Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

And yet another Google Analytics/Redirect Problem


  • This topic is locked This topic is locked
17 replies to this topic

#1 YoungSlushie

YoungSlushie

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 19 September 2010 - 06:41 PM

I have read a number of posts on this site addressing the google-analytics redirect issue, and I have been experiencing the key symptoms. Namely, when I would visit a website, I would frequently (but not 100% of the time) be redirected to random sites ("videocop.com" popped up more than once). Additionally, my browser was always trying to connect to "google-analytics.com", and Firefox would give me the "Problem loading page/
Server not found/Firefox can't find the server at www.bleepingcomputer.com." error, when the website was - in fact - perfectly fine. Usually a couple of refreshes would do the trick.

Following my initial research on the topic, I applied a couple of band-aids. I have installed Adblock Plus, Ghostery, NoScript, and Beef Taco addons in Firefox. This cut out the redirects; however, I still get the "server not found" errors when I go to websites (it doesn't seem to matter which website I visit, and it occurs sporadically.) Also, google-analytics shows up as a blocked script on every website that I visit. Lastly, some web pages formatting appears strange - I have to refresh to get it to look right.

One thing of note - I live in an apartment building that provides wireless internet. Therefore, I have no access to the router/modem/anything of that nature.

I've scanned with MalwareBytes, Spybot Search and Destroy, and CCleaner, but the problem still exists.

I'm running Windows Vista. My anti-virus is Microsoft Security Essentials.

----------------------------------------------------------------------------------------


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mandy at 17:49:17.85 on Sun 09/19/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1224 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Mandy\Desktop\Defogger.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mandy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Skytel] Skytel.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\mandy\appdata\roaming\mozilla\firefox\profiles\ju6kwv5r.default\
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-11 64160]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-29 104992]
R2 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2009-4-25 122880]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-8 1153368]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2008-11-10 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-29 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-3 446464]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-10 17920]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-29 3664384]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-29 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-19 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-11-10 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-11-10 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-11-10 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-11-10 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-11-10 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-19 22:47:26 0 ----a-w- c:\users\mandy\defogger_reenable
2010-09-19 18:58:50 0 d-----w- c:\programdata\Google Updater
2010-09-15 12:54:55 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 12:54:54 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 12:54:53 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 12:54:52 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-09-16 08:26:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-08 18:25:20 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-08 18:25:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-08 18:25:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-08 18:18:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-08 18:03:20 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-06-29 15:47:12 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:50:26.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:04 PM

Posted 26 September 2010 - 07:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 28 September 2010 - 10:25 AM

I'm here! Let's tackle this thing! (I'm still having the same problems, and I haven't done anything since I first posted.)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:04 PM

Posted 28 September 2010 - 04:37 PM

Please run the two programs here to check for current, prevalent rootkits

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Then
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 September 2010 - 07:59 AM

Here is the MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NS240E
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 148):
0x81E19000 \SystemRoot\system32\ntkrnlpa.exe
0x821D2000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80784000 \SystemRoot\System32\drivers\mountmgr.sys
0x89A06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x89AD4000 \SystemRoot\system32\drivers\fltmgr.sys
0x89B06000 \SystemRoot\system32\drivers\fileinfo.sys
0x89B16000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x89B25000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89B2F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89C0E000 \SystemRoot\system32\drivers\ndis.sys
0x89D19000 \SystemRoot\system32\drivers\msrpc.sys
0x89D44000 \SystemRoot\system32\drivers\NETIO.SYS
0x89E0F000 \SystemRoot\System32\drivers\tcpip.sys
0x89EF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A118000 \SystemRoot\system32\drivers\volsnap.sys
0x8A151000 \SystemRoot\System32\Drivers\spldr.sys
0x8A159000 \SystemRoot\System32\Drivers\mup.sys
0x8A168000 \SystemRoot\System32\drivers\ecache.sys
0x8A18F000 \SystemRoot\system32\drivers\disk.sys
0x8A1A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A1C1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A1D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A1E2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E004000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E6E7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E786000 \SystemRoot\System32\drivers\watchdog.sys
0x8E792000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E79D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E7DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EA0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EA9B000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8EC0A000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8EF92000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EFA2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EFB0000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0x8EFC1000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8EFDB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EFEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EAEA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EFF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EB15000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EFFB000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8EB20000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EB38000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EC06000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EB47000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EB76000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EBB7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EBC2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EBD9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89D7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EBE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E7EA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A1EB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x89FE2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EFFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89DA2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EBF3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89BA0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89DCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F80E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FA1A000 \SystemRoot\system32\drivers\portcls.sys
0x8FA47000 \SystemRoot\system32\drivers\drmk.sys
0x8FA6C000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FAA9000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FC09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FCBD000 \SystemRoot\system32\drivers\modem.sys
0x8FCCA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8FCED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FCF6000 \SystemRoot\System32\Drivers\Null.SYS
0x8FCFD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FD04000 \SystemRoot\System32\drivers\vga.sys
0x8FD10000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FD31000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FD39000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FD41000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FD4C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FD5A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FD63000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FD79000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FD8D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FBAC000 \SystemRoot\system32\drivers\afd.sys
0x8FDBF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FDD5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FDE3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x80794000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x89DDD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FDF6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x89BD5000 \SystemRoot\System32\Drivers\dfsc.sys
0x807D0000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FBF4000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x8F800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89F14000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98000000 \SystemRoot\System32\win32k.sys
0x8A1CA000 \SystemRoot\System32\drivers\Dxapi.sys
0x89E00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98220000 \SystemRoot\System32\TSDDD.dll
0x98240000 \SystemRoot\System32\cdd.dll
0x805C0000 \SystemRoot\system32\drivers\luafv.sys
0xAAC0D000 \SystemRoot\system32\drivers\spsys.sys
0xAACBD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAACCD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAACF7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAD01000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAD14000 \SystemRoot\system32\drivers\HTTP.sys
0xAAD81000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAD9E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAADB7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAADCC000 \SystemRoot\system32\drivers\mrxdav.sys
0x805DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAD605000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAD63E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD656000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD67D000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD6E3000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xAD6EC000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xAD6FE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAD702000 \SystemRoot\system32\drivers\peauth.sys
0xAD7E0000 \SystemRoot\system32\drivers\regi.sys
0xAD7E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD7EC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAD6CB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAADED000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAD7F8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB460C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB4632000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76F10000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
560 C:\Windows\System32\smss.exe
636 csrss.exe
680 C:\Windows\System32\wininit.exe
692 csrss.exe
724 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\winlogon.exe
928 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1028 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1168 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\audiodg.exe
1388 C:\Windows\System32\SLsvc.exe
1416 C:\Windows\System32\svchost.exe
1540 C:\Windows\RTKAUDIOSERVICE.EXE
1700 C:\Windows\System32\dwm.exe
1732 C:\Windows\explorer.exe
1832 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\wlanext.exe
2036 C:\Windows\System32\spoolsv.exe
344 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\taskeng.exe
920 C:\Windows\System32\taskeng.exe
916 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1668 C:\Program Files\Bonjour\mDNSResponder.exe
1828 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2112 C:\Windows\System32\taskeng.exe
2212 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
2304 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2404 C:\Windows\System32\svchost.exe
2420 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2668 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2688 C:\Program Files\Sony\VAIO Care\collsvc.exe
2712 C:\Windows\System32\svchost.exe
2736 C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2760 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2860 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2904 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2924 dllhost.exe
2960 C:\Windows\System32\svchost.exe
3000 C:\Windows\System32\SearchIndexer.exe
3124 WUDFHost.exe
3176 C:\Windows\System32\drivers\XAudio.exe
3228 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3376 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
3504 dllhost.exe
3564 igfxext.exe
3620 igfxsrvc.exe
3928 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
3996 WmiPrvSE.exe
1452 C:\Program Files\Sony\VAIO Care\VCsystray.exe
1068 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3408 C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
3524 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
3556 C:\Program Files\Microsoft Security Essentials\msseces.exe
3812 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1488 C:\Program Files\iTunes\iTunesHelper.exe
2228 C:\Program Files\Windows Media Player\wmpnscfg.exe
1560 C:\Windows\System32\wbem\unsecapp.exe
604 C:\Windows\ehome\ehtray.exe
1248 C:\Windows\ehome\ehmsas.exe
3836 C:\Windows\ehome\ehsched.exe
2272 C:\Windows\ehome\ehrecvr.exe
248 C:\Program Files\Windows Media Player\wmpnetwk.exe
1748 C:\Windows\System32\mobsync.exe
4364 C:\Program Files\Windows Media Player\wmplayer.exe
5204 C:\Program Files\iPod\bin\iPodService.exe
5932 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
6040 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3972 C:\Windows\System32\svchost.exe
4652 C:\Program Files\Mozilla Firefox\firefox.exe
4680 C:\Program Files\Sony\VAIO Care\listener.exe
4412 taskeng.exe
5028 C:\Windows\System32\SearchProtocolHost.exe
4580 C:\Windows\System32\SearchFilterHost.exe
984 dllhost.exe
2124 dllhost.exe
5220 C:\Users\Mandy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`45300000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG1, Rev: 00410009

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#6 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 September 2010 - 08:02 AM

And here is the TDSSKiller log - just FYI, no threats were found:

2010/09/29 08:01:18.0928 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/29 08:01:18.0928 ================================================================================
2010/09/29 08:01:18.0928 SystemInfo:
2010/09/29 08:01:18.0928
2010/09/29 08:01:18.0929 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/29 08:01:18.0929 Product type: Workstation
2010/09/29 08:01:18.0929 ComputerName: MANDY-PC
2010/09/29 08:01:18.0929 UserName: Mandy
2010/09/29 08:01:18.0929 Windows directory: C:\Windows
2010/09/29 08:01:18.0929 System windows directory: C:\Windows
2010/09/29 08:01:18.0929 Processor architecture: Intel x86
2010/09/29 08:01:18.0929 Number of processors: 2
2010/09/29 08:01:18.0929 Page size: 0x1000
2010/09/29 08:01:18.0929 Boot type: Normal boot
2010/09/29 08:01:18.0929 ================================================================================
2010/09/29 08:01:19.0457 Initialize success
2010/09/29 08:01:25.0958 ================================================================================
2010/09/29 08:01:25.0958 Scan started
2010/09/29 08:01:25.0958 Mode: Manual;
2010/09/29 08:01:25.0958 ================================================================================
2010/09/29 08:01:26.0395 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/29 08:01:26.0505 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/29 08:01:26.0578 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/29 08:01:26.0635 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/29 08:01:26.0695 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/29 08:01:26.0818 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/29 08:01:26.0923 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/29 08:01:26.0983 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/29 08:01:27.0042 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/09/29 08:01:27.0122 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/29 08:01:27.0192 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/09/29 08:01:27.0266 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/29 08:01:27.0348 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/09/29 08:01:27.0479 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/29 08:01:27.0563 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/29 08:01:27.0633 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2010/09/29 08:01:27.0678 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/29 08:01:27.0767 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/09/29 08:01:27.0875 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2010/09/29 08:01:28.0121 atikmdag (9f66d1ba97911731133e46212539a08d) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/29 08:01:28.0339 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/29 08:01:28.0411 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/29 08:01:28.0533 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/29 08:01:28.0606 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/29 08:01:28.0670 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/29 08:01:28.0745 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/29 08:01:28.0831 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/29 08:01:28.0899 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/29 08:01:28.0983 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/29 08:01:29.0056 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/29 08:01:29.0147 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/29 08:01:29.0222 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/29 08:01:29.0317 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/09/29 08:01:29.0407 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/29 08:01:29.0511 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/29 08:01:29.0572 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/09/29 08:01:29.0642 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/29 08:01:29.0719 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/29 08:01:29.0788 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/29 08:01:29.0905 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/29 08:01:29.0998 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/29 08:01:30.0101 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2010/09/29 08:01:30.0176 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/29 08:01:30.0273 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/29 08:01:30.0375 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/29 08:01:30.0486 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/29 08:01:30.0617 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/29 08:01:30.0698 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/09/29 08:01:30.0820 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/29 08:01:30.0900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/29 08:01:30.0993 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/29 08:01:31.0080 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/29 08:01:31.0128 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/29 08:01:31.0186 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/29 08:01:31.0273 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/29 08:01:31.0367 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/29 08:01:31.0452 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/29 08:01:31.0530 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/29 08:01:31.0609 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/29 08:01:31.0736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/29 08:01:31.0847 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/29 08:01:31.0912 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/29 08:01:31.0998 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/29 08:01:32.0087 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/29 08:01:32.0171 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/09/29 08:01:32.0283 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/29 08:01:32.0368 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/09/29 08:01:32.0506 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/29 08:01:32.0625 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/29 08:01:32.0688 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/29 08:01:32.0799 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2010/09/29 08:01:32.0888 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/29 08:01:33.0015 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/29 08:01:33.0191 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/29 08:01:33.0337 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/29 08:01:33.0442 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/09/29 08:01:33.0515 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/29 08:01:33.0551 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/29 08:01:33.0648 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/29 08:01:33.0701 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/29 08:01:33.0766 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/29 08:01:33.0841 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/29 08:01:33.0918 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/29 08:01:33.0966 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/29 08:01:34.0021 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/29 08:01:34.0094 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/29 08:01:34.0182 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/09/29 08:01:34.0276 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/29 08:01:34.0408 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2010/09/29 08:01:34.0509 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/29 08:01:34.0575 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/29 08:01:34.0626 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/29 08:01:34.0679 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/29 08:01:34.0730 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/29 08:01:34.0810 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/29 08:01:34.0878 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/29 08:01:34.0955 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/29 08:01:35.0033 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/29 08:01:35.0117 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/29 08:01:35.0182 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/29 08:01:35.0232 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/29 08:01:35.0285 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/29 08:01:35.0435 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/09/29 08:01:35.0518 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/29 08:01:35.0581 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/09/29 08:01:35.0670 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/29 08:01:35.0731 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/29 08:01:35.0797 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/29 08:01:35.0865 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/29 08:01:35.0907 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/29 08:01:35.0977 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/29 08:01:36.0052 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/09/29 08:01:36.0120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/29 08:01:36.0200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/29 08:01:36.0284 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/29 08:01:36.0401 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/29 08:01:36.0486 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/29 08:01:36.0532 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/29 08:01:36.0623 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/29 08:01:36.0677 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/29 08:01:36.0719 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/29 08:01:36.0773 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/29 08:01:36.0848 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/29 08:01:37.0002 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/29 08:01:37.0073 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/29 08:01:37.0125 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/29 08:01:37.0216 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/29 08:01:37.0307 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/29 08:01:37.0360 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/29 08:01:37.0434 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/29 08:01:37.0664 NETw5v32 (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/09/29 08:01:37.0861 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/29 08:01:37.0939 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/29 08:01:37.0980 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/29 08:01:38.0077 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/29 08:01:38.0192 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/29 08:01:38.0239 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/29 08:01:38.0293 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/29 08:01:38.0356 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/29 08:01:38.0429 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/29 08:01:38.0644 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/29 08:01:38.0710 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/29 08:01:38.0786 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/29 08:01:38.0859 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/29 08:01:38.0933 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/29 08:01:38.0982 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/09/29 08:01:39.0055 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/29 08:01:39.0141 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/29 08:01:39.0328 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/29 08:01:39.0384 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/29 08:01:39.0462 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/29 08:01:39.0512 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/29 08:01:39.0652 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/29 08:01:39.0740 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/29 08:01:39.0795 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/29 08:01:39.0845 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/29 08:01:39.0909 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/29 08:01:40.0012 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/29 08:01:40.0091 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/29 08:01:40.0172 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/29 08:01:40.0218 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/29 08:01:40.0285 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/29 08:01:40.0394 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/29 08:01:40.0463 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/29 08:01:40.0523 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2010/09/29 08:01:40.0600 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/09/29 08:01:40.0646 risdptsk (53ea7c7d1d3c4b11ae0ea7c8d75c4e82) C:\Windows\system32\DRIVERS\risdptsk.sys
2010/09/29 08:01:40.0754 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/29 08:01:40.0843 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/29 08:01:40.0935 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/29 08:01:41.0035 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/29 08:01:41.0104 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/29 08:01:41.0161 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/29 08:01:41.0225 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/29 08:01:41.0309 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2010/09/29 08:01:41.0404 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/09/29 08:01:41.0456 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/29 08:01:41.0511 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/29 08:01:41.0572 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/29 08:01:41.0644 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/29 08:01:41.0751 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/29 08:01:41.0806 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/09/29 08:01:41.0885 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/29 08:01:41.0972 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/29 08:01:42.0095 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/29 08:01:42.0189 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/29 08:01:42.0258 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/29 08:01:42.0336 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/29 08:01:42.0415 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/29 08:01:42.0467 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/29 08:01:42.0519 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/29 08:01:42.0598 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/29 08:01:42.0724 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/29 08:01:42.0858 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/29 08:01:42.0930 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/29 08:01:43.0007 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/29 08:01:43.0066 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/29 08:01:43.0149 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/29 08:01:43.0270 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/29 08:01:43.0375 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/29 08:01:43.0431 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/29 08:01:43.0488 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/29 08:01:43.0588 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/29 08:01:43.0679 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/29 08:01:43.0813 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/29 08:01:43.0877 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/29 08:01:43.0970 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/29 08:01:44.0028 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/29 08:01:44.0079 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/29 08:01:44.0157 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/29 08:01:44.0233 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/29 08:01:44.0349 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/29 08:01:44.0416 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/29 08:01:44.0481 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/29 08:01:44.0529 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/29 08:01:44.0596 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/09/29 08:01:44.0660 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/29 08:01:44.0772 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/29 08:01:44.0829 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/29 08:01:44.0978 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/29 08:01:45.0027 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/29 08:01:45.0090 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/29 08:01:45.0182 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/29 08:01:45.0232 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/09/29 08:01:45.0271 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/29 08:01:45.0332 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/29 08:01:45.0397 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/29 08:01:45.0492 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/29 08:01:45.0568 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/29 08:01:45.0623 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/29 08:01:45.0662 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/29 08:01:45.0724 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/29 08:01:45.0813 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/29 08:01:45.0952 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/09/29 08:01:46.0015 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/29 08:01:46.0183 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/09/29 08:01:46.0329 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/29 08:01:46.0413 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/29 08:01:46.0504 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/29 08:01:46.0592 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/29 08:01:46.0702 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/09/29 08:01:46.0754 ================================================================================
2010/09/29 08:01:46.0754 Scan finished
2010/09/29 08:01:46.0754 ================================================================================


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:04 PM

Posted 29 September 2010 - 04:37 PM

Looks like this is a Firefox hijacker

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Posted Image
m0le is a proud member of UNITE

#8 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 September 2010 - 05:52 PM

M0le, you're a champ for helping me through this. Log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:51 on 29/09/2010 (Mandy)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:02 08/03/2009]

C:\Users\Mandy\Application Data\Mozilla\Firefox\Profiles\ju6kwv5r.default\extensions\
firefox@ghostery.com [13:21 13/09/2010]
john@velvetcache.org [22:27 14/08/2010]
{1018e4d6-728f-4b20-ad56-37578a4de76b} [22:28 14/08/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [13:21 13/09/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [23:37 18/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:00 08/03/2009]

-=E.O.F=-

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:04 PM

Posted 29 September 2010 - 06:31 PM

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 September 2010 - 10:34 PM

ComboFix log:

ComboFix 10-09-29.01 - Mandy 09/29/2010 22:19:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1412 [GMT -5:00]
Running from: c:\users\Mandy\Desktop\comfix.exe.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-30 03:25 . 2010-09-30 03:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-28 23:23 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-19 18:58 . 2010-09-19 18:58 -------- d-----w- c:\programdata\Google Updater
2010-09-15 12:54 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 12:54 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 12:54 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 12:54 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 08:00 . 2010-02-19 04:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 18:12 . 2010-08-08 14:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-19 19:02 . 2008-11-10 08:07 -------- d-----w- c:\program files\Google
2010-09-16 08:02 . 2008-11-10 08:13 -------- d-----w- c:\programdata\Microsoft Help
2010-08-15 17:36 . 2010-08-07 03:24 -------- d-----w- c:\program files\Snood 4
2010-08-08 18:25 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-08-08 18:25 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-08-08 18:25 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-08-08 18:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-08 18:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-08 18:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 18:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-08 18:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-08-08 18:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-08-08 18:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-08 18:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\Inf\drvindex.dat
2010-08-08 14:38 . 2010-08-08 14:32 -------- d-----w- c:\programdata\Hitman Pro
2010-08-08 14:32 . 2010-08-08 14:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-07 15:01 . 2009-03-08 22:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-07 14:30 . 2009-03-08 22:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-03 13:54 . 2010-08-03 13:53 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-03 13:54 . 2009-10-31 16:07 -------- d-----w- c:\program files\iTunes
2010-08-03 13:53 . 2010-08-03 13:53 -------- d-----w- c:\program files\iPod
2010-08-03 13:53 . 2009-06-27 22:16 -------- d-----w- c:\program files\Common Files\Apple
2010-08-03 13:51 . 2010-08-03 13:51 -------- d-----w- c:\program files\QuickTime
2010-08-03 13:47 . 2010-08-03 13:47 -------- d-----w- c:\program files\Bonjour
2010-08-03 13:38 . 2010-08-03 13:38 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-05 524632]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Skytel"="Skytel.exe" [2008-10-17 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-10-18 02:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-07-03 05:52 135680 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-22 00:07 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-22 00:08 150040 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-22 00:08 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-10-29 23:26 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-11 64160]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-10-17 104992]
S2 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 122880]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-10-18 415584]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-04 446464]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-05 1029456]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-29 3664384]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-08-22 9344]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-19 18:58]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 19:02]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 19:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-QuickFinder Scheduler - c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 22:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5884)
c:\program files\Roxio\Virtual Drive 10\DC_ShellExt.dll
.
Completion time: 2010-09-29 22:28:18
ComboFix-quarantined-files.txt 2010-09-30 03:28

Pre-Run: 139,634,089,984 bytes free
Post-Run: 141,092,143,104 bytes free

- - End Of File - - 3ADD43AB7E4523B369A1AD1BF8B8583B


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:04 PM

Posted 30 September 2010 - 05:55 PM

You have three antispyware programs showing. You only need one so make sure you disable or uninstall two of the three. Both Ad-Aware and Spybot are, in my opinion, not as strong as Superantispyware - that and other options are found in a link when we've cleaned up your infection.

The Combofix log shows no problem either so whatever has been has now gone.

Please run MBAM and SAS

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.



Posted Image
m0le is a proud member of UNITE

#12 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 30 September 2010 - 09:35 PM

I think you're right - we may have been successful! I haven't had any redirects since we started working on this together, and I also haven't had any "server not found" pages, which would pop up multiple times in a day.

Malwarebytes log (nothing malicious was detected):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/30/2010 9:31:29 PM
mbam-log-2010-09-30 (21-31-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 243408
Time elapsed: 1 hour(s), 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




#13 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 01 October 2010 - 07:37 AM

SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/30/2010 at 11:00 PM

Application Version : 4.44.1000

Core Rules Database Version : 5614
Trace Rules Database Version: 3426

Scan type : Complete Scan
Total Scan Time : 01:14:52

Memory items scanned : 707
Memory threats detected : 0
Registry items scanned : 8045
Registry threats detected : 0
File items scanned : 128947
File threats detected : 123

Adware.Tracking Cookie
cloudfront.mediamatters.org [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
i.adultswim.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
ia.media-imdb.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
media.ign.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
media.king5.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
media.mtvnservices.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
media.onsugar.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
msnbcmedia.msn.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
objects.tremormedia.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
secure-us.imrworldwide.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
vidego.multicastmedia.com [ C:\Users\Mandy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7VRL53LD ]
C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Cookies\Low\mandy@adecn[1].txt
C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Cookies\Low\mandy@bookit.advertserve[1].txt
C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Cookies\Low\mandy@clicksor[1].txt
C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Cookies\Low\mandy@myroitracking[1].txt
C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Cookies\Low\mandy@tracker.leadinglinkanalytics[1].txt
C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Cookies\Low\mandy@tracker.leadinglinkanalytics[2].txt
.edge.ru4.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adinterax.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adtech.de [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.glb.adtechus.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adserverec.adtechus.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adserverwc.adtechus.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.ad.us-ec.adtechus.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.advertising.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.revsci.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adrevolver.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.bluestreak.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
www.burstnet.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.chitika.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.clicktale.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
data.coremetrics.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adcentriconline.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.loadxl.exelator.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.loadxl.exelator.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.loadxl.exelator.biz [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.nextag.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.2o7.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.precisionclick.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.kanoodle.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adviva.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
www.tattomedia.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.adlegend.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.webtrendslive.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.zedo.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.clickbank.net [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\ju6kwv5r.default\cookies.sqlite ]
interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
m1.2mdn.net [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
macromedia.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
media.jambocast.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
media.mtvnservices.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
media.scanscout.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
media1.break.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
media4.redlasso.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
mediastore.verizonwireless.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
msnbcmedia.msn.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
uclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
udn.specificclick.net [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\6L6JK7TN ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.revsci.net [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.revsci.net [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.revsci.net [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.revsci.net [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.adinterax.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.adinterax.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.interclick.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Mandy\Desktop\Recovered from Uptown Computer\Administrator\Application Data\Mozilla\Firefox\Profiles\npcgedc8.default\cookies.sqlite ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:04 PM

Posted 01 October 2010 - 04:00 PM

Let's do a low-level scan to find infected files which may help us work out what is going on here
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#15 YoungSlushie

YoungSlushie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 03 October 2010 - 09:49 AM

Alrighty, I ran this twice (on accident) and no malware was found, and no log was produced.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users