Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with redirects!


  • This topic is locked This topic is locked
14 replies to this topic

#1 harley guy 93

harley guy 93

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 21 August 2010 - 05:11 PM

I seem to have become infected with something that keeps causing annoying redirects. I cannot seem to get it straightened out. Can anyone direct me on how to get this thing off of my computer. IE 8, windows XP.
Thanks.

Soory, but I forgot to add my actions up to this point.
I was able to run MBAM, and remove some infected parts, but I still have redirects to random sites, and also to some fake antivirus sites. I also have installed MS security essentials, but that was after the infection. MS security also found and removed some infections, but the redirects are still present.
Thanks in advance. I am not extremely computer literate.

Edited by hamluis, 21 August 2010 - 06:52 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 21 August 2010 - 08:18 PM

Hello and welcome. Let's see how we are after we do this.

Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 harley guy 93

harley guy 93
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 22 August 2010 - 05:06 PM

Thanks for your help. I followed the instructions that you posted ( as far as I can tell). But I still have a redirect problem, this time opening a new instance of explorer. I have posted the logs as you asked.
Thanks again.

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/22/2010 at 11:54 AM

Application Version : 4.41.1000

Core Rules Database Version : 5390
Trace Rules Database Version: 3202

Scan type : Complete Scan
Total Scan Time : 01:30:52

Memory items scanned : 284
Memory threats detected : 0
Registry items scanned : 7456
Registry threats detected : 118
File items scanned : 167632
File threats detected : 297

Adware.CouponBar
HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
HKCR\TTB000001.TTB000001.1
HKCR\TTB000001.TTB000001.1\CLSID
HKCR\TTB000001.TTB000001
HKCR\TTB000001.TTB000001\CLSID
HKCR\TTB000001.TTB000001\CurVer
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR
C:\WINDOWS\COUPONSBAR.DLL
HKLM\Software\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
HKCR\ToolBand.TTB000000.1
HKCR\ToolBand.TTB000000.1\CLSID
HKCR\ToolBand.TTB000000
HKCR\ToolBand.TTB000000\CLSID
HKCR\ToolBand.TTB000000\CurVer
C:\WINDOWS\COUPON~2.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKU\S-1-5-21-3007720257-3711649400-3331379607-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKU\S-1-5-21-3007720257-3711649400-3331379607-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKU\S-1-5-21-3007720257-3711649400-3331379607-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
C:\WINDOWS\COUPONBARIE.DLL
C:\WINDOWS\CPNPRT2.CID
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid32
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib#Version
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid32
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib#Version

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\FAST BROWSER SEARCH\IE\TBHELPER.DLL

Adware.ShopAtHomeSelect
HKU\S-1-5-21-3007720257-3711649400-3331379607-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.Tracking Cookie
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@doubleclick[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@statse.webtrendslive[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@advertise[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@interclick[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@specificmedia[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@lucidmedia[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@overture[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ads.cnn[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@tracking.foxnews[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@wachovia.112.2o7[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@microsoftinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@oasn04.247realmedia[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@trafficmp[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@cdn4.specificclick[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@imrworldwide[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ru4[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@tribalfusion[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@serving-sys[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@realmedia[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@insightexpressai[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@fastclick[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ad.yieldmanager[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@pointroll[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@bs.serving-sys[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@atdmt[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ad.wsod[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ads.pointroll[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@specificclick[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@questionmarket[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@content.yieldmanager[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@kontera[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@adxpose[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@apmebf[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@statcounter[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@www.burstnet[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@collective-media[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@adbrite[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@revsci[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ads.cnn[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@media6degrees[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@a1.interclick[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@content.yieldmanager[3].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@invitemedia[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@mediaplex[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@advertising[3].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@2o7[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@247realmedia[2].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@tacoda[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.foxnews[1].txt
ds.serving-sys.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
i.adultswim.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
interclick.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
media.mtvnservices.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
media.socialvibe.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
media.tattomedia.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
media.y8.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
media1.clubpenguin.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
media2.hallpass.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
www.adultswim.com [ C:\Documents and Settings\JACK\Application Data\Macromedia\Flash Player\#SharedObjects\DB3M4JYF ]
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adecn[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\LocalService\Cookies\system@videoegg.adbureau[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.googleadservices[1].txt
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
media.onsugar.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ATYL9TTN ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adcloudmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.addynamix[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.cpxcenter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.gossipcenter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@counter.surfcounters[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@digitalentertainment.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@oasn04.247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pubads.g.doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tradedoubler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@videoegg.adbureau[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
149.memecounter.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
247realmedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
2mdn.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
ads1.msn.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
adultswim.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
bc.youporn.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
cdn.euroclick.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
cdn1.eyewonder.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
cdn2.invitemedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
cdn4.specificclick.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
core.insightexpressai.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
ds.serving-sys.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
ec.atdmt.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
geo.pointroll.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
hasbroqg.oberon-media.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
i.adultswim.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
ia.media-imdb.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
iacas-images.adbureau.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
indieclick.3janecdn.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
interclick.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
m1.2mdn.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
macromedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media-macys2.pictela.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media-pd.pictela.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media-ut.pictela.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.hotcams.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.jambocast.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.miamiherald.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.mtvnservices.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.redlasso.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.resulthost.org [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.scanscout.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.socialvibe.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.tattomedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.thewb.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.vmixcore.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.wcnc.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media.y8.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media01.kyte.tv [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media1.break.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media1.clubpenguin.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media1.hallpass.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media1.y8.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media2.hallpass.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media2.y8.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media3.hallpass.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media4.redlasso.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
media4.y8.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
mediafileshost.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
mediaforgews.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
mediaplex.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
mediastore.verizonwireless.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
memecounter.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
objects.tremormedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
oddcast.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
s0.2mdn.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
spe.atdmt.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
speed.pointroll.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
static.2mdn.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
udn.specificclick.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
uk.2mdn.net [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
vhss-a.oddcast.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
wdw1.wdpromedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
www.adultswim.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
www.blogsmithmedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
yo.static.presidiomedia.com [ C:\Documents and Settings\Scott Shull\Application Data\Macromedia\Flash Player\#SharedObjects\EYGBHQZ7 ]
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@ad.yieldmanager[1].txt
C:\Documents and Settings\Scott Shull\Cookies\scott_shull@advertising[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\scott_shull@wmvmedialease[1].txt

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Rogue.Component/Trace
HKLM\Software\Microsoft\7C00067D
HKLM\Software\Microsoft\7C00067D#7c00067d
HKLM\Software\Microsoft\7C00067D#Version
HKLM\Software\Microsoft\7C00067D#7c00abfd
HKLM\Software\Microsoft\7C00067D#7c00c218
HKU\S-1-5-21-3007720257-3711649400-3331379607-1005\Software\Microsoft\FIAS4018

Rootkit.Agent/TDSS[Pragma]
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX#start
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX#type
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX#imagepath
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX\modules
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX\modules#PRAGMAd
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX\modules#PRAGMAc
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX\modules#pragmaserf
HKLM\System\CONTROLSET002\SERVICES\PRAGMAKGPIPOUFDX\modules#pragmabbr
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX#start
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX#type
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX#imagepath
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\modules
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\modules#PRAGMAd
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\modules#PRAGMAc
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\modules#pragmaserf
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\modules#pragmabbr
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\Enum
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\Enum#0
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\Enum#Count
HKLM\System\CONTROLSET003\SERVICES\PRAGMAKGPIPOUFDX\Enum#NextInstance
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX#start
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX#type
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX#imagepath
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\modules
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\modules#PRAGMAd
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\modules#PRAGMAc
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\modules#pragmaserf
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\modules#pragmabbr
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\Enum
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\Enum#0
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\Enum#Count
HKLM\System\CURRENTCONTROLSET\SERVICES\PRAGMAKGPIPOUFDX\Enum#NextInstance

Adware.Vundo/Variant-Trace
C:\WINDOWS\SYSTEM32\FAVWFAQN.INI



From MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4462

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/22/2010 12:19:31 PM
mbam-log-2010-08-22 (12-19-31).txt

Scan type: Quick scan
Objects scanned: 155729
Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Scott Shull\Local Settings\Temp\0.8556454460000877.exe (Rogue.PCenter) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 22 August 2010 - 05:16 PM

Hello, probably still a few remnants of TDDS left.
Please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.



ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 harley guy 93

harley guy 93
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 22 August 2010 - 09:25 PM

Boopme,

Thanks for the help.
Below are the 2 logs you requested.
I will be out of town for the next few days, so I will not be able to return to this problem until then. When I return, I will check back and see what else is required.

Thanks again.

TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/22 20:45:31.0703 ================================================================================
2010/08/22 20:45:31.0703 SystemInfo:
2010/08/22 20:45:31.0703
2010/08/22 20:45:31.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/22 20:45:31.0703 Product type: Workstation
2010/08/22 20:45:31.0703 ComputerName: YOUR-47375C5FC1
2010/08/22 20:45:31.0703 UserName: Scott Shull
2010/08/22 20:45:31.0703 Windows directory: C:\WINDOWS
2010/08/22 20:45:31.0703 System windows directory: C:\WINDOWS
2010/08/22 20:45:31.0703 Processor architecture: Intel x86
2010/08/22 20:45:31.0703 Number of processors: 2
2010/08/22 20:45:31.0703 Page size: 0x1000
2010/08/22 20:45:31.0703 Boot type: Normal boot
2010/08/22 20:45:31.0703 ================================================================================
2010/08/22 20:45:32.0171 Initialize success
2010/08/22 20:45:45.0625 ================================================================================
2010/08/22 20:45:45.0625 Scan started
2010/08/22 20:45:45.0625 Mode: Manual;
2010/08/22 20:45:45.0625 ================================================================================
2010/08/22 20:45:45.0937 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/08/22 20:45:46.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/22 20:45:46.0109 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/22 20:45:46.0296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/22 20:45:46.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/22 20:45:46.0453 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
2010/08/22 20:45:46.0578 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/22 20:45:46.0875 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/22 20:45:47.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/22 20:45:47.0093 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/22 20:45:47.0218 ati2mtag (aae41c74db4dd34e8e97cb3a7a92c0b6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/22 20:45:47.0296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/22 20:45:47.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/22 20:45:47.0437 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/08/22 20:45:47.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/22 20:45:47.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/22 20:45:47.0703 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/22 20:45:47.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/22 20:45:47.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/22 20:45:47.0890 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/22 20:45:48.0015 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/22 20:45:48.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/22 20:45:48.0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/22 20:45:48.0437 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2010/08/22 20:45:48.0453 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/22 20:45:48.0515 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/22 20:45:48.0578 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/22 20:45:48.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/22 20:45:48.0750 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/22 20:45:48.0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/22 20:45:48.0859 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/22 20:45:48.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/22 20:45:48.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/22 20:45:49.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/22 20:45:49.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/22 20:45:49.0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/22 20:45:49.0234 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/08/22 20:45:49.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/22 20:45:49.0375 Hardlock (6bfd528f2f25473d3e52ca8c3c25e4df) C:\WINDOWS\system32\drivers\hardlock.sys
2010/08/22 20:45:49.0718 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/08/22 20:45:49.0812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/22 20:45:49.0843 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/08/22 20:45:49.0890 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/22 20:45:50.0000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/22 20:45:50.0109 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/22 20:45:50.0203 ialm (afbf1b43cc830bdc03b582003da439c2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/22 20:45:50.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/22 20:45:50.0406 IntcAzAudAddService (b2b7af5dc5e1b6b171dfda681d105c7c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/22 20:45:50.0484 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/22 20:45:50.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/22 20:45:50.0578 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/22 20:45:50.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/22 20:45:50.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/22 20:45:50.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/22 20:45:50.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/22 20:45:50.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/22 20:45:50.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/22 20:45:51.0031 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/22 20:45:51.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/22 20:45:51.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/22 20:45:51.0296 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/08/22 20:45:51.0406 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/22 20:45:51.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/22 20:45:51.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/22 20:45:51.0625 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/22 20:45:51.0703 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/22 20:45:51.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/22 20:45:51.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/22 20:45:51.0875 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/08/22 20:45:51.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/22 20:45:52.0015 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/22 20:45:52.0093 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/08/22 20:45:52.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/22 20:45:52.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/22 20:45:52.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/22 20:45:52.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/22 20:45:52.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/22 20:45:52.0453 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/22 20:45:52.0515 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/22 20:45:52.0593 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/22 20:45:52.0671 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/22 20:45:52.0718 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/22 20:45:52.0812 NDISRD (1a18f436e4855572260580f4d42c69e8) C:\WINDOWS\system32\drivers\NDISRD.sys
2010/08/22 20:45:52.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/22 20:45:52.0875 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/22 20:45:52.0906 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/22 20:45:52.0937 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/22 20:45:52.0968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/22 20:45:53.0015 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/22 20:45:53.0093 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/22 20:45:53.0203 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2010/08/22 20:45:53.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/22 20:45:53.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/22 20:45:53.0437 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/22 20:45:53.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/22 20:45:53.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/22 20:45:53.0609 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/22 20:45:53.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/22 20:45:53.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/22 20:45:53.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/22 20:45:53.0843 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/22 20:45:53.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/22 20:45:54.0000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/22 20:45:54.0296 Point32 (f754b09a839719575328f707693a919d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/08/22 20:45:54.0359 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/22 20:45:54.0390 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/22 20:45:54.0421 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/22 20:45:54.0468 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/22 20:45:54.0734 RasAcd (19fd528cbfb77c23804b10ba98fa2a72) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/22 20:45:54.0734 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 19fd528cbfb77c23804b10ba98fa2a72, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2010/08/22 20:45:54.0734 RasAcd - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/22 20:45:54.0828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/22 20:45:54.0875 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/22 20:45:54.0906 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/22 20:45:54.0953 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/22 20:45:55.0031 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/22 20:45:55.0093 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/22 20:45:55.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/22 20:45:55.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/22 20:45:55.0359 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/22 20:45:55.0375 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/22 20:45:55.0468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/22 20:45:55.0531 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/22 20:45:55.0625 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/08/22 20:45:55.0718 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/22 20:45:56.0109 smrt (27d6be8e961ab9df26ec5ce823b68b7f) C:\WINDOWS\system32\DRIVERS\smrt.sys
2010/08/22 20:45:56.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/22 20:45:56.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/22 20:45:56.0484 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/22 20:45:56.0578 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/22 20:45:56.0968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/22 20:45:57.0031 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/22 20:45:57.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/22 20:45:57.0265 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/22 20:45:57.0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/22 20:45:57.0406 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/22 20:45:57.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/22 20:45:57.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/22 20:45:57.0750 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/22 20:45:57.0859 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/22 20:45:58.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/22 20:45:58.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/22 20:45:58.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/22 20:45:58.0187 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/22 20:45:58.0296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/22 20:45:58.0343 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/22 20:45:58.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/22 20:45:58.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/22 20:45:58.0578 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/22 20:45:58.0656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/22 20:45:58.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/22 20:45:58.0812 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
2010/08/22 20:45:59.0062 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/22 20:45:59.0156 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/22 20:45:59.0234 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/22 20:45:59.0328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/22 20:45:59.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/22 20:45:59.0468 ================================================================================
2010/08/22 20:45:59.0468 Scan finished
2010/08/22 20:45:59.0468 ================================================================================
2010/08/22 20:45:59.0484 Detected object count: 1
2010/08/22 20:46:49.0281 RasAcd (19fd528cbfb77c23804b10ba98fa2a72) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/22 20:46:49.0281 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 19fd528cbfb77c23804b10ba98fa2a72, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2010/08/22 20:46:49.0281 C:\WINDOWS\system32\DRIVERS\rasacd.sys - quarantined
2010/08/22 20:46:49.0437 Rootkit.Win32.TDSS.tdl3(RasAcd) - User select action: Quarantine



C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1F75B11E-EBBD-4F5F-BDE9-16C5392724FC} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2DA4BC38-2AC2-4FA2-9BBF-053D9EAE0930} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3DFAFC60-3567-4080-B380-3D179564A499} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{48CD0B23-E738-43CB-BD62-E165AD90F91D} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5ACE1573-E239-433B-9476-CD8E8B4D9BD8} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{639E07B5-B74F-47F4-AD9A-BD22E8A81EA4} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{83E1E1F9-0358-4FC9-9678-F63D2DE8F9A1} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{84F6C83E-E4DF-41E8-A00C-9B14B8743A51} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9F37A058-A735-4952-8576-EA0DE06AD06A} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A772A355-A5BB-4053-B775-9C53265C375F} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{AA9D0AFB-0A1F-4CBA-BD73-6AD9BADF533F} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{AEA94447-429A-4921-B244-5BDC2AC37CD8} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B1944BB4-4171-4AD1-84D7-5F2A740C6AEA} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B5D6F694-6F29-4F01-BE7E-994ABCD299F0} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C33D6DA2-B67B-423B-87E4-88F089DF7B0C} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D45EF44F-0A24-4B40-B253-92EEC9D807B0} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DA3F1A33-E064-450B-8193-C86E588D9CF8} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E9E7F012-013C-401F-8D39-E3E68E678EF6} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Scott Shull\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EFC0CC0D-28DC-4243-87B2-89CF25417B5E} Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\iquxabok.dll a variant of Win32/Cimag.CK trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\kpkkwhdt.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\parsijfj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\qrsCKRqr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\qrsCKRqr.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\tbu66\CouponsBar.dll probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined
C:\WINDOWS\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 22 August 2010 - 09:42 PM

Hello. if you are leaving, disconnect this machine from the internet till you get back.
Trojan:Win32/Qhost.BI is a trojan that modifies the affected system's hosts file to redirect online banking sites to sites of the attacker's choice (possibly for phishing attempts). It modifies the hosts file periodically
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 harley guy 93

harley guy 93
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 25 August 2010 - 08:16 PM

Thanks for the warning, I did just that.
I am back at it now, and looking for any additional help.

This is the first time I have used the computer since those scans.
What would you suggest to check first?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 25 August 2010 - 08:57 PM

Ok good let's first rerun a quick scan.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Your Hosts File may be corrupted.
Restore your default hosts file

Download the HostsXpert,

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 harley guy 93

harley guy 93
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 26 August 2010 - 07:29 AM

O.k.
I will do that now.
One other thing that I have noticed on start-up, is that I get the folllowing warning

RUNDLL:
Error loading C:\WINDOWS\iquxabok.dll
The specified module could not be found

Is this a problem I should be concerend about?

Thanks for the help. I will scan now and post the logs soon.

Edited by harley guy 93, 26 August 2010 - 07:29 AM.


#10 harley guy 93

harley guy 93
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 26 August 2010 - 07:52 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4483

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/26/2010 8:44:30 AM
mbam-log-2010-08-26 (08-44-30).txt

Scan type: Quick scan
Objects scanned: 157437
Time elapsed: 14 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 harley guy 93

harley guy 93
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 26 August 2010 - 09:44 AM

Still Redirecting on search results.

Also cannot create host file with HostsXpert

ERROR : Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts

Edited by harley guy 93, 26 August 2010 - 09:54 AM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 26 August 2010 - 01:39 PM

Hello, for

RUNDLL:
Error loading C:\WINDOWS\iquxabok.dll

Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.


Looks like we will need specialized tools for this redirect.


We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 harley guy 93

harley guy 93
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 26 August 2010 - 06:51 PM

Update:

Now the only remaining problem is that when using explorer, a new instance of explorer will open up with some cheesy ad.

No more search problems

No more errors

Computer seems faster as well.

I will continue to follow the above directions as best I can, and let you know the result,
At least now I can use the thing.

Thanks again for all of your help.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 26 August 2010 - 09:25 PM

You're welcome, There is something hidden and they will dig it out. Then alll will b e good.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:35 PM

Posted 27 August 2010 - 02:16 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic343221.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users