Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • Please log in to reply
17 replies to this topic

#1 RikCab

RikCab

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wareham, Ma, USA
  • Local time:04:16 AM

Posted 26 November 2010 - 01:16 PM

Hi,

I was hoping that you could help. I've been getting a lot of redirect when using Google Search Engine. It keeps going to a webpage saying I could be infected and than it shows a screen with drive letters, Like the "My Computer" window. Then it starts scanning. Also, since then I started having trouble with my MaigicJack phone. Sometimes I don't hear them talking or they don't hear me talking. Other time it just closes the program? Don't know if this is related or has something to do with their latest updates?
Hope this is helpful and I that you can help, thanks in advance, Richie

BC AdBot (Login to Remove)

 


#2 cookmiester

cookmiester

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Stoke-on-Trent
  • Local time:08:16 AM

Posted 26 November 2010 - 01:35 PM

Hello Richie, looks like your infected with a redirect virus trying to get you to download A Rogue AV
Please do the following
Download MalwareBytes Anti-Malware
Install And Update it
Run a scan and post your logs

Cookmiester

#3 RikCab

RikCab
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wareham, Ma, USA
  • Local time:04:16 AM

Posted 26 November 2010 - 07:16 PM

Hi Cookmiester,

Thanks for checking me out. I downloaded the Malware and ran it, did say anything that it found? But I am still getting that redirect. Here it is, again thanks. Rik



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5195

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/26/2010 5:36:48 PM
mbam-log-2010-11-26 (17-36-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 217600
Time elapsed: 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 cookmiester

cookmiester

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Stoke-on-Trent
  • Local time:08:16 AM

Posted 27 November 2010 - 06:10 AM

Hello richie, hmm, malware bytes doesn't seem to detect anything. Please would you download Super Anti-Spyware http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Then, update this and scan. Post your results

Cookmiester

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 27 November 2010 - 09:55 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan usb flash drives and/or other removable drives, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 RikCab

RikCab
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wareham, Ma, USA
  • Local time:04:16 AM

Posted 27 November 2010 - 09:58 PM

Hi Cookmiester,

Here is your requested scan log, all I saw was some tracking cookies.

quietman7, will follow up with your request....

thanks again guys for all your help, Rik



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/27/2010 at 09:22 PM

Application Version : 4.46.1000

Core Rules Database Version : 5919
Trace Rules Database Version: 3731

Scan type : Complete Scan
Total Scan Time : 00:33:58

Memory items scanned : 717
Memory threats detected : 0
Registry items scanned : 8027
Registry threats detected : 0
File items scanned : 25669
File threats detected : 87

Adware.Tracking Cookie
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\fatima@camperfinds[2].txt
a.ads2.msads.net [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
ads2.msads.net [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
b.ads2.msads.net [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
crackle.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
ia.media-imdb.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
media.mtvnservices.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
media.scanscout.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
msnbcmedia.msn.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
richmedia247.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
secure-us.imrworldwide.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
videos.mediaite.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
www.adultism.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
www.naiadsystems.com [ C:\Users\Fatima\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9KLAPCQR ]
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@advertising[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@msnbc.112.2o7[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@dc.tremormedia[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ads.ad4game[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ads.pointroll[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@e-2dj6wjlowgcjgkq.stats.esomniture[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ad.yieldmanager[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@pointroll[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@imrworldwide[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ads.pushplay[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@doubleclick[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@yieldmanager[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ad.wsod[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@fortunecity[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@adserver.adtechus[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@edgeadx[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@lucidmedia[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@statcounter[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@adinterax[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@specificmedia[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@msnportal.112.2o7[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@interclick[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ads.roiserver[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@clicksor[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@tacoda[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@overture[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@invitemedia[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@media6degrees[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@collective-media[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@rb4.worldsex[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@2o7[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@content.yieldmanager[3].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@e-2dj6whkismcjwco.stats.esomniture[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@www.googleadservices[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@bs.serving-sys[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@casalemedia[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@eyewonder[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ru4[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@www.googleadservices[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@worldsex[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@in.getclicky[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@mediaplex[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@tracking.realtor[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@chitika[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@myroitracking[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@adbrite[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@e-2dj6wfl4ulajwbo.stats.esomniture[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ads.undertone[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@atdmt[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@a1.interclick[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@tribalfusion[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@camperfinds[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@cdn1.trafficmp[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@serving-sys[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@intermundomedia[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@questionmarket[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@www.burstnet[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@media.adfrontiers[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@fastclick[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@specificclick[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@cn.clickable[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ads.adk2[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@rvfinder[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@at.atwola[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@apmebf[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@insightexpressai[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@trafficmp[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@zedo[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@t.pointroll[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@ads.addynamix[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@steelhousemedia[2].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@mediabrandsww[1].txt
C:\Users\Fatima\AppData\Roaming\Microsoft\Windows\Cookies\Low\fatima@www.checkingfinder[2].txt

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 27 November 2010 - 10:05 PM

Cookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

  • Persistent cookies have expiration dates set by the Web server when it passes the cookie and are stored on a user's hard drive until they expire or are deleted. These types of cookies are used to store information between visits to a site and collect identifying information about the user such as surfing behavior or preferences for a specific web site.
  • Session (transient) cookies are not saved to the hard drive, do not collect any information and have no set expiration date. They are used to temporarily hold information in the form of a session identification stored in memory as you browse web pages. These types of cookies are cached only while a user is visiting the Web server issuing the session cookie and are deleted from the cache when the user closes the session.
Cookies can be categorized as:
  • Trusted cookies are from sites you trust, use often, and want to be able to identify and personalize content for you.
  • Nuisance cookies are from those sites you do not recognize or often use but somehow it's put a cookie on your machine.
  • Bad cookies (i.e. persistent cookies, long term and third party tracking cookies) are those that can be linked to an ad company or something that tracks your movements across the web.
The type of persistent cookie that is a cause for some concern are "tracking cookies" because they can be considered a privacy risk. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. Cookies are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners.

Cookies are NOT a "threat". As text files they cannot be executed to cause any damage. Cookies do not cause any pop ups or install malware and they cannot erase or read information from a computer.

Cookies cannot be used to run code (run programs) or to deliver viruses to your computer.

MS Article ID: 60971 - Description of Cookies

To learn more about Cookies, please refer to:Flash cookies (or Local Shared Objects) and Evercookies are a newer way of tracking user behavior and surfing habits but they too are not a threat, nor can they harm your computer.

An Evercookie is a Javascript API created and managed persistent cookie which can be used to identify a user even after they have removed standard and Flash cookies. This is accomplished by creating a new cookie and storing the data in as many storage locations (currently eight) as it can find on the local browser. Storage mechanisms range from Standard HTTP and Flash cookies to HTML5's new storage methods. When evercookie finds that other types of cookies have been removed, it recreates them so they can be reused over and over.

Flash cookies are cookie-like data stored on a computer and used by all versions of Adobe Flash Player and similar applications. They can store much more information than traditional browser cookies and they are typically stored within each user’s Application Data directory with a ".SOL" extension, under the Macromedia\FlashPlayer\#SharedObjects folder. Unlike traditional cookies, Flash cookies cannot be managed through browser controls so they are more difficult to find and remove. However, they can be viewed, managed and deleted using the Website Storage Settings panel at Macromedia's Support Site. From this panel, you can change storage settings for a website, delete a specific website or delete all sites which erases any information that may have been stored on the computer. To prevent any Flash Cookies from being stored on your computer, go to the Global Storage Settings panel and uncheck the option “Allow third-party Flash content to store data on your computer”. For more information, please refer to:As long as you surf the Internet, you are going to get cookies and some of your security programs will flag them for removal. However, you can minimize the number of them which are stored on your computer by referring to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 RikCab

RikCab
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wareham, Ma, USA
  • Local time:04:16 AM

Posted 27 November 2010 - 10:05 PM

ran TDSS didn't seem to find anything? copied below, will continue after some sleep! Again thanks.....




2010/11/27 22:01:40.0110 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/27 22:01:40.0110 ================================================================================
2010/11/27 22:01:40.0110 SystemInfo:
2010/11/27 22:01:40.0110
2010/11/27 22:01:40.0110 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/27 22:01:40.0110 Product type: Workstation
2010/11/27 22:01:40.0110 ComputerName: FATIMA-PC
2010/11/27 22:01:40.0110 UserName: Fatima
2010/11/27 22:01:40.0110 Windows directory: C:\Windows
2010/11/27 22:01:40.0110 System windows directory: C:\Windows
2010/11/27 22:01:40.0110 Processor architecture: Intel x86
2010/11/27 22:01:40.0110 Number of processors: 2
2010/11/27 22:01:40.0110 Page size: 0x1000
2010/11/27 22:01:40.0110 Boot type: Normal boot
2010/11/27 22:01:40.0110 ================================================================================
2010/11/27 22:01:40.0580 Initialize success
2010/11/27 22:01:46.0406 ================================================================================
2010/11/27 22:01:46.0406 Scan started
2010/11/27 22:01:46.0406 Mode: Manual;
2010/11/27 22:01:46.0406 ================================================================================
2010/11/27 22:01:46.0819 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/27 22:01:46.0868 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/27 22:01:46.0899 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/27 22:01:46.0929 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/27 22:01:46.0958 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/27 22:01:47.0149 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/27 22:01:47.0256 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/11/27 22:01:47.0352 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/11/27 22:01:47.0387 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/27 22:01:47.0436 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/11/27 22:01:47.0478 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/11/27 22:01:47.0494 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/11/27 22:01:47.0546 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/27 22:01:47.0613 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/27 22:01:47.0688 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/27 22:01:47.0747 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/27 22:01:47.0819 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/27 22:01:47.0854 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/27 22:01:47.0953 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/27 22:01:48.0105 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/27 22:01:48.0290 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/27 22:01:48.0384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/27 22:01:48.0440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/27 22:01:48.0504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/27 22:01:48.0532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/27 22:01:48.0570 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/27 22:01:48.0590 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/27 22:01:48.0672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/27 22:01:48.0777 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
2010/11/27 22:01:48.0906 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/27 22:01:48.0950 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/27 22:01:49.0003 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/27 22:01:49.0055 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/27 22:01:49.0124 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/11/27 22:01:49.0164 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/11/27 22:01:49.0198 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/27 22:01:49.0238 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/27 22:01:49.0312 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/27 22:01:49.0434 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/27 22:01:49.0523 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/27 22:01:49.0602 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/27 22:01:49.0661 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/27 22:01:49.0727 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/27 22:01:49.0796 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/27 22:01:49.0917 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/27 22:01:49.0999 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/27 22:01:50.0130 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/27 22:01:50.0172 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/27 22:01:50.0213 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/27 22:01:50.0269 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/27 22:01:50.0317 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/27 22:01:50.0361 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/27 22:01:50.0418 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/27 22:01:50.0489 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/27 22:01:50.0572 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/27 22:01:50.0613 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/27 22:01:50.0644 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/27 22:01:50.0713 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/11/27 22:01:50.0780 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/27 22:01:50.0863 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/27 22:01:50.0884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/27 22:01:50.0988 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/27 22:01:51.0035 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/27 22:01:51.0140 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/27 22:01:51.0196 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/27 22:01:51.0247 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/27 22:01:51.0284 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/27 22:01:51.0458 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101124.002\IDSvix86.sys
2010/11/27 22:01:51.0562 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/27 22:01:51.0619 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/11/27 22:01:51.0648 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/27 22:01:51.0696 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/27 22:01:51.0802 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/27 22:01:51.0844 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/27 22:01:51.0912 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/27 22:01:51.0963 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/11/27 22:01:52.0021 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/27 22:01:52.0057 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/27 22:01:52.0080 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/27 22:01:52.0129 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/27 22:01:52.0182 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/11/27 22:01:52.0255 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/27 22:01:52.0394 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/27 22:01:52.0480 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/27 22:01:52.0510 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/27 22:01:52.0544 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/27 22:01:52.0587 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/27 22:01:52.0646 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/27 22:01:52.0698 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/27 22:01:52.0764 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/27 22:01:52.0816 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/27 22:01:52.0853 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/27 22:01:52.0894 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/27 22:01:52.0937 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/27 22:01:52.0978 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/27 22:01:53.0027 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/27 22:01:53.0096 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/27 22:01:53.0148 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/27 22:01:53.0188 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/27 22:01:53.0226 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/27 22:01:53.0277 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/11/27 22:01:53.0310 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/27 22:01:53.0373 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/27 22:01:53.0420 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/27 22:01:53.0475 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/27 22:01:53.0504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/27 22:01:53.0556 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/27 22:01:53.0602 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/27 22:01:53.0693 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/27 22:01:53.0723 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/27 22:01:53.0794 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/27 22:01:53.0922 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/27 22:01:54.0034 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101127.002\NAVENG.SYS
2010/11/27 22:01:54.0137 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101127.002\NAVEX15.SYS
2010/11/27 22:01:54.0318 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/27 22:01:54.0413 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/27 22:01:54.0461 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/27 22:01:54.0546 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/27 22:01:54.0597 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/27 22:01:54.0684 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/27 22:01:54.0725 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/27 22:01:54.0815 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/27 22:01:54.0875 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/27 22:01:54.0939 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/27 22:01:55.0007 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/27 22:01:55.0080 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/27 22:01:55.0132 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/27 22:01:55.0335 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/27 22:01:55.0555 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/11/27 22:01:55.0612 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2010/11/27 22:01:55.0651 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/11/27 22:01:55.0692 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/11/27 22:01:55.0797 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/27 22:01:55.0896 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/11/27 22:01:55.0938 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/27 22:01:55.0980 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/27 22:01:56.0032 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/27 22:01:56.0069 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/11/27 22:01:56.0135 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/27 22:01:56.0198 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/27 22:01:56.0377 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/27 22:01:56.0419 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/27 22:01:56.0496 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/27 22:01:56.0563 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/27 22:01:56.0622 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/27 22:01:56.0666 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/27 22:01:56.0709 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/27 22:01:56.0758 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/27 22:01:56.0807 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/27 22:01:56.0867 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/27 22:01:56.0923 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/27 22:01:56.0968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/27 22:01:57.0039 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/11/27 22:01:57.0102 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/27 22:01:57.0162 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/27 22:01:57.0264 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/27 22:01:57.0366 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/27 22:01:57.0388 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/27 22:01:57.0490 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/27 22:01:57.0589 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/27 22:01:57.0643 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/27 22:01:57.0708 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/11/27 22:01:57.0767 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/27 22:01:57.0886 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/11/27 22:01:57.0917 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/27 22:01:57.0951 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/27 22:01:57.0981 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/27 22:01:58.0073 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/11/27 22:01:58.0119 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/11/27 22:01:58.0178 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/27 22:01:58.0264 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/27 22:01:58.0349 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/27 22:01:58.0443 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
2010/11/27 22:01:58.0551 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
2010/11/27 22:01:58.0624 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/27 22:01:58.0675 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/27 22:01:58.0726 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/27 22:01:58.0809 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/27 22:01:58.0871 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/27 22:01:58.0947 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
2010/11/27 22:01:59.0029 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
2010/11/27 22:01:59.0072 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/11/27 22:01:59.0119 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
2010/11/27 22:01:59.0168 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
2010/11/27 22:01:59.0216 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/27 22:01:59.0244 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/27 22:01:59.0341 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/27 22:01:59.0407 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/27 22:01:59.0447 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/27 22:01:59.0510 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/27 22:01:59.0546 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/27 22:01:59.0591 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/27 22:01:59.0646 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/27 22:01:59.0750 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/27 22:01:59.0808 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/27 22:01:59.0828 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/27 22:01:59.0878 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/11/27 22:01:59.0934 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/27 22:02:00.0009 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/27 22:02:00.0039 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/27 22:02:00.0063 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/27 22:02:00.0097 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/27 22:02:00.0134 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/27 22:02:00.0207 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/27 22:02:00.0252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/27 22:02:00.0301 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/27 22:02:00.0339 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/27 22:02:00.0365 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/27 22:02:00.0393 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/27 22:02:00.0474 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/27 22:02:00.0512 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/27 22:02:00.0584 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/27 22:02:00.0651 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/27 22:02:00.0699 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/27 22:02:00.0753 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/11/27 22:02:00.0777 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/27 22:02:00.0820 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/11/27 22:02:00.0906 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/27 22:02:00.0955 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/27 22:02:01.0014 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/27 22:02:01.0074 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/27 22:02:01.0148 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/27 22:02:01.0210 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/27 22:02:01.0235 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/27 22:02:01.0352 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/27 22:02:01.0401 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/27 22:02:01.0800 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/27 22:02:01.0914 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/27 22:02:02.0005 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/27 22:02:02.0080 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/11/27 22:02:02.0123 ================================================================================
2010/11/27 22:02:02.0123 Scan finished
2010/11/27 22:02:02.0123 ================================================================================

#9 cookmiester

cookmiester

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Stoke-on-Trent
  • Local time:08:16 AM

Posted 28 November 2010 - 04:59 AM

I know this isn't the greatest idea but, have you tried using an alternative web browser? See if it makes a difference.

Cookmiester

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 28 November 2010 - 08:25 AM

Now do the scan with Norman Malware Cleaner.

Then try doing an online scan to see if it finds anything else (i.e. remnants) that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 RikCab

RikCab
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wareham, Ma, USA
  • Local time:04:16 AM

Posted 30 November 2010 - 09:27 AM

Hi quietman7,

Been crazy around here! I wanted to say that it doesn't happen all the time on every entry. It doesn't seem to do much else after performing a fake scan and saying I have 37 Trojans!! Then it say Window Defender will fix the problem, then it goes to the download window, it asks to download some file. It's just a lot of clicking to get out and even in the end when you close the main browser window, it ask are you sure!!! Maybe it's not my computer but Google search??

I ran the Norm... and here is the file, I will continue with the ESet online scan.

Cookmiester
I don't see the browser issue, I did run FireFox before for certain video sites. But here I use IE and the problem only seems to be with google search, which is the one I use, maybe I should try yahoo and such. It's also not every return that is redirected but every redirect is to the same web page. It starts as the new window opens I get a smaller popup window from the web page stating my computer is infected and do I want to run a scan.

It states I have Varity of suspicious program…will perform a free check and your choices are, ok, cancel and the red X in the top right corner. No matter what you click the web page open to a screen shot of a windows “computer” it shows 2 local h/d C; D; and a floppy drive and a CD player. Then it shows a bar as if it were scanning. It returns some ridicules number of virus listed below. Then another popup opens stating Windows Defender has detected Spyware and ready to remove them. Again your choices are Remove all, Cancel and the red X, no matter what you click even if you click on the original web page, once clicked another popup pops to download the solution!! It will then keep popping up with the request to D/L, after that I X out on the main web page, and still it popup with “ are you sure???” I say yes and then it closes, it’s a project!!!



Norman Malware Cleaner
Version 1.8.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/29 05:39:29

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/11/29 05:39:29, Variants: 8215869

Scan started: 2010/11/29 08:44:23

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2
Logged on user: Fatima-PC\Fatima


Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 94ms


Scanning running processes and process memory...

Number of processes/threads found: 6598
Number of processes/threads scanned: 6598
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 28s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\System Volume Information\{06f65b38-e673-11df-a370-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{0bc59dbc-f30e-11df-8b83-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{10aa531e-f81a-11df-bd06-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{13e7b996-f03e-11df-9e56-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1bdc75c5-e1bf-11df-97e5-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1bdc75ee-e1bf-11df-97e5-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{23fee8b8-e285-11df-95f8-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{27a59cf9-e0dc-11df-9de3-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{27d09ea8-f0be-11df-9efa-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3401b561-fa43-11df-a87b-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{46650279-f248-11df-b270-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{4cc79c3c-ebfc-11df-b262-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{532998bc-e5aa-11df-aff7-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{532998c0-e5aa-11df-aff7-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{5329996a-e5aa-11df-aff7-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{75ee3237-fafb-11df-895a-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{75ee325b-fafb-11df-895a-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{940bb1a1-f632-11df-aa9c-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{9a31d23c-f7ce-11df-8af8-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{ba839003-f8ab-11df-a4d5-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{be744478-eea1-11df-a99f-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c09c0f78-ed8e-11df-ac26-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c09c0fd1-ed8e-11df-ac26-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c09c0fef-ed8e-11df-ac26-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c6bccfa4-f17e-11df-9b21-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d94fa018-e35a-11df-94c0-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d9e07c79-f6fb-11df-978d-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{def86dee-f976-11df-ac19-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{def86df3-f976-11df-ac19-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{f04f44d0-f394-11df-9c7a-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{f49e1f28-e74f-11df-918c-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{fb3148ba-e029-11df-976b-001921db4bf0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 30 November 2010 - 09:40 AM

Malwarebytes Anti-Malware has been updated to v1.50. Uninstall the old version, then download and install the most current version from here AFTER the Eset scan.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

The database in your previous log shows 5195. Last I checked it was 5217.

Update the database through the program's interface (preferable method). Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 RikCab

RikCab
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wareham, Ma, USA
  • Local time:04:16 AM

Posted 03 December 2010 - 07:41 AM

Hi Quitman7,

I did then ESet and it did not find any threats. So I didn't have "list of found threats" shown or able to save any file. I cleaned up all the other scanners and will clean up ESet and reboot. I'll then d/l Malwarebytes and run that again.
I wonder though really if this is a Google thing? I used the search box on the top rightside of my IE. Which the default is set to Google. When I type in "1988 22' Fleetwood Wilderness floor plan" I get a list of returns. Right at the top a few of the links do the redirecting, not all? Mybe you could try the search and see it it pops up on you? Maybe some of the returns are actually redirected links???? I don't know????? But I will redo Malware........ be back, thanks

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 03 December 2010 - 08:01 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 RikCab

RikCab
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wareham, Ma, USA
  • Local time:04:16 AM

Posted 03 December 2010 - 09:02 AM

Here's the new log file, again doesn't show anything? Still wondering if it was just bogus links?


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5237

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/3/2010 8:41:54 AM
mbam-log-2010-12-03 (08-41-54).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 207116
Time elapsed: 40 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users