Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SweetIm virus


  • Please log in to reply
43 replies to this topic

#1 Kiekocat

Kiekocat

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 19 March 2011 - 12:05 AM

To whom it may concern:
I downloaded SweetIm and had it on my computer for about a week. I ended up with a virus from it and it has caused at least 14 problems. As I said some are in the Hkeys and I have heard not to delete these Hkeys. I have Vista home basic 32 bit and am now using IE7. I also have malwarebytes on my computer and when I ran the scan it showed there was 14 problems. I didn't know whether to delete anything or quarenteen them. I am computer illiterate and have no idea how to use the malwarebytes or much of anything else on the computer. Also, I think it shows the problem as Webfun or Funweb sites. Like I said I am computer illiterate.
Oh by the way I have Microsoft Security Essentials antivirus too. But it didn't catch the virus.
Thank you in advance.

Edited by Orange Blossom, 19 March 2011 - 12:33 AM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 19 March 2011 - 10:18 AM

Hello, never change your registryt on your own with out making a backup of it first.
Let's start by looking at your log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 19 March 2011 - 06:00 PM

Thank you for getting back with me. These are the two scans I did from Malwarebytes on two seperate days. I did quarantine the problems. I ran the TFC old timer and rebooted as suggested. Thanks again.


My computer system is Windows Vista homebasic 32bit (EMachine) 2007 microsoft corp. Service pack 2, Processor--AmD athlon ™ processor 2650 1.60Ghz mrmory tsm--2.0 GB
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4629

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/16/2011 4:16:38 PM
mbam-log-2011-03-16 (16-16-38).txt

Scan type: Quick scan
Objects scanned: 130750
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4629

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/19/2011 8:52:23 AM
mbam-log-2011-03-19 (08-52-23).txt

Scan type: Quick scan
Objects scanned: 130814
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 19 March 2011 - 06:02 PM

Thank you for getting back with me. These are the two scans I did from Malwarebytes on two seperate days. I did quarantine the problems. I ran the TFC old timer and rebooted as suggested. Thanks again.


My computer system is Windows Vista homebasic 32bit (EMachine) 2007 microsoft corp. Service pack 2, Processor--AmD athlon processor 2650 1.60Ghz mrmory tsm--2.0 GB
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4629

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/16/2011 4:16:38 PM
mbam-log-2011-03-16 (16-16-38).txt

Scan type: Quick scan
Objects scanned: 130750
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4629

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/19/2011 8:52:23 AM
mbam-log-2011-03-19 (08-52-23).txt

Scan type: Quick scan
Objects scanned: 130814
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 19 March 2011 - 06:34 PM

Hello again, First do you want the SweetIM application meesenger service? If not then next remove it thru Conytol Panel;s Uninstall.

Now your MBAm is very old. Your log shows
Malwarebytes' Anti-Malware 1.46
Database version: 4629

Its now at
Malwarebytes' Anti-Malware 1.50+
Database version: 6108

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next we run a safe mode scan and I think we will have this.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Edited by boopme, 19 March 2011 - 06:34 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 20 March 2011 - 01:29 PM

Thank you so much for your help. You asked if I wanted the SweetIm messenger service. ABSOLUTELY NOT. That is what has given me so much trouble to begin with. I did the uninstall. I upgraded my MBAM and followed your instructions. But it would not let me update. I guess it is because I used the free edition. Is there another way to update it? Free!
I still have the problems that MBAM found in quarantine there so do I do anything with those. Some (as I sent you in a log contain hkeys).
I downloaded Super antispyware and did all you asked there too. As you will see in the log from it I had 91 problems. So, do I just keep them in quaratine or delete or what? Thank you for any advice. The computer seems to do some better now even a little faster.
Just a sidepoint: If I wanted to go to firefox: Is it compatable with my system? You already have a record of my computer status. Just a thought. I heard IE is what causes a lot of problems on the computer. True or false?
Here is the logs from both scans. MBAM and Superantispyware.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2011 at 01:57 PM

Application Version : 4.50.1002

Core Rules Database Version : 6636
Trace Rules Database Version: 4448

Scan type : Complete Scan
Total Scan Time : 00:51:22

Memory items scanned : 265
Memory threats detected : 0
Registry items scanned : 7411
Registry threats detected : 0
File items scanned : 91390
File threats detected : 91

Adware.Tracking Cookie
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@questionmarket[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@atdmt[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@liveperson[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@collective-media[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@serving-sys[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@adxpose[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@revsci[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@ad.yieldmanager[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@liveperson[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@doubleclick[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@invitemedia[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@ads.bleepingcomputer[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@dmtracker[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@content.yieldmanager[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@adecn[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\boyds@sales.liveperson[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@2o7[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@a1.interclick[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@ad.wsod[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@ad.yieldmanager[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@adbrite[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@adecn[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@adlegend[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@ads.bleepingcomputer[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@ads.pointroll[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@advertising[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@adxpose[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@apmebf[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@at.atwola[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@atdmt[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@avgtechnologies.112.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@bassproshops.122.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@bs.serving-sys[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@burstnet[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@clickbank[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@collective-media[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@content.yieldmanager[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@content.yieldmanager[3].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@d3.zedo[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@dmtracker[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@doubleclick[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@edgeadx[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@eyewonder[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@fastclick[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@hammacher.112.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@hpi.rotator.hadj7.adjuggler[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@imrworldwide[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@insightexpressai[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@interclick[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@invitemedia[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@kontera[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@media6degrees[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@mediaplex[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@microsoftsto.112.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@microsoftwindows.112.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@microsoftwlsearchcrm.112.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@mm.chitika[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@msnbc.112.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@msnportal.112.2o7[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@msnservices.112.2o7[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@overture[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@pointroll[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@questionmarket[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@realmedia[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@revsci[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@ru4[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@serving-sys[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@specificclick[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@specificmedia[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@statcounter[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@stats.manticoretechnology[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@statse.webtrendslive[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@steelhousemedia[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@stopzilla[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@tacoda.at.atwola[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@trafficmp[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@tribalfusion[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.burstnet[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.googleadservices[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.googleadservices[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.googleadservices[3].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.googleadservices[4].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.googleadservices[5].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.googleadservices[6].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.googleadservices[8].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.stopzilla[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.surf-track[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@www.technologyquestions[2].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@yieldmanager[1].txt
C:\Users\Boyds\AppData\Roaming\Microsoft\Windows\Cookies\Low\boyds@zedo[1].txt


MBAM scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/20/2011 11:24:26 AM
mbam-log-2011-03-20 (11-24-26).txt

Scan type: Quick scan
Objects scanned: 129897
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again.

#7 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 20 March 2011 - 01:32 PM

Sorry that I posted again. I told you I was computer illiterate. I am having a problem trying to "send" the replys etc. So if I have sent more than I needed to I apologize.
Thanks

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 20 March 2011 - 02:08 PM

No, I think all this trouble may be a TDSS rootkit.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 20 March 2011 - 04:55 PM

Thanks again, but no problems showed on this log.
What do I do now?
Here is the log:
2011/03/20 17:47:16.0936 3092 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/20 17:47:17.0922 3092 ================================================================================
2011/03/20 17:47:17.0922 3092 SystemInfo:
2011/03/20 17:47:17.0922 3092
2011/03/20 17:47:17.0922 3092 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/20 17:47:17.0922 3092 Product type: Workstation
2011/03/20 17:47:17.0922 3092 ComputerName: ERVINANDCATHY
2011/03/20 17:47:17.0922 3092 UserName: Boyds
2011/03/20 17:47:17.0922 3092 Windows directory: C:\Windows
2011/03/20 17:47:17.0922 3092 System windows directory: C:\Windows
2011/03/20 17:47:17.0922 3092 Processor architecture: Intel x86
2011/03/20 17:47:17.0922 3092 Number of processors: 1
2011/03/20 17:47:17.0922 3092 Page size: 0x1000
2011/03/20 17:47:17.0923 3092 Boot type: Normal boot
2011/03/20 17:47:17.0923 3092 ================================================================================
2011/03/20 17:47:18.0653 3092 Initialize success
2011/03/20 17:47:25.0801 3152 ================================================================================
2011/03/20 17:47:25.0801 3152 Scan started
2011/03/20 17:47:25.0801 3152 Mode: Manual;
2011/03/20 17:47:25.0801 3152 ================================================================================
2011/03/20 17:47:26.0133 3152 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/20 17:47:26.0228 3152 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/20 17:47:26.0303 3152 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/20 17:47:26.0341 3152 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/20 17:47:26.0383 3152 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/20 17:47:26.0478 3152 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/20 17:47:26.0586 3152 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/20 17:47:26.0676 3152 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/20 17:47:26.0740 3152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/20 17:47:26.0807 3152 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/20 17:47:26.0869 3152 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/20 17:47:26.0916 3152 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/20 17:47:26.0984 3152 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/20 17:47:27.0032 3152 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/20 17:47:27.0102 3152 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/20 17:47:27.0174 3152 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/20 17:47:27.0233 3152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/20 17:47:27.0297 3152 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/20 17:47:27.0481 3152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/20 17:47:27.0574 3152 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/20 17:47:27.0627 3152 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/20 17:47:27.0696 3152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/20 17:47:27.0744 3152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/20 17:47:27.0820 3152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/20 17:47:27.0870 3152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/20 17:47:27.0930 3152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/20 17:47:27.0983 3152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/20 17:47:28.0036 3152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/20 17:47:28.0118 3152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/20 17:47:28.0184 3152 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/20 17:47:28.0253 3152 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/20 17:47:28.0330 3152 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/20 17:47:28.0422 3152 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/20 17:47:28.0496 3152 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/03/20 17:47:28.0559 3152 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/20 17:47:28.0609 3152 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/20 17:47:28.0718 3152 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/20 17:47:28.0854 3152 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/20 17:47:28.0955 3152 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/20 17:47:29.0025 3152 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/20 17:47:29.0101 3152 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/20 17:47:29.0185 3152 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/20 17:47:29.0265 3152 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/20 17:47:29.0357 3152 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/20 17:47:29.0503 3152 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/20 17:47:29.0557 3152 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/20 17:47:29.0658 3152 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/20 17:47:29.0745 3152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/20 17:47:29.0801 3152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/20 17:47:29.0851 3152 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/20 17:47:29.0926 3152 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/20 17:47:30.0019 3152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/20 17:47:30.0066 3152 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/20 17:47:30.0163 3152 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/20 17:47:30.0285 3152 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/20 17:47:30.0363 3152 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/20 17:47:30.0442 3152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/20 17:47:30.0508 3152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/20 17:47:30.0593 3152 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/20 17:47:30.0641 3152 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/20 17:47:30.0728 3152 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/03/20 17:47:30.0793 3152 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/20 17:47:30.0865 3152 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/20 17:47:30.0929 3152 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/20 17:47:30.0991 3152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/20 17:47:31.0107 3152 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/03/20 17:47:31.0213 3152 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/20 17:47:31.0393 3152 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/20 17:47:31.0439 3152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/20 17:47:31.0533 3152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/20 17:47:31.0627 3152 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/20 17:47:31.0689 3152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/20 17:47:31.0736 3152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/20 17:47:31.0803 3152 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/20 17:47:31.0874 3152 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/20 17:47:31.0912 3152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/20 17:47:31.0966 3152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/20 17:47:32.0015 3152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/20 17:47:32.0091 3152 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/20 17:47:32.0173 3152 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/20 17:47:32.0278 3152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/20 17:47:32.0388 3152 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/20 17:47:32.0429 3152 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/20 17:47:32.0494 3152 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/20 17:47:32.0571 3152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/20 17:47:32.0625 3152 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/20 17:47:32.0684 3152 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/20 17:47:32.0756 3152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/20 17:47:32.0825 3152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/20 17:47:32.0873 3152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/20 17:47:32.0919 3152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/20 17:47:32.0971 3152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/20 17:47:33.0039 3152 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/20 17:47:33.0099 3152 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/20 17:47:33.0376 3152 MpKsl9a7a6d1d (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D3A76FC-5B98-40BF-9254-E4DBB7C11CCD}\MpKsl9a7a6d1d.sys
2011/03/20 17:47:33.0519 3152 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/20 17:47:33.0585 3152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/20 17:47:33.0642 3152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/20 17:47:33.0713 3152 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/20 17:47:33.0786 3152 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/20 17:47:33.0839 3152 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/20 17:47:33.0900 3152 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/20 17:47:33.0965 3152 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/20 17:47:34.0015 3152 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/20 17:47:34.0110 3152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/20 17:47:34.0180 3152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/20 17:47:34.0253 3152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/20 17:47:34.0330 3152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/20 17:47:34.0381 3152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/20 17:47:34.0446 3152 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/20 17:47:34.0506 3152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/20 17:47:34.0561 3152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/20 17:47:34.0622 3152 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/20 17:47:34.0712 3152 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/20 17:47:34.0788 3152 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/20 17:47:34.0892 3152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/20 17:47:34.0943 3152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/20 17:47:35.0010 3152 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/20 17:47:35.0062 3152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/20 17:47:35.0130 3152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/20 17:47:35.0204 3152 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/20 17:47:35.0304 3152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/20 17:47:35.0388 3152 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/20 17:47:35.0476 3152 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/20 17:47:35.0556 3152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/20 17:47:35.0657 3152 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/20 17:47:35.0728 3152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/20 17:47:35.0785 3152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/20 17:47:35.0890 3152 NVENETFD (c39ad3b818502edfa4b819148b72a0e3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/03/20 17:47:36.0138 3152 nvlddmkm (69d60d2ecd43d0f9f3accc16926e9128) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/20 17:47:36.0323 3152 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/20 17:47:36.0369 3152 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/20 17:47:36.0443 3152 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/03/20 17:47:36.0542 3152 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/20 17:47:36.0679 3152 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/03/20 17:47:36.0800 3152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/20 17:47:36.0867 3152 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/20 17:47:36.0916 3152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/20 17:47:37.0012 3152 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/20 17:47:37.0079 3152 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/03/20 17:47:37.0144 3152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/20 17:47:37.0224 3152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/20 17:47:37.0421 3152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/20 17:47:37.0473 3152 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/20 17:47:37.0585 3152 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/20 17:47:37.0642 3152 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/20 17:47:37.0739 3152 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/20 17:47:37.0820 3152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/20 17:47:37.0883 3152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/20 17:47:37.0930 3152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/20 17:47:37.0992 3152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/20 17:47:38.0086 3152 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/20 17:47:38.0146 3152 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/20 17:47:38.0220 3152 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/20 17:47:38.0281 3152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/20 17:47:38.0352 3152 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/20 17:47:38.0399 3152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/20 17:47:38.0461 3152 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/20 17:47:38.0578 3152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/20 17:47:38.0725 3152 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/20 17:47:38.0766 3152 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/20 17:47:38.0840 3152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/20 17:47:38.0946 3152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/20 17:47:39.0021 3152 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/20 17:47:39.0079 3152 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/20 17:47:39.0121 3152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/20 17:47:39.0233 3152 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/20 17:47:39.0277 3152 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/20 17:47:39.0320 3152 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/20 17:47:39.0376 3152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/20 17:47:39.0448 3152 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/20 17:47:39.0526 3152 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/20 17:47:39.0573 3152 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/20 17:47:39.0663 3152 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/20 17:47:39.0746 3152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/20 17:47:39.0838 3152 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/20 17:47:39.0906 3152 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/20 17:47:39.0952 3152 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/20 17:47:40.0051 3152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/20 17:47:40.0108 3152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/20 17:47:40.0163 3152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/20 17:47:40.0203 3152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/20 17:47:40.0334 3152 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/03/20 17:47:40.0422 3152 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/20 17:47:40.0504 3152 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/20 17:47:40.0569 3152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/20 17:47:40.0614 3152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/20 17:47:40.0685 3152 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/20 17:47:40.0748 3152 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/20 17:47:40.0883 3152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/20 17:47:40.0942 3152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/20 17:47:41.0025 3152 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/20 17:47:41.0079 3152 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/20 17:47:41.0159 3152 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/20 17:47:41.0248 3152 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/20 17:47:41.0304 3152 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/20 17:47:41.0348 3152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/20 17:47:41.0412 3152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/20 17:47:41.0462 3152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/20 17:47:41.0538 3152 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/20 17:47:41.0604 3152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/20 17:47:41.0683 3152 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/20 17:47:41.0740 3152 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/20 17:47:41.0790 3152 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/20 17:47:41.0856 3152 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/20 17:47:41.0952 3152 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/20 17:47:42.0007 3152 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/20 17:47:42.0093 3152 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/20 17:47:42.0139 3152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/20 17:47:42.0213 3152 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/20 17:47:42.0255 3152 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/20 17:47:42.0318 3152 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/20 17:47:42.0366 3152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/20 17:47:42.0444 3152 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/20 17:47:42.0538 3152 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/20 17:47:42.0601 3152 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/20 17:47:42.0684 3152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/20 17:47:42.0743 3152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/20 17:47:42.0806 3152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/20 17:47:42.0888 3152 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/20 17:47:42.0945 3152 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/20 17:47:43.0181 3152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/20 17:47:43.0323 3152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/20 17:47:43.0444 3152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/20 17:47:43.0659 3152 ================================================================================
2011/03/20 17:47:43.0659 3152 Scan finished
2011/03/20 17:47:43.0659 3152 ================================================================================

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 20 March 2011 - 07:02 PM

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine..

Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 20 March 2011 - 07:31 PM

Thanks for your help. I downloaded the MBAM updates. I will see what happens from here. If I need to do anything else please let me know.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 20 March 2011 - 07:39 PM

Just post the log and tell me how its running.
Ill be back in about 1 1/2 hours
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 22 March 2011 - 08:44 AM

MBAM updates undoubledly did not install. I don't know if I said or not but I am running the free MBAM. I can't afford to buy it. I ran the MBAM again and the same problems are still in the quarantine. Thanks so much. I am just concerned that some of those Hkeys are important in running my computer. Again, thanks.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 22 March 2011 - 10:13 AM

Don't buy anything, everything I send you is to use a free version.

If still no joy.
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Kiekocat

Kiekocat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 23 March 2011 - 11:53 AM

Thank you for advice. I did as you said with the MBAM download. Everything seems Ok. Here is the log from it. Does this mean I am safe from the virus now? Thanks again.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6142

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/23/2011 12:45:42 PM
mbam-log-2011-03-23 (12-45-42).txt

Scan type: Quick scan
Objects scanned: 138823
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users