56:50:875 5044 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:56:50:984 5044 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:56:51:078 5044 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:56:51:218 5044 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:56:51:343 5044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:56:51:453 5044 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:56:51:625 5044 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:56:51:765 5044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:56:51:890 5044 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:56:52:062 5044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:56:52:171 5044 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:56:52:312 5044 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
16:56:52:421 5044 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:56:52:562 5044 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:56:52:593 5044 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:56:52:687 5044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:56:52:796 5044 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:56:52:890 5044 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
16:56:52:968 5044 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:56:53:078 5044 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:56:53:171 5044 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:56:53:281 5044 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
16:56:53:359 5044 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
16:56:53:453 5044 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
16:56:53:562 5044 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:56:53:687 5044 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:56:53:765 5044 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:56:53:875 5044 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:56:53:921 5044 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:56:54:031 5044 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:56:54:125 5044 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:56:54:234 5044 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:56:54:375 5044 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:56:54:468 5044 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:56:54:609 5044 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:56:54:703 5044 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:56:54:796 5044 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:56:54:906 5044 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:56:55:015 5044 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
16:56:55:125 5044 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
16:56:55:234 5044 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:56:55:343 5044 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:56:55:406 5044 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:56:55:500 5044 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:56:55:593 5044 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:56:55:703 5044 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:56:55:812 5044 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:56:55:906 5044 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:56:56:015 5044 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:56:56:109 5044 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:56:56:203 5044 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:56:56:343 5044 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
16:56:56:437 5044 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:56:56:546 5044 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:56:56:718 5044 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
16:56:56:812 5044 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:56:56:937 5044 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:56:57:046 5044 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:56:57:046 5044
16:56:57:046 5044 Completed
16:56:57:046 5044
16:56:57:046 5044 Results:
16:56:57:046 5044 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:56:57:046 5044 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:56:57:046 5044
16:56:57:062 5044 KLMD(ARK) unloaded successfully

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 AM

Posted 12 July 2010 - 10:22 PM

Man this is stubborn...

<<><<><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 SHAR1222

SHAR1222
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:46 AM

Posted 13 July 2010 - 11:45 AM

Well before you gave me the last instructions my computer started working correctly.Thanks alot

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 AM

Posted 13 July 2010 - 12:25 PM

Ok, if it's gopod now do the new restore point. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·