Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websites Redirecting to Ad Sites


  • Please log in to reply
5 replies to this topic

#1 secretscenario

secretscenario

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 05 November 2010 - 06:08 PM

Hi,

Thanks for reading.

I'm currently running Windows XP Pro, SP3. The install is fairly fresh, but I believe I've caught something bad.

I ran Malwarebytes' Anti-Malware and nothing was found.

Could someone please assist me in fixing this non-sense?

Thank you.

Edited by hamluis, 05 November 2010 - 07:00 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:07 AM

Posted 05 November 2010 - 10:06 PM

Hello these next.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 secretscenario

secretscenario
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 13 November 2010 - 06:03 PM

Hi, thank you kindly for the reply.

TDSS Log:

2010/11/08 20:40:59.0118	TDSS rootkit removing tool 2.4.7.0 Nov  8 2010 10:52:22
2010/11/08 20:40:59.0118	================================================================================
2010/11/08 20:40:59.0118	SystemInfo:
2010/11/08 20:40:59.0118	
2010/11/08 20:40:59.0118	OS Version: 5.1.2600 ServicePack: 3.0
2010/11/08 20:40:59.0118	Product type: Workstation
2010/11/08 20:40:59.0118	ComputerName: ANTHONY-PC
2010/11/08 20:40:59.0118	UserName: Anthony
2010/11/08 20:40:59.0118	Windows directory: C:\WINDOWS
2010/11/08 20:40:59.0118	System windows directory: C:\WINDOWS
2010/11/08 20:40:59.0118	Processor architecture: Intel x86
2010/11/08 20:40:59.0118	Number of processors: 1
2010/11/08 20:40:59.0118	Page size: 0x1000
2010/11/08 20:40:59.0118	Boot type: Normal boot
2010/11/08 20:40:59.0118	================================================================================
2010/11/08 20:40:59.0399	Initialize success
2010/11/08 20:41:03.0399	================================================================================
2010/11/08 20:41:03.0399	Scan started
2010/11/08 20:41:03.0399	Mode: Manual; 
2010/11/08 20:41:03.0399	================================================================================
2010/11/08 20:41:04.0961	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/08 20:41:05.0040	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/08 20:41:05.0243	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/08 20:41:05.0305	AFD             (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
2010/11/08 20:41:05.0540	AmdPPM          (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/11/08 20:41:05.0899	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/08 20:41:05.0977	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/08 20:41:06.0102	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/08 20:41:06.0180	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/08 20:41:06.0243	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/08 20:41:06.0368	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/08 20:41:06.0430	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/08 20:41:06.0602	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/08 20:41:06.0727	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/08 20:41:06.0821	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/08 20:41:07.0290	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/08 20:41:07.0415	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/08 20:41:07.0540	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/08 20:41:07.0680	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/08 20:41:07.0758	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/08 20:41:07.0993	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/08 20:41:08.0133	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/08 20:41:08.0227	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/08 20:41:08.0274	FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/11/08 20:41:08.0399	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/08 20:41:08.0508	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/08 20:41:08.0602	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/08 20:41:08.0743	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/08 20:41:08.0790	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/08 20:41:08.0852	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/08 20:41:08.0961	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/08 20:41:09.0102	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/08 20:41:09.0243	HSFHWBS2        (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/08 20:41:09.0336	HSF_DPV         (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/11/08 20:41:09.0477	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/08 20:41:09.0665	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/08 20:41:09.0774	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/08 20:41:10.0086	IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/08 20:41:10.0383	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/08 20:41:10.0477	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/08 20:41:10.0540	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/08 20:41:10.0618	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/08 20:41:10.0743	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/08 20:41:10.0805	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/08 20:41:10.0899	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/08 20:41:11.0008	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/08 20:41:11.0086	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/08 20:41:11.0165	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/08 20:41:11.0430	LMIInfo         (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/11/08 20:41:11.0540	lmimirr         (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2010/11/08 20:41:11.0649	LMIRfsDriver    (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010/11/08 20:41:11.0727	lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/11/08 20:41:11.0790	LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/11/08 20:41:11.0868	LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/11/08 20:41:12.0211	LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/11/08 20:41:12.0508	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/08 20:41:12.0602	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/08 20:41:12.0696	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/08 20:41:12.0790	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/08 20:41:12.0852	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/08 20:41:12.0977	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/08 20:41:13.0133	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/08 20:41:13.0211	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/08 20:41:13.0274	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/08 20:41:13.0305	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/08 20:41:13.0383	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/08 20:41:13.0430	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/08 20:41:13.0508	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/08 20:41:13.0586	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/08 20:41:13.0711	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/08 20:41:13.0790	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/08 20:41:13.0883	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/08 20:41:13.0930	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/08 20:41:14.0040	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/08 20:41:14.0086	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/08 20:41:14.0133	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/08 20:41:14.0211	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/08 20:41:14.0243	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/08 20:41:14.0352	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/08 20:41:14.0461	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/08 20:41:14.0586	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/08 20:41:14.0758	nv              (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/08 20:41:14.0946	nvata           (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/11/08 20:41:15.0008	NVENETFD        (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/08 20:41:15.0086	nvnetbus        (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/08 20:41:15.0196	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/08 20:41:15.0227	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/08 20:41:15.0305	OVT511Plus      (c5739be3a8eecdf951955a38e1741f45) C:\WINDOWS\system32\Drivers\omcamvid.sys
2010/11/08 20:41:15.0383	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/08 20:41:15.0446	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/08 20:41:15.0540	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/08 20:41:15.0618	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/08 20:41:15.0805	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/08 20:41:15.0883	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/08 20:41:16.0336	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/08 20:41:16.0399	Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/08 20:41:16.0477	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/08 20:41:16.0571	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/08 20:41:16.0649	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/08 20:41:16.0946	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/08 20:41:17.0024	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/08 20:41:17.0149	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/08 20:41:17.0243	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/08 20:41:17.0336	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/08 20:41:17.0430	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/08 20:41:17.0524	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/08 20:41:17.0602	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/08 20:41:17.0680	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/08 20:41:17.0946	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/08 20:41:18.0040	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/08 20:41:18.0196	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/08 20:41:18.0352	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/08 20:41:18.0493	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/08 20:41:18.0586	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/08 20:41:18.0711	Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/08 20:41:18.0805	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/08 20:41:18.0899	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/08 20:41:18.0977	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/08 20:41:19.0274	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/08 20:41:19.0368	Tcpip           (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/08 20:41:19.0430	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/08 20:41:19.0555	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/08 20:41:19.0618	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/08 20:41:19.0836	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/11/08 20:41:19.0946	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/08 20:41:20.0055	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/08 20:41:20.0165	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/08 20:41:20.0274	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/08 20:41:20.0352	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/08 20:41:20.0399	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/08 20:41:20.0493	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/08 20:41:20.0540	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/08 20:41:20.0602	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/08 20:41:20.0680	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/08 20:41:20.0868	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/08 20:41:20.0961	W8100PCI        (44d6c7460bdb264e7a832f1debf5ba6b) C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
2010/11/08 20:41:21.0040	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/08 20:41:21.0211	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/08 20:41:21.0336	winachsf        (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/08 20:41:21.0602	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/08 20:41:21.0696	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/08 20:41:21.0758	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/08 20:41:21.0852	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/08 20:41:22.0133	================================================================================
2010/11/08 20:41:22.0133	Scan finished
2010/11/08 20:41:22.0133	================================================================================
2010/11/08 20:41:43.0227	Deinitialize success

SUPERAntispyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/11/2010 at 07:19 PM

Application Version : 4.45.1000

Core Rules Database Version : 5767
Trace Rules Database Version: 3660

Scan type       : Complete Scan
Total Scan Time : 00:19:43

Memory items scanned      : 280
Memory threats detected   : 0
Registry items scanned    : 6053
Registry threats detected : 3
File items scanned        : 14786
File threats detected     : 198

Disabled.SecurityCenterOption
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
	core.insightexpressai.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	ia.media-imdb.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	media.mtvnservices.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	media.scanscout.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	media.socialvibe.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	media1.break.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	secure-us.imrworldwide.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	www.funnypornvids.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	www.mofosex.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	www.momisnaked.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	www.naiadsystems.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	www.porngol.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	www.soundclick.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	wwwstatic.megaporn.com [ C:\Documents and Settings\Anthony\Application Data\Macromedia\Flash Player\#SharedObjects\QP5W787D ]
	.doubleclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.apmebf.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.atdmt.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.atdmt.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.specificmedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediaplex.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediaplex.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.myroitracking.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.divx.112.2o7.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.statcounter.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.bs.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ad.velmedia.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ad.velmedia.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.velmedia.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.lucidmedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.lucidmedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.lucidmedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adserver.adtechus.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertise.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	googleads.g.doubleclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediafire.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediafire.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediafire.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	xml.trafficengine.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediafire.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediafire.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	www.mediafire.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.tribalfusion.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ads-vrx.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	clicks.fastlookupdirectory.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	findmyhood.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	bridge2.admarketplace.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.admarketplace.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.at.atwola.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.at.atwola.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.at.atwola.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.mediabrandsww.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adecn.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.questionmarket.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.electronicarts.112.2o7.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ads.addynamix.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	in.getclicky.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.crackle.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.pro-market.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.crackle.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.crackle.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.crackle.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.crackle.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.crackle.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.kaspersky.122.2o7.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.247realmedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.247realmedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.yieldmanager.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	eas.apm.emediate.eu [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	eas.apm.emediate.eu [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.www.burstnet.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.questionmarket.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	mycounter.tinycounter.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.eyewonder.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.burstnet.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	gr.burstnet.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	dc.tremormedia.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adultadworld.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adultadworld.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adultadworld.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adultadworld.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adultadworld.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	members.realsexdates.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.adultadworld.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.xxxmatch.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	www.xxxmatch.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	www.xxxmatch.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	wt.xxxmatch.com [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.chitika.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]
	.videoegg.adbureau.net [ C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\ljzu3x09.default\cookies.sqlite ]

As you can see, I'm being bombarded with redirects to all kinds of junk sites. Nothing seriously malicious found though.

What are my next steps? :)

Thank you again!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:07 AM

Posted 13 November 2010 - 10:25 PM

Hello. Yes alot of ad and spyware,but something is causing the redirects so do this. We have a couple tools to use yet if needed.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 secretscenario

secretscenario
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 15 November 2010 - 01:09 PM

Thank again kindly for your reply.

Here are the new logs:

[TDSS Rootkit Log #2:]

2010/11/14 18:36:48.0734	TDSS rootkit removing tool 2.4.7.0 Nov  8 2010 10:52:22
2010/11/14 18:36:48.0734	================================================================================
2010/11/14 18:36:48.0734	SystemInfo:
2010/11/14 18:36:48.0734	
2010/11/14 18:36:48.0734	OS Version: 5.1.2600 ServicePack: 3.0
2010/11/14 18:36:48.0734	Product type: Workstation
2010/11/14 18:36:48.0734	ComputerName: ANTHONY-PC
2010/11/14 18:36:48.0734	UserName: Anthony
2010/11/14 18:36:48.0734	Windows directory: C:\WINDOWS
2010/11/14 18:36:48.0734	System windows directory: C:\WINDOWS
2010/11/14 18:36:48.0734	Processor architecture: Intel x86
2010/11/14 18:36:48.0734	Number of processors: 1
2010/11/14 18:36:48.0734	Page size: 0x1000
2010/11/14 18:36:48.0734	Boot type: Normal boot
2010/11/14 18:36:48.0734	================================================================================
2010/11/14 18:36:49.0015	Initialize success
2010/11/14 18:37:14.0843	================================================================================
2010/11/14 18:37:14.0843	Scan started
2010/11/14 18:37:14.0843	Mode: Manual; 
2010/11/14 18:37:14.0843	================================================================================
2010/11/14 18:37:15.0625	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/14 18:37:15.0687	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/14 18:37:15.0875	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/14 18:37:15.0953	AFD             (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
2010/11/14 18:37:16.0234	AmdPPM          (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/11/14 18:37:16.0687	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/14 18:37:16.0734	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/14 18:37:16.0812	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/14 18:37:16.0875	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/14 18:37:16.0937	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/14 18:37:17.0031	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/14 18:37:17.0078	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/14 18:37:17.0218	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/14 18:37:17.0281	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/14 18:37:17.0359	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/14 18:37:17.0859	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/14 18:37:17.0937	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/14 18:37:18.0078	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/14 18:37:18.0140	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/14 18:37:18.0218	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/14 18:37:18.0375	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/14 18:37:18.0484	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/14 18:37:18.0531	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/14 18:37:18.0625	FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/11/14 18:37:18.0750	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/14 18:37:18.0796	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/14 18:37:18.0859	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/14 18:37:18.0921	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/14 18:37:19.0031	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/14 18:37:19.0078	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/14 18:37:19.0125	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/14 18:37:19.0203	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/14 18:37:19.0375	HSFHWBS2        (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/14 18:37:19.0484	HSF_DPV         (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/11/14 18:37:19.0609	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/14 18:37:19.0796	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/14 18:37:19.0875	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/14 18:37:20.0140	IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/14 18:37:20.0359	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/14 18:37:20.0437	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/14 18:37:20.0531	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/14 18:37:20.0656	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/14 18:37:20.0734	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/14 18:37:20.0796	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/14 18:37:20.0906	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/14 18:37:20.0937	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/14 18:37:21.0046	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/14 18:37:21.0125	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/14 18:37:21.0343	LMIInfo         (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/11/14 18:37:21.0406	lmimirr         (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2010/11/14 18:37:21.0515	LMIRfsDriver    (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010/11/14 18:37:21.0593	lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/11/14 18:37:21.0656	LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/11/14 18:37:21.0765	LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/11/14 18:37:22.0078	LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/11/14 18:37:22.0265	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/14 18:37:22.0359	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/14 18:37:22.0437	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/14 18:37:22.0546	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/14 18:37:22.0593	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/14 18:37:22.0703	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/14 18:37:22.0843	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/14 18:37:22.0921	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/14 18:37:22.0984	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/14 18:37:23.0093	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/14 18:37:23.0156	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/14 18:37:23.0218	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/14 18:37:23.0281	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/14 18:37:23.0375	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/14 18:37:23.0437	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/14 18:37:23.0515	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/14 18:37:23.0609	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/14 18:37:23.0656	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/14 18:37:23.0703	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/14 18:37:23.0796	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/14 18:37:23.0828	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/14 18:37:23.0875	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/14 18:37:23.0921	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/14 18:37:24.0062	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/14 18:37:24.0109	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/14 18:37:24.0203	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/14 18:37:24.0453	nv              (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/14 18:37:24.0578	nvata           (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/11/14 18:37:24.0625	NVENETFD        (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/14 18:37:24.0687	nvnetbus        (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/14 18:37:24.0796	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/14 18:37:24.0843	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/14 18:37:24.0921	OVT511Plus      (c5739be3a8eecdf951955a38e1741f45) C:\WINDOWS\system32\Drivers\omcamvid.sys
2010/11/14 18:37:24.0968	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/14 18:37:25.0015	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/14 18:37:25.0078	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/14 18:37:25.0171	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/14 18:37:25.0296	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/14 18:37:25.0359	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/14 18:37:25.0765	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/14 18:37:25.0859	Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/14 18:37:25.0921	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/14 18:37:25.0984	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/14 18:37:26.0062	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/14 18:37:26.0375	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/14 18:37:26.0484	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/14 18:37:26.0578	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/14 18:37:26.0656	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/14 18:37:26.0781	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/14 18:37:26.0843	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/14 18:37:26.0921	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/14 18:37:27.0000	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/14 18:37:27.0093	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/14 18:37:27.0234	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/14 18:37:27.0265	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/14 18:37:27.0421	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/14 18:37:27.0500	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/14 18:37:27.0593	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/14 18:37:27.0718	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/14 18:37:27.0859	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/14 18:37:27.0921	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/14 18:37:28.0015	Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/14 18:37:28.0140	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/14 18:37:28.0218	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/14 18:37:28.0265	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/14 18:37:28.0531	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/14 18:37:28.0640	Tcpip           (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/14 18:37:28.0765	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/14 18:37:28.0828	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/14 18:37:28.0859	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/14 18:37:29.0078	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/11/14 18:37:29.0187	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/14 18:37:29.0281	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/14 18:37:29.0406	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/14 18:37:29.0515	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/14 18:37:29.0578	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/14 18:37:29.0640	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/14 18:37:29.0734	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/14 18:37:29.0781	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/14 18:37:29.0843	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/14 18:37:29.0890	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/14 18:37:30.0000	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/14 18:37:30.0125	W8100PCI        (44d6c7460bdb264e7a832f1debf5ba6b) C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
2010/11/14 18:37:30.0203	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/14 18:37:30.0343	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/14 18:37:30.0437	winachsf        (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/14 18:37:30.0718	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/14 18:37:30.0812	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/14 18:37:30.0906	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/14 18:37:31.0015	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/14 18:37:31.0312	================================================================================
2010/11/14 18:37:31.0312	Scan finished
2010/11/14 18:37:31.0312	================================================================================
2010/11/14 18:37:38.0734	Deinitialize success

[Malwarebytes' Anti-Malware Log #2:]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5065

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2010 12:23:55 AM
mbam-log-2010-11-015 (00-23-55).txt

Scan type: Quick scan
Objects scanned: 105457
Time elapsed: 8 minute(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: 

(regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you again!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:07 AM

Posted 15 November 2010 - 01:45 PM

If still redirecting,then I believe the router is infected. Your MBAM did not update.

update MBAM (below) Do not run yet.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE.

However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users