Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

security tool virus removal


  • This topic is locked This topic is locked
25 replies to this topic

#1 charliefoxtrot547

charliefoxtrot547

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 27 July 2010 - 08:04 PM

Security Tool virus has taken over my computer. I can't run task manager, regedit, msconfig, How do I remove this from my computer, please?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 27 July 2010 - 08:35 PM

Hello and welcome... Iam moving this from Vista to the Am I Infected forum.

You need to do all the steps ..
Please follow our Removal Guide here How to remove XP Security Tool
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 27 July 2010 - 09:14 PM

thank you for pointing me in the right direction.

I read the steps, and downloaded the mbam and the fixexe.reg. to a flash drive from an uninfected computer, plugged it into infected computer and the security tool is preventing the fixexe.reg from loading, which is preventing the mbam from loading.

Any thoughts?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 27 July 2010 - 09:31 PM

If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it. Same thing for FixRed\g

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Let me know
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 27 July 2010 - 10:07 PM

these did not work either.

I read the post on the Rkill at http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/.

rkill.com, rkill.exe, and rkill.scr all failed. eXplorer.exe successfully ran and stopped the process.

I could then sucessfully run fixexe.reg.

Then i ran/installed the mbam and I am currently in the process of a scan.

thank you so much for your help. I will post the findings when complete.

#6 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 05 August 2010 - 08:18 PM

Title was: Internet Explorer keeps redirecting to marketing pages, Ran Malwarebytes and finds 6 objects, but cannot remove/quarantine ~ OB

When on internet explorer, a new window will randomly open and redirect to some kind of marketing.

Most recent webpage: justluxe.com
Ran Malwarebytes and finds 6 objects, but cannot remove/quarantine:

I select remove objects and it processes them, but a window pops up "cannot delete some files". malwarebytes tells me to restart, but doesn't remove.

Here is the log:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4396

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/5/2010 9:05:30 PM
mbam-log-2010-08-05 (21-05-30).txt

Scan type: Quick scan
Objects scanned: 132139
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkA082.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkAB4B.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2283880f-ef87-4aac-8ebd-c9bcc8494af5_46 (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkA082.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkAB4B.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Roaming\2283880F-EF87-4aac-8EBD-C9BCC8494AF5_46.avi (Malware.Packer.Gen) -> Quarantined and deleted successfully.


How do I remove this.

Thanks!

Edit : removed clickable links to prevent inadvertent infection

Edited by Orange Blossom, 08 August 2010 - 03:11 PM.
Merged topics for sake of continuity. ~ OB


#7 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 05 August 2010 - 08:45 PM

Title was: Norton keeps popping up with message:, a recent attempt to attach your computer was blocked ~ OB

What is going on? When I am viewing a page on yahoo, a new window keeps opening up and trying to redirect me to random links.

Malwarebytes found 6 objects but can't remove them.

How do I proceed?

Edited by Orange Blossom, 08 August 2010 - 03:13 PM.
Merged topics again for sake of continuity. ~ OB


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 05 August 2010 - 08:49 PM

Hello,please post the MBAM log. Is this an XP machine?

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.



Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 05 August 2010 - 08:52 PM

when I select remove, it pops up with a message that some files could not be deleted. I ran scan 3 times and finds the same:




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4396

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/5/2010 9:05:30 PM
mbam-log-2010-08-05 (21-05-30).txt

Scan type: Quick scan
Objects scanned: 132139
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkA082.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkAB4B.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2283880f-ef87-4aac-8ebd-c9bcc8494af5_46 (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkA082.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkAB4B.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Roaming\2283880F-EF87-4aac-8EBD-C9BCC8494AF5_46.avi (Malware.Packer.Gen) -> Quarantined and deleted successfully.

This is Vista Machine

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 05 August 2010 - 09:26 PM

Reboot normally then proceed to the next tools.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 05 August 2010 - 10:58 PM

Thanks for helping,

Ran AFT Cleaner and SuperAntiware - still have same problem

Came back on to this post an same message, "Norton blocked an attemp to attack your computer"

Log from Super:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/05/2010 at 11:41 PM

Application Version : 4.41.1000

Core Rules Database Version : 5324
Trace Rules Database Version: 3136

Scan type : Complete Scan
Total Scan Time : 01:12:05

Memory items scanned : 256
Memory threats detected : 0
Registry items scanned : 12841
Registry threats detected : 0
File items scanned : 200143
File threats detected : 148

Adware.Tracking Cookie
macromedia.com [ C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
cdn.eyewonder.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
cdn4.specificclick.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
core.insightexpressai.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
espn360.channelfinder.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
ll.media.abc.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
m1.2mdn.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
macromedia.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
media-0.phonezoo.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
media.mtvnservices.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
media1.break.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
media2.myfoxorlando.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
msntest.serving-sys.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
objects.tremormedia.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
s0.2mdn.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
secure-us.imrworldwide.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
serving-sys.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
static.2mdn.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
udn.specificclick.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
vidii.hardsextube.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
wdw1.wdpromedia.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WS2SBMBZ ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@101-sex-positions[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@99counters[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@a1.interclick[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@accountonline[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ad.epochtimes[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ad.wsod[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ad.yieldmanager[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adinterax[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.ak.facebook[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.audxch[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.bestsexpositions[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.bleepingcomputer[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.cnn[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.foodbuzz[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.gmodules[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.lockedonmedia[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.lucidmedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.meredithads[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.nascar[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.nba[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.pgatour[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.pubmatic[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.pugetsoundsoftware[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.undertone[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ads.whaleads[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adserver.hardsextube[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adserver.uproxx[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adserving.autotrader[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adxpansion[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adxpose[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@affiliates.commissionaccount[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@am.sexinfo101[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@apmebf[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@asianmedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atdmt[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@banner.adchemy[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@beacon.dmsinsights[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@bestsexpositions[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@bizrate[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@chitika[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicksor[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@collective-media[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@coolsavings[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@counter.rewardsnetwork[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@countrycrock[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@dc.tremormedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@dealtime[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@discounttire[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@doubleclick[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wbkyqoazodo.stats.esomniture[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wbliahcpsgp.stats.esomniture[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wfkiwnazkkp.stats.esomniture[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wfkowjcjccp.stats.esomniture[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wgkiuoajclp.stats.esomniture[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wjk4kgdjshq.stats.esomniture[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wjkyohc5cco.stats.esomniture[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wjlygjd5mdp.stats.esomniture[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wjlyokajccp.stats.esomniture[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@e-2dj6wmkicodzwkq.stats.esomniture[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@eas.apm.emediate[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@edgeadx[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@eyewonder[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@feed.validclick[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@findlegalforms[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@fs10.fusestats[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@galleries.adult-empire[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@greatgamesexperiment[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@hardsextube[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@imrworldwide[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@in.getclicky[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@interclick[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@intermundomedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@invitemedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@kaspersky.122.2o7[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@legolas-media[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lfstmedia[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lm.logicalmedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lockedonmedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lucidmedia[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media.adfrontiers[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media.medhelp[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media.mtvnservices[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@my-calorie-counter.everydayhealth[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@parentmediagroup.go2jump[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@picclick[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@pluckit.demandmedia[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@pointroll[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@richmedia.yahoo[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving.adsrevenue.clicksor[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@sexinfo101[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@sextipsfree[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@sexuality.about[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@socialmedia[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificmedia[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@stat.easydate[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@stats.manticoretechnology[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@stats.officite[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@stats.paypal[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@steelhousemedia[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@supermediastore[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@t.lynxtrack[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@thefrugalfind[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@track.bestbuy[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tracking.hearthstoneonline[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tracking.waterfrontmedia[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@traffic.prod.cobaltgroup[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@webpower[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.accountonline[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.cloudmediacast[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.coolsavings[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.discounttire[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.findlegalforms[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.frontieradserving[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.googleadservices[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.googleadservices[4].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.greatgamesexperiment[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.hrsaccount[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.my-calorie-counter[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.safelite[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.sexinfo101[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.sexpositionspics[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.sextipsfree[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@www.supermediastore[1].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@yadro[2].txt
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zanox[1].txt

Edited by charliefoxtrot547, 05 August 2010 - 10:59 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 06 August 2010 - 09:12 AM

OK,Now I feel we'll get this.
Please follow our Removal Guide here How to remove the TDSS, TDL3, or Alureon rootkit. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 06 August 2010 - 09:50 AM

TDsSKiller Log: Found no threats


2010/08/06 10:44:01.0314 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/06 10:44:01.0314 ================================================================================
2010/08/06 10:44:01.0314 SystemInfo:
2010/08/06 10:44:01.0314
2010/08/06 10:44:01.0314 OS Version: 6.0.6001 ServicePack: 1.0
2010/08/06 10:44:01.0314 Product type: Workstation
2010/08/06 10:44:01.0314 ComputerName: HOME-PC
2010/08/06 10:44:01.0314 UserName: Home
2010/08/06 10:44:01.0314 Windows directory: C:\Windows
2010/08/06 10:44:01.0314 System windows directory: C:\Windows
2010/08/06 10:44:01.0314 Running under WOW64
2010/08/06 10:44:01.0314 Processor architecture: Intel x64
2010/08/06 10:44:01.0314 Number of processors: 2
2010/08/06 10:44:01.0314 Page size: 0x1000
2010/08/06 10:44:01.0314 Boot type: Normal boot
2010/08/06 10:44:01.0314 ================================================================================
2010/08/06 10:44:01.0314 Utility is running under WOW64, functionality is limited.
2010/08/06 10:44:01.0704 Initialize success
2010/08/06 10:44:25.0993 ================================================================================
2010/08/06 10:44:26.0008 Scan started
2010/08/06 10:44:26.0008 Mode: Manual;
2010/08/06 10:44:26.0008 ================================================================================
2010/08/06 10:44:26.0305 ACPI (375243251c24028da6c9761645b43f21) C:\Windows\system32\drivers\acpi.sys
2010/08/06 10:44:26.0352 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/08/06 10:44:26.0398 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/08/06 10:44:26.0445 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/08/06 10:44:26.0476 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/08/06 10:44:26.0586 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2010/08/06 10:44:26.0648 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/08/06 10:44:26.0710 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/08/06 10:44:26.0742 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/08/06 10:44:26.0773 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/08/06 10:44:26.0804 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/08/06 10:44:26.0851 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/08/06 10:44:26.0866 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/08/06 10:44:26.0898 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/06 10:44:26.0929 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2010/08/06 10:44:27.0116 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys
2010/08/06 10:44:27.0147 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/08/06 10:44:27.0178 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/06 10:44:27.0210 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/06 10:44:27.0225 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/08/06 10:44:27.0256 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/08/06 10:44:27.0288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/08/06 10:44:27.0303 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/06 10:44:27.0319 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/08/06 10:44:27.0350 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/08/06 10:44:27.0397 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
2010/08/06 10:44:27.0428 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/06 10:44:27.0459 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/06 10:44:27.0490 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/08/06 10:44:27.0537 CLFS (319e4e9a68303f60cbc813ef19f3cf84) C:\Windows\system32\CLFS.sys
2010/08/06 10:44:27.0600 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/08/06 10:44:27.0631 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/08/06 10:44:27.0662 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/08/06 10:44:27.0724 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2010/08/06 10:44:27.0787 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2010/08/06 10:44:27.0896 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/08/06 10:44:27.0958 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/06 10:44:28.0005 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/08/06 10:44:28.0036 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2010/08/06 10:44:28.0099 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/08/06 10:44:28.0192 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/08/06 10:44:28.0270 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/06 10:44:28.0302 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/08/06 10:44:28.0364 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2010/08/06 10:44:28.0395 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2010/08/06 10:44:28.0426 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/06 10:44:28.0473 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/08/06 10:44:28.0504 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/08/06 10:44:28.0536 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/06 10:44:28.0567 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2010/08/06 10:44:28.0614 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/06 10:44:28.0660 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/06 10:44:28.0738 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/06 10:44:28.0785 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/08/06 10:44:28.0801 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/08/06 10:44:28.0848 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/06 10:44:28.0910 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/08/06 10:44:28.0988 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2010/08/06 10:44:29.0019 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/08/06 10:44:29.0066 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/06 10:44:29.0097 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/08/06 10:44:29.0269 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100805.004\IDSvia64.sys
2010/08/06 10:44:29.0284 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/08/06 10:44:29.0378 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
2010/08/06 10:44:29.0409 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/08/06 10:44:29.0440 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/06 10:44:29.0472 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/06 10:44:29.0534 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/06 10:44:29.0565 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/06 10:44:29.0581 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/08/06 10:44:29.0596 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/08/06 10:44:29.0643 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/06 10:44:29.0659 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/08/06 10:44:29.0690 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/08/06 10:44:29.0721 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/06 10:44:29.0752 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/06 10:44:29.0815 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/06 10:44:29.0830 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/08/06 10:44:29.0955 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/06 10:44:30.0033 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/06 10:44:30.0064 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/06 10:44:30.0080 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/06 10:44:30.0127 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/08/06 10:44:30.0174 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/08/06 10:44:30.0220 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/08/06 10:44:30.0252 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/08/06 10:44:30.0283 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/06 10:44:30.0314 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/06 10:44:30.0345 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/06 10:44:30.0376 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/08/06 10:44:30.0392 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/08/06 10:44:30.0423 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/06 10:44:30.0470 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/06 10:44:30.0501 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2010/08/06 10:44:30.0548 mrxsmb (937512d4321b4f5218ad5a0aebf2b5cc) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/06 10:44:30.0595 mrxsmb10 (152b673b3984356390e7baa4199f1114) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/06 10:44:30.0626 mrxsmb20 (65e45c26ba6fd66cd2889913f73823ef) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/06 10:44:30.0642 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/08/06 10:44:30.0673 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/08/06 10:44:30.0735 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/08/06 10:44:30.0766 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/08/06 10:44:30.0829 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/06 10:44:30.0844 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/06 10:44:30.0876 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/08/06 10:44:30.0891 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2010/08/06 10:44:30.0922 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/06 10:44:30.0954 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/08/06 10:44:30.0969 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2010/08/06 10:44:31.0047 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/06 10:44:31.0125 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100805.048\ENG64.SYS
2010/08/06 10:44:31.0203 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100805.048\EX64.SYS
2010/08/06 10:44:31.0250 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2010/08/06 10:44:31.0281 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/06 10:44:31.0312 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/06 10:44:31.0344 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/06 10:44:31.0375 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/08/06 10:44:31.0406 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/06 10:44:31.0437 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/06 10:44:31.0546 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/08/06 10:44:31.0609 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2010/08/06 10:44:31.0656 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/06 10:44:31.0718 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2010/08/06 10:44:31.0749 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/08/06 10:44:31.0827 NVENETFD (47e206deb9e7260c033ca53795e97c21) C:\Windows\system32\DRIVERS\nvmfdx64.sys
2010/08/06 10:44:32.0092 nvlddmkm (1c4db04ebf98f9ede804905e91bed9ae) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/06 10:44:32.0202 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/08/06 10:44:32.0233 nvrd64 (2f60404c51999daed32517606b6b9585) C:\Windows\system32\drivers\nvrd64.sys
2010/08/06 10:44:32.0264 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/08/06 10:44:32.0295 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/08/06 10:44:32.0311 nvstor64 (03354015aa4690c0dbf5dccdeaec71f5) C:\Windows\system32\drivers\nvstor64.sys
2010/08/06 10:44:32.0358 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/08/06 10:44:32.0420 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/06 10:44:32.0514 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/08/06 10:44:32.0529 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2010/08/06 10:44:32.0576 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2010/08/06 10:44:32.0592 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/08/06 10:44:32.0623 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/08/06 10:44:32.0670 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/08/06 10:44:32.0826 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/06 10:44:32.0857 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2010/08/06 10:44:32.0935 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/06 10:44:33.0028 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/08/06 10:44:33.0060 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/08/06 10:44:33.0122 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/06 10:44:33.0138 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/06 10:44:33.0184 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/06 10:44:33.0231 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/06 10:44:33.0262 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/06 10:44:33.0278 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/06 10:44:33.0309 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/06 10:44:33.0356 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/08/06 10:44:33.0372 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/06 10:44:33.0403 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2010/08/06 10:44:33.0512 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/06 10:44:33.0606 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/08/06 10:44:33.0637 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/08/06 10:44:33.0652 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/08/06 10:44:33.0762 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/06 10:44:33.0824 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/08/06 10:44:33.0855 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/08/06 10:44:33.0871 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/08/06 10:44:33.0949 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/08/06 10:44:33.0980 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/06 10:44:34.0011 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/06 10:44:34.0027 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/08/06 10:44:34.0089 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/08/06 10:44:34.0105 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/08/06 10:44:34.0167 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2010/08/06 10:44:34.0214 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2010/08/06 10:44:34.0354 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
2010/08/06 10:44:34.0370 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
2010/08/06 10:44:34.0417 srv (ae06ff9cd54b74faf4484003be9de89c) C:\Windows\system32\DRIVERS\srv.sys
2010/08/06 10:44:34.0448 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/06 10:44:34.0495 srvnet (a93df8babf7c7b9637a76e0eae5744b7) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/06 10:44:34.0588 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/06 10:44:34.0651 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/08/06 10:44:34.0729 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
2010/08/06 10:44:34.0776 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/08/06 10:44:34.0807 SYMFW (6320bf296b62d324890866a13a296fc0) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
2010/08/06 10:44:34.0854 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/08/06 10:44:34.0869 SYMNDISV (21dcc664a1e0af7bf4c8aded8c9ff9d5) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
2010/08/06 10:44:34.0932 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
2010/08/06 10:44:34.0963 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/08/06 10:44:34.0978 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/08/06 10:44:35.0150 Tcpip (30c4abc8075dea44d7e775d434af1753) C:\Windows\system32\drivers\tcpip.sys
2010/08/06 10:44:35.0197 Tcpip6 (30c4abc8075dea44d7e775d434af1753) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/06 10:44:35.0228 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/06 10:44:35.0259 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/08/06 10:44:35.0275 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/08/06 10:44:35.0306 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/06 10:44:35.0337 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/06 10:44:35.0431 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/06 10:44:35.0462 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/06 10:44:35.0509 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/06 10:44:35.0524 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/08/06 10:44:35.0571 udfs (655156d84ec37559ee230b888a4f23c5) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/06 10:44:35.0634 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/06 10:44:35.0665 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/08/06 10:44:35.0680 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/08/06 10:44:35.0712 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/08/06 10:44:35.0743 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/06 10:44:35.0805 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/06 10:44:35.0836 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/08/06 10:44:35.0852 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/06 10:44:35.0899 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/06 10:44:35.0930 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/06 10:44:35.0977 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/06 10:44:36.0024 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/06 10:44:36.0039 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/06 10:44:36.0070 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/06 10:44:36.0148 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/06 10:44:36.0164 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/08/06 10:44:36.0195 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/08/06 10:44:36.0211 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2010/08/06 10:44:36.0242 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2010/08/06 10:44:36.0273 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2010/08/06 10:44:36.0304 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/08/06 10:44:36.0367 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/08/06 10:44:36.0429 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 10:44:36.0460 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 10:44:36.0507 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/08/06 10:44:36.0585 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/06 10:44:36.0835 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/06 10:44:36.0928 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/06 10:44:37.0006 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/06 10:44:37.0053 ================================================================================
2010/08/06 10:44:37.0053 Scan finished
2010/08/06 10:44:37.0053 ================================================================================
2010/08/06 10:46:09.0606 Deinitialize success

#14 charliefoxtrot547

charliefoxtrot547
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 06 August 2010 - 10:01 AM

Malwarebytes scan results are still the same:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4399

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/6/2010 10:56:22 AM
mbam-log-2010-08-06 (10-56-22).txt

Scan type: Quick scan
Objects scanned: 132117
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkECCD.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrk1DDE.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2283880f-ef87-4aac-8ebd-c9bcc8494af5_46 (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkECCD.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrk1DDE.tmp_46 (Malware.Packer.Gen) -> Delete on reboot.
C:\Users\Home\AppData\Roaming\2283880F-EF87-4aac-8EBD-C9BCC8494AF5_46.avi (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Temp\9e23c49c-123f-4acb-86c8-5dd5e7f97e2a\wrkB079.tmp_46 (Malware.Packer.Gen) -> Quarantined and deleted successfully.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 06 August 2010 - 10:18 AM

Now reboot the machine.
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users