Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects, Malwarebytes unable to update and webpages which no longer load...


  • Please log in to reply
15 replies to this topic

#1 CylonSurfer

CylonSurfer

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 September 2010 - 09:25 AM

Hi all,

I've got a an issue with one, maybe 2 systems on my network. My PC is Windows 7 based and a month or so ago started to act strange while connected to the net. Google redirected me to pages I had not asked to go to, some pages would not load at all until I manually type the URL in & Malwarebytes would no longer update -I just recieve an error and the scan shows 0 infections.

I use McAfee 8.7.0i Enterprise as my main Anti-Virus app and this also find nothing. I work in IT so I have seen this kind of thing before, I tried to clean my system with the usual tools even trying bootable CD version of AV scanners, nothing seemed to permently fix this issue though and even when my PC showed as being infection free malwarebytes would not update so I wiped my system, formatting my C: partition and then re-installed Windows 7.

My issue now is that even after a clean install I find I have exactly the same problems. Has anyone seen this before or have any idea how I go about cleaning it? The re-install seemed to fail to remove this issue last time so I guess that was not the way to go....

Cheers!

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:00 PM

Posted 12 September 2010 - 09:43 AM

Have you eliminated an infected router?

Did you delete the partition before formatting?
Chewy

No. Try not. Do... or do not. There is no try.

#3 CylonSurfer

CylonSurfer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 September 2010 - 09:49 AM

Thanks for your reply Chewy,

Well I just powered off the router and used a pin to activate the factory restore - would hope that would cure an infected router but I am still unable to update MB.

When I did the re-install from memory I del'd the partition and then created a new one of the same size and quick formatted it before then installing 7 again.

[EDIT]
Just checked another laptop with MB installed - this updated fine.

Edited by CylonSurfer, 12 September 2010 - 09:52 AM.


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:00 PM

Posted 12 September 2010 - 10:12 AM

After reseting a router, use a known clean computer to set a strong password on it.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
Chewy

No. Try not. Do... or do not. There is no try.

#5 CylonSurfer

CylonSurfer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 September 2010 - 10:33 AM

Okay - here are the results from my main PC:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-12 16:31:41
Windows 6.1.7600
Running: pujby48o.exe; Driver: C:\Users\CYLONS~1\AppData\Local\Temp\pwliiaow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E42AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E42104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E423F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2B2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E421DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E42958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E426F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E42F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E431A8

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile [0x8B63B10A]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess [0x8B63B068]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx [0x8B63B07C]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateUserProcess [0x8B63B092]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey [0x8B63B0CE]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory [0x8B63B11E]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwReplaceKey [0x8B63B0F6]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey [0x8B63B0E2]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetContextThread [0x8B63B0BA]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess [0x8B63B0A6]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess [0x8B63B054]
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A5B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 82C11D3B 5 Bytes JMP 8B63B0D2 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtCreateFile 82C62F0E 5 Bytes JMP 8B63B10E \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtSetInformationProcess 82C65495 5 Bytes JMP 8B63B0AA \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateUserProcess 82C6DE6C 5 Bytes JMP 8B63B096 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwTerminateProcess 82C79BCD 5 Bytes JMP 8B63B058 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82C97CD1 7 Bytes JMP 8B63B122 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRestoreKey 82CADFE5 5 Bytes JMP 8B63B0E6 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwReplaceKey 82CB5152 5 Bytes JMP 8B63B0FA \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcess 82CF2E61 5 Bytes JMP 8B63B06C \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CF2EAC 7 Bytes JMP 8B63B080 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwSetContextThread 82CF3D6F 5 Bytes JMP 8B63B0BE \SystemRoot\system32\drivers\mfehidk.sys
? system32\drivers\mfehidk.sys The system cannot find the path specified. !
? system32\drivers\mfetdik.sys The system cannot find the path specified. !
.text peauth.sys 97C36C9D 28 Bytes [55, 05, 58, AE, 1C, 3A, 9A, ...]
.text peauth.sys 97C36CC1 28 Bytes [55, 05, 58, AE, 1C, 3A, 9A, ...]
PAGE peauth.sys 97C3CB9B 72 Bytes [CE, 5C, 92, 89, E7, 0D, 42, ...]
PAGE peauth.sys 97C3CBEC 111 Bytes [A7, 34, F8, 00, 01, 8C, EA, ...]
PAGE peauth.sys 97C3CE20 68 Bytes [8B, 7F, F4, 1E, 9C, 0A, 90, ...]
PAGE ...
? C:\Users\CYLONS~1\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\CYLONS~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\msiexec.exe[3108] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750F5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750F5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750F5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750F5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3108] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [750F5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys
---- Processes - GMER 1.0.15 ----

Library C:\Windows\system32\mfevtps.exe (*** hidden *** ) @ C:\Windows\system32\mfevtps.exe [1392] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14100000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x15D80000

---- EOF - GMER 1.0.15 ----

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:00 PM

Posted 12 September 2010 - 10:44 AM

I will need a malware removal expert to look at that log and this thread, something doesn't add up here.
Chewy

No. Try not. Do... or do not. There is no try.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:00 PM

Posted 12 September 2010 - 10:54 AM

Sorry to but in, but now that you have ran GMER can you also run the following:

Download the following:

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.



#8 CylonSurfer

CylonSurfer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 September 2010 - 10:55 AM

Really, What looks off to you? It did mention 'Root Kit Activity' durring the scan - I clicked 'OK' as you mentioned above.

I have also done a GMER scan on the other PC on my network which showed similar activity - Can I also post this log for you to look at?

BTW - thanks a lot for your help and patience so far :thumbsup:

cryptodan - will do, I'll post the log results as soon as I have them

Edited by CylonSurfer, 12 September 2010 - 10:58 AM.


#9 CylonSurfer

CylonSurfer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 September 2010 - 11:59 AM

Okay dude, here are the logs you requested

Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4563

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/09/2010 17:03:32
mbam-log-2010-09-12 (17-03-32).txt

Scan type: Quick scan
Objects scanned: 129956
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/12/2010 at 05:50 PM

Application Version : 4.42.1000

Core Rules Database Version : 5491
Trace Rules Database Version: 3303

Scan type : Complete Scan
Total Scan Time : 00:35:49

Memory items scanned : 322
Memory threats detected : 0
Registry items scanned : 6933
Registry threats detected : 0
File items scanned : 85527
File threats detected : 304

Adware.Tracking Cookie
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\cylon_surfer@doubleclick[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\cylon_surfer@questionmarket[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\cylon_surfer@atdmt[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\cylon_surfer@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\cylon_surfer@serving-sys[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\cylon_surfer@bs.serving-sys[2].txt
bc.youporn.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
cdn.insights.gravity.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
files.youporn.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
ia.media-imdb.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
media.mtvnservices.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
media1.break.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
objects.tremormedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
s0.2mdn.net [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
www.adult4d.com [ C:\Users\Cylon Surfer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JUTVAGN8 ]
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@ad.yieldmanager[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@ads.ad4game[2].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@apmebf[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@atdmt[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@cent.adbureau[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@content.yieldmanager[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@content.yieldmanager[3].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@doubleclick[2].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@invitemedia[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@media6degrees[2].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@msnportal.112.2o7[1].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@overture[2].txt
C:\Users\Cylon Surfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\cylon_surfer@statcounter[2].txt
dbrite.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.myroitracking.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.advertising.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.advertising.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.advertising.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.advertising.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.advertising.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.advertising.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
zbox.zanox.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
bridge1.admarketplace.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.admarketplace.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adtech.de [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.account.live.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.account.live.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.zedo.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.zedo.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.stats.paypal.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.zanox.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
d2.advertserve.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
www.partypoker.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tenilstats.turner.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.advertise.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ads.factorymedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.divx.112.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.clickaider.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
www.finditquick.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ext-us.bestofmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.xiti.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
u.s.j.cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.eaeacom.112.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.emediatrack.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.e-2dj6wgkicndjegq.stats.esomniture.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.e-2dj6wjmyqlczsbp.stats.esomniture.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.e-2dj6wfmigic5sho.stats.esomniture.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.chitika.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
clicks.blizzsearch.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
adserver.adreactor.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
2.t.j.cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.xm.xtendmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
sec1.liveperson.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
sec1.liveperson.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ad1.emediate.dk [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adviva.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adviva.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.kontera.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adxpose.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.overture.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.overture.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.eas.apm.emediate.eu [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.track.webgains.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adtech.de [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adtech.de [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.uk.at.atwola.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.uk.at.atwola.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.uk.at.atwola.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adserving.ezanga.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adserving.ezanga.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
d.mediadakine.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.mediadakine.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
d.mediadakine.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
d.mediadakine.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.popcapgames.122.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.ru4.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.ru4.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
n.n.h.cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
d.venatusmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adtech.de [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adtech.de [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adtech.de [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.igamestats.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.igamestats.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
w.q.h.cltomedia.info [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.toplist.eu [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.toplist.cz [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
www.burstnet.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
hometheaterreview.advertserve.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.burstbeacon.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
gr.burstnet.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.e-2dj6aekisjdzcfp.stats.esomniture.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adlegend.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.adlegend.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
d.mediadakine.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
d.mediadakine.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.trafficengine.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.viaviralvideo.112.2o7.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
2566.t10-click.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
2566.t10-click.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Cylon Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\yezz658l.default\cookies.sqlite ]

Trojan.Agent/Gen-Krpytik
C:\PROGRAM FILES\ELECTRONIC ARTS\NEED FOR SPEED SHIFT\RLD-NFSS.EXE

Edited by CylonSurfer, 12 September 2010 - 04:58 PM.


#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:00 PM

Posted 12 September 2010 - 12:01 PM

Now perform a full scan with MBAM.

Edited by cryptodan, 12 September 2010 - 12:02 PM.


#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:00 PM

Posted 12 September 2010 - 12:03 PM

Go ahead and post the other gmer scan, just make sure it's labeled computer 2

Are there any executables you installed that were from non-standard sources? After the clean install? Any executable installer that might have been saved/archived from the previous install before the flatten and rebuild?
Chewy

No. Try not. Do... or do not. There is no try.

#12 CylonSurfer

CylonSurfer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 September 2010 - 12:21 PM

I think to save confusion i'll leave the other PC out of this thread until the problems on the main PC have been resolved. In the meantime I'll collect the logs from GMER,MBAM & SAS ready to post if needed.

I have an archive of apps that I do re-install - I have them installed on other PC's which do not show any signs of this kind of infection. I have been installing these apps for a number of years now without any problems so they should all be ok and safe.

Anything from the logs I have posted thus far point to any particualr infection?

Edited by CylonSurfer, 12 September 2010 - 12:24 PM.


#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:00 PM

Posted 12 September 2010 - 12:23 PM

Post the full scan log from MBAM and we will go from there.

#14 CylonSurfer

CylonSurfer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 12 September 2010 - 12:27 PM

Cryptodan - here is the log from the full scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4563

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/09/2010 18:24:20
mbam-log-2010-09-12 (18-24-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 211976
Time elapsed: 20 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:00 PM

Posted 12 September 2010 - 12:29 PM

? system32\drivers\mfehidk.sys The system cannot find the path specified. !
? system32\drivers\mfetdik.sys The system cannot find the path specified. !
.text peauth.sys 97C36C9D 28 Bytes [55, 05, 58, AE, 1C, 3A, 9A, ...]
.text peauth.sys 97C36CC1 28 Bytes [55, 05, 58, AE, 1C, 3A, 9A, ...]
PAGE peauth.sys 97C3CB9B 72 Bytes [CE, 5C, 92, 89, E7, 0D, 42, ...]
PAGE peauth.sys 97C3CBEC 111 Bytes [A7, 34, F8, 00, 01, 8C, EA, ...]
PAGE peauth.sys 97C3CE20 68 Bytes [8B, 7F, F4, 1E, 9C, 0A, 90, ...]
PAGE ...
? C:\Users\CYLONS~1\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\CYLONS~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !


---- Processes - GMER 1.0.15 ----

Library C:\Windows\system32\mfevtps.exe (*** hidden *** ) @ C:\Windows\system32\mfevtps.exe [1392] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x14100000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [3120] 0x15D80000

---- EOF - GMER 1.0.15 ----



Based upon that I would do the following:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users