Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Any trace of infection?


  • This topic is locked This topic is locked
3 replies to this topic

#1 krausdogs

krausdogs

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 October 2010 - 06:49 PM

This post is at the request of Cryptodan (thread: http://www.bleepingcomputer.com/forums/ind...;#entry1962186). Logs requested by earlier posting follow a restatement of my initial problem + and additional MBAM & SAS logs:

My son began having problems in early Sept, 2010 with a laptop I loaned him (a Dell Inspiron 1545, originally Vista upgraded to Windows 7 back in Feb, 2010). The initial problem was clearly one of these MS Essentials 'Fake Alert' issues. He kept getting these notices that his computer was infected unless he would download something. He was smart enough not to act on any of these. Still I walked him though the basics of cleaning up this kind of problem, following previous instructions that I have received from you directly and from others on your website. This seemed to stop this problem.

Then another problem appeared which seemed more hardware related (I say this after conferring with my IT staff, of which I am one), and this problem was that the computer would only remain viable for about 5-15 minutes before it would simply quietly stall out on any/every activity. Safe mode was barely available, and when it was it would freeze equally soon, thus long scans were not possible.

I have done what was suggested to correct the possible hardware problems, and since the computer has been running continuously for the last 3 days without problem. I re-situated everything hardware that I could--memory, harddrive, dvd drive--and upgraded key drivers (BIOS,chipset, etc). I have run full scans from numerous recommended anti-malware your site suggests and nothing found. Things seem stable.

However, before I send this back to him (to Hawaii, where he is stationed in the Army) I would like your more experienced judgment that we are free of computer virus/trojan/rootkit/malware problems.

So I am simply asking you to walk me through any number of tests you need that might assure me that any possible malware/esp.rootkit problems is gone. I just don't want to send this back only to have it show up again because I missed something (I do not have your experience in reading these things).



DDS (Ver_10-10-05.01) - NTFSx86
Run by PMK at 15:24:15.59 on Mon 10/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1581 [GMT -10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy162\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Spybot - Search & Destroy162\TeaTimer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Users\PMK\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy162\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\security apps\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\pmk\appdata\roaming\micros~1\windows\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\pmk\appdata\roaming\mozilla\firefox\profiles\6nanyass.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\pmk\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-2 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe [2009-12-29 81920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy162\SDWinSec.exe [2010-1-2 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-31 29736]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-1 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

=============== Created Last 30 ================

2010-10-12 01:21:58 0 ----a-w- c:\users\pmk\defogger_reenable
2010-10-06 03:01:29 1068658 ---ha-w- c:\users\pmk\appdata\local\IconCache.db
2010-10-05 20:45:48 -------- d-----w- c:\users\pmk\appdata\roaming\SUPERAntiSpyware.com
2010-10-05 20:45:48 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-05 20:45:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-05 01:09:07 53248 ----a-w- c:\windows\system32\DellSys.dll
2010-10-05 01:08:20 17153 ----a-w- c:\windows\system32\drivers\omci.sys
2010-10-05 00:53:57 -------- d-----w- c:\progra~2\Citrix
2010-10-05 00:53:33 -------- d-----w- c:\program files\Citrix
2010-10-05 00:53:10 -------- d-----w- c:\users\pmk\appdata\local\Citrix
2010-10-05 00:53:08 103784 ----a-w- c:\users\pmk\GoToAssistDownloadHelper.exe
2010-10-03 02:21:02 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-10-03 02:21:02 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-10-03 02:20:51 -------- d-----w- c:\program files\SpywareBlaster
2010-10-02 20:19:08 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-02 20:15:58 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-02 20:15:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-02 20:10:04 -------- d-----w- c:\users\pmk\appdata\local\Sunbelt Software
2010-10-02 20:08:53 -------- dc-h--w- c:\progra~2\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-02 20:03:15 27 ----a-w- c:\windows\system32\drivers\etc\hosts.20101002-100315.backup
2010-10-02 19:50:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-02 18:41:06 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-26 16:21:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-09-15 21:39:55 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 21:07:53 -------- d-sh--w- C:\found.002

==================== Find3M ====================

2010-09-08 21:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 21:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 15:27:28.37 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-05.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/1/2010 6:18:51 AM
System Uptime: 10/11/2010 1:54:53 PM (2 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 214.296 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 10 GiB total, 5.104 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP220: 9/26/2010 6:20:31 AM - Windows Update
RP221: 10/2/2010 8:40:23 AM - Windows Update
RP222: 10/2/2010 9:49:50 AM - Installed Java™ 6 Update 21
RP223: 10/2/2010 10:18:54 AM - Windows Update
RP224: 10/3/2010 6:15:23 AM - Windows Update
RP225: 10/4/2010 9:04:17 AM - Windows Update
RP226: 10/4/2010 3:08:30 PM - Device Driver Package Install: Dell Computer Corporation System devices
RP227: 10/5/2010 10:34:29 AM - Windows Update
RP228: 10/5/2010 10:44:34 AM - Windows Update
RP229: 10/11/2010 1:18:37 PM - Windows Update
RP230: 10/11/2010 1:51:23 PM - Installed iTunes

==== Installed Programs ======================

Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Compatibility Pack for the 2007 Office system
Dell Edoc Viewer
Dell Touchpad
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
HijackThis 2.0.2
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 16
Java™ 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Works
Mobile Mouse Server
Mozilla Firefox (3.5.11)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
PowerDVD
QuickSet
QuickTime
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warner Bros. Digital Copy Manager
WIDCOMM Bluetooth Software 6.1.0.4502
Windows 7 Upgrade Advisor

==== Event Viewer Messages From Past Week ========

10/9/2010 2:30:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.1143.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/7/2010 11:53:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.1143.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/5/2010 10:58:50 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:58:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:57:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/5/2010 10:57:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/5/2010 10:57:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/5/2010 10:57:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/5/2010 10:57:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/5/2010 10:57:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/5/2010 10:56:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:56:50 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/5/2010 10:56:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/5/2010 10:56:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/5/2010 10:56:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/5/2010 10:56:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/5/2010 10:56:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/5/2010 10:34:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/4/2010 3:18:27 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
10/11/2010 3:20:37 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
10/11/2010 1:49:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-11 15:42:32
Windows 6.1.7600
Running: rj3kgmern82g.exe; Driver: C:\Users\PMK\AppData\Local\Temp\pwldapow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C36AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C36104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C363F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1F2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C361DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C36958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C366F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C36F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C371A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C96599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 99430C9D 28 Bytes [04, 0D, 70, FE, BC, 6D, 34, ...]
.text peauth.sys 99430CC1 28 Bytes [04, 0D, 70, FE, BC, 6D, 34, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242bf8ae78
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242bf8ae78 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4734

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/10/2010 6:21:14 AM
mbam-log-2010-10-10 (06-21-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 266124
Time elapsed: 1 hour(s), 44 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/10/2010 at 12:02 PM

Application Version : 4.44.1000

Core Rules Database Version : 5636
Trace Rules Database Version: 3448

Scan type : Complete Scan
Total Scan Time : 01:01:59

Memory items scanned : 355
Memory threats detected : 0
Registry items scanned : 7577
Registry threats detected : 0
File items scanned : 134163
File threats detected : 163

Adware.Tracking Cookie
.smartadserver.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ext-us.bestofmedia.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.roiservice.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.qsstats.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.qsstats.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PMK\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
macromedia.com [ C:\Users\PMK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\PMK\AppData\Roaming\Macromedia\Flash Player

\#SharedObjects\Z24ECRLD ]
banners.securedataimages.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
bc.youporn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
cdn.eyewonder.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
cdn4.specificclick.net [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
chat.hornypharaoh.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
content.yieldmanager.edgesuite.net [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
core.insightexpressai.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
files.youporn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
freeporn.youngleafs.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
galleries.shareadult.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
i.adultswim.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
ia.media-imdb.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
macromedia.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
media.mtvnservices.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
media.scanscout.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
media.theboobsmovies.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
media.vmixcore.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
media.wcnc.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
media1.break.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
mediaforgews.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
msnbcmedia.msn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
naiadsystems.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
objects.tremormedia.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
onlybestsex.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
rmd.atdmt.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
s0.2mdn.net [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
secure-us.imrworldwide.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
spe.atdmt.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
static.xxxmatch.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
static.youporn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
udn.specificclick.net [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
vidii.hardsextube.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.freeporn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.funnypornvids.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.hornypharaoh.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.mofosex.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.naiadsystems.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.pornhub.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.realgfporn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.shareadult.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
www.viralporn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
wwwstatic.megaporn.com [ C:\Users\PMK\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Z24ECRLD ]
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@bluestreak[1].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@burstnet[1].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@burstnet[3].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@clickfuse[2].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@invitemedia[1].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@invitemedia[2].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@liveperson[2].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@liveperson[4].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@media.adfrontiers[1].txt
C:\Users\PMK\AppData\Roaming\Microsoft\Windows\Cookies\Low\pmk@media6degrees[1].txt
rotator.adjuggler.com [ C:\Users\PMK\AppData\Roaming\Mozilla\Firefox\Profiles\6nanyass.default\cookies.sqlite ]
.collective-media.net [ C:\Users\PMK\AppData\Roaming\Mozilla\Firefox\Profiles\6nanyass.default\cookies.sqlite ]
.collective-media.net [ C:\Users\PMK\AppData\Roaming\Mozilla\Firefox\Profiles\6nanyass.default\cookies.sqlite ]
.collective-media.net [ C:\Users\PMK\AppData\Roaming\Mozilla\Firefox\Profiles\6nanyass.default\cookies.sqlite ]
.collective-media.net [ C:\Users\PMK\AppData\Roaming\Mozilla\Firefox\Profiles\6nanyass.default\cookies.sqlite ]


Thanks,
Robert


BC AdBot (Login to Remove)

 


#2 krausdogs

krausdogs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 October 2010 - 06:46 PM

Whomever,

2 days and no acknowledgment? For a simple request of reading some logs and giving your expert opinion. And this after a week of back and forth on another thread with no substantive information from you guys/gals. You have been very helpful in the past, but this time I am going elsewhere for support. I think you can close this one down (this is, after all, what you do when people do not respond to you).

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 15 October 2010 - 10:37 AM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:22 AM

Posted 20 October 2010 - 07:02 PM

Hi,

If you still need help then please read on.

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:22 AM

Posted 25 October 2010 - 07:40 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users