Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected by 'XP Security 2011'??


  • Please log in to reply
17 replies to this topic

#1 7764jodie

7764jodie

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 May 2011 - 10:56 AM

Hi hopefully I'm posting in the right forum, can't really see as I'm trying to do this using my phones Internet!? :s
Don't know much about computers at all so I apologise in advance!
My problem is all of a sudden today when loading Google my computer went a little crazy, then up popped 'XP Security 2011' telling me my computer was infected & I needed to protect it using this, I immediately thought this was a virus so closed it down but now it keeps popping up, it has switched my 'Firewall' off & won't let me turn it back on! :(

When trying to load the Internet it blocks it everytime & this message appears;

Internet Explorer alert. Visiting this site may pose a Security threat to your system!

Possible reasons include:
* Dangerous code found in this sites page which installs unwanted software into your system.
* Suspicious & potentially unsafe network activity detected.
* Spyware infection in your system.
* Complaints from other users about this site.
* Port & system scans performed by the site being visited.

Things you can do:
* Get a copy of 'XP Security 2011' to safeguard your PC while surfing the web (RECOMMENDED)
* Run spyware, virus & malware scan
* Continue surfing without any security measures (DANGEROUS)


........iv tried to continue without security measures but it jus flashes & flicks straight back to the above page!
I do have 'Spybot search & destroy' & 'Virgin media security' loaded onto my computer but that's it, Virgin media is currently running a full scan which usually takes a while, but I'm unable at the moment to post you the results as I can't access the net!?

PLEASE HELP?? :(
Many thanks ;)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 11 May 2011 - 09:40 AM

Hello, sorry for the slow response,we are being inundated too.


Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 12 May 2011 - 12:53 AM

It's ok not a problem I can see your busy! :)
Thanks I'll do this today & post back to you as soon as ;)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 12 May 2011 - 10:00 AM

Thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 13 May 2011 - 12:07 PM

Thanks for your help, sorry for slow reply but took alnight for Super Anti spyware to scan!!
Here the Log for it:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2011 at 09:27 PM

Application Version : 4.52.1000

Core Rules Database Version : 5542
Trace Rules Database Version: 2869

Scan type : Complete Scan
Total Scan Time : 02:18:47

Memory items scanned : 325
Memory threats detected : 0
Registry items scanned : 8647
Registry threats detected : 3
File items scanned : 119968
File threats detected : 341

Adware.Tracking Cookie
C:\Documents and Settings\PAULY\Cookies\pauly@adbrite[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@CA7710S0.txt
C:\Documents and Settings\PAULY\Cookies\pauly@CAUOVFMI.txt
C:\Documents and Settings\PAULY\Cookies\pauly@CAJIFDCW.txt
C:\Documents and Settings\PAULY\Cookies\pauly@CA7VVZ6D.txt
C:\Documents and Settings\PAULY\Cookies\pauly@CANUA1O7.txt
C:\Documents and Settings\PAULY\Cookies\pauly@collective-media[3].txt
cdn1.static.pornhub.phncdn.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
cdn2.invitemedia.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
cdn5.specificclick.net [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
cloud.video.unrulymedia.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
ec.atdmt.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
gw.callingbanners.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
media.buto.tv [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
media1.break.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
spe.atdmt.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
track.webgains.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
www.pornhub.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
www.virginmedia.com [ C:\Documents and Settings\PAULY\Application Data\Macromedia\Flash Player\#SharedObjects\BU4TVZ8R ]
C:\Documents and Settings\PAULY\Cookies\pauly@112.2o7[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@2o7[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@2o7[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ad.yieldmanager[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adbrite[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adbrite[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adbrite[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adbrite[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adbrite[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adbrite[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adecn[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adecn[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adform[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ads.intergi[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ads.lycos[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ads.pubmatic[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ads.pubmatic[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ads.raasnet[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ads.verticalscope[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adtech[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adtech[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@advertising[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adviva[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@adxpose[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@apmebf[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ar.atwola[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ar.atwola[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ar.atwola[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@at.atwola[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@atdmt[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@bs.serving-sys[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@burstnet[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@casalemedia[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@casalemedia[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@chitika[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@clickfuse[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@collective-media[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@content.yieldmanager[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@counter2.hitslink[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@doubleclick[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@e-2dj6aekykjdjghq.stats.esomniture[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@e-2dj6wfkychdjmbo.stats.esomniture[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@e-2dj6wjk4cod5ebp.stats.esomniture[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@eyewonder[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@fastclick[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@fastclick[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@imrworldwide[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@imrworldwide[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@imrworldwide[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@imrworldwide[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@imrworldwide[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@interclick[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@invitemedia[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media.mtvnservices[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media6degrees[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media6degrees[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media6degrees[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media6degrees[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media6degrees[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media6degrees[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@media6degrees[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@mediaplex[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@men.122.2o7[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@menmedia.co[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@msnportal.112.2o7[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@newsquestdigitalmedia.122.2o7[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@nickelodeonuk.112.2o7[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@overture[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@paypal.112.2o7[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@paypal.112.2o7[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@questionmarket[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@questionmarket[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@revsci[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@royalbankofscotland.122.2o7[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@royalbankofscotland.122.2o7[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ru4[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ru4[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ru4[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ru4[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ru4[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@ru4[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@search.virginmedia[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@server.cpmstar[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@server.lon.liveperson[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@server.lon.liveperson[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@server.lon.liveperson[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@server.lon.liveperson[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@serving-sys[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@specificclick[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@sport.virginmedia[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@sport.virginmedia[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@stat.onestat[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@stats.paypal[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@statse.webtrendslive[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@statse.webtrendslive[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@statse.webtrendslive[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@swindonadvertiser.co[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda.at.atwola[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda.at.atwola[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda.at.atwola[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda.at.atwola[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda.at.atwola[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda.at.atwola[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tacoda[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@track.adform[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tracking.adjug[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tradedoubler[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tradedoubler[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tribalfusion[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tribalfusion[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@tribalfusion[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@uk.at.atwola[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@user.lucidmedia[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@user.lucidmedia[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@user.lucidmedia[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@user.lucidmedia[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@user.lucidmedia[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@user.lucidmedia[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@vdwp.solution.weborama[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@vdwp.solution.weborama[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@virginmedia[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@weborama[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@weborama[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.burstnet[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.burstnet[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.googleadservices[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.googleadservices[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.googleadservices[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.googleadservices[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.googleadservices[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.googleadservices[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.swindonadvertiser.co[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[10].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[11].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[6].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[7].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[8].txt
C:\Documents and Settings\PAULY\Cookies\pauly@www.virginmedia[9].txt
C:\Documents and Settings\PAULY\Cookies\pauly@xiti[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@yadro[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@yieldmanager[1].txt
C:\Documents and Settings\PAULY\Cookies\pauly@yieldmanager[2].txt
C:\Documents and Settings\PAULY\Cookies\pauly@yieldmanager[3].txt
C:\Documents and Settings\PAULY\Cookies\pauly@yieldmanager[4].txt
C:\Documents and Settings\PAULY\Cookies\pauly@yieldmanager[5].txt
C:\Documents and Settings\PAULY\Cookies\pauly@zedo[2].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@ad.yieldmanager[2].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@adviva[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@allyours.virginmedia[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@apmebf[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@atdmt[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@bs.serving-sys[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@cdn5.specificclick[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@doubleclick[2].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@identity.virginmedia[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@mediaplex[2].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@revsci[2].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@selfcare.virginmedia[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@serving-sys[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@specificclick[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@tribalfusion[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@virginmedia.112.2o7[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@virginmedia[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@www.googleadservices[1].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@www.virginmedia[2].txt
C:\Documents and Settings\TEMP.LIBBY.000\Cookies\pauly@www.virginmedia[3].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\CDN2.INVITEMEDIA.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\MEDIA1.BREAK.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\EC.ATDMT.COM
C:\Documents and Settings\PAULY\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BU4TVZ8R\SPE.ATDMT.COM

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE





Here is the Malwarebytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4263

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/13/2011 18:06:42
mbam-log-2011-05-13 (18-06-42).txt

Scan type: Quick scan
Objects scanned: 160076
Time elapsed: 49 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 13 May 2011 - 01:25 PM

Looks like you have li nked to some bad video at Break and shared someyhing infected thru Bearshare..

Your MBAM is an old version, it did not update.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 16 May 2011 - 09:10 AM

Hi im so sorry for the delay in replying I could not get onto my computer at all!! It would not load at first kept crashing then when it did & I started scan it would get so far then log itself off!? :S

I updated as asked & heres the new log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6588

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/16/2011 14:52:35
mbam-log-2011-05-16 (14-52-35).txt

Scan type: Quick scan
Objects scanned: 208510
Time elapsed: 22 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\PAULY\Local Settings\Application Data\ipt.exe" -a "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\PAULY\Local Settings\Application Data\ipt.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


My computer is still running real slow after this, takes a good 10 minutes to be able to load & use the Internet page!? Thanks for your help :)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 16 May 2011 - 12:10 PM

That;s OK,, we are getting there...

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 May 2011 - 07:43 AM

Hi iv tried & tried all day & night yesterday to run the ESET Scan but for some reason it won't scan past 50% then it crashes!? Sorry about this :(

#10 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 May 2011 - 10:11 AM

Got to 95% now & after over 2 hours of scanning computer shut down!!!! :(

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 17 May 2011 - 11:30 AM

Unfortunately it is battling malware in the registry. Run this first. Have everything else off while scanning(don't run other programs.)

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
run ESET
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 May 2011 - 08:33 PM

Hi
Right, iv ran TFC twice now & it's removed files both times! & now after all that trying to scan using ESET it's finally complete at 2.30am!! No threats found though so was unable to save a file to the desktop!? I looked everywhere incase I was missing something but nothing! :/
Computer still running super slow with a mind of it's own!! :( :(
Thanks!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 17 May 2011 - 08:36 PM

Man.. lets look for a rootkit. this is pretty quick.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 7764jodie

7764jodie
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 18 May 2011 - 06:45 AM

Hi that was a quick scan!! :)
Heres the log:

2011/05/18 12:36:45.0453 4756 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/18 12:36:47.0468 4756 ================================================================================
2011/05/18 12:36:47.0468 4756 SystemInfo:
2011/05/18 12:36:47.0468 4756
2011/05/18 12:36:47.0468 4756 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/18 12:36:47.0468 4756 Product type: Workstation
2011/05/18 12:36:47.0468 4756 ComputerName: LIBBY
2011/05/18 12:36:47.0468 4756 UserName: PAULY
2011/05/18 12:36:47.0468 4756 Windows directory: C:\WINDOWS
2011/05/18 12:36:47.0468 4756 System windows directory: C:\WINDOWS
2011/05/18 12:36:47.0468 4756 Processor architecture: Intel x86
2011/05/18 12:36:47.0468 4756 Number of processors: 2
2011/05/18 12:36:47.0468 4756 Page size: 0x1000
2011/05/18 12:36:47.0468 4756 Boot type: Normal boot
2011/05/18 12:36:47.0468 4756 ================================================================================
2011/05/18 12:36:48.0921 4756 Initialize success
2011/05/18 12:36:52.0593 5324 ================================================================================
2011/05/18 12:36:52.0593 5324 Scan started
2011/05/18 12:36:52.0593 5324 Mode: Manual;
2011/05/18 12:36:52.0593 5324 ================================================================================
2011/05/18 12:36:54.0703 5324 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/18 12:36:55.0109 5324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/18 12:36:55.0671 5324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/18 12:36:55.0968 5324 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/18 12:36:56.0390 5324 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/05/18 12:36:57.0671 5324 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/18 12:36:59.0703 5324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/18 12:37:00.0000 5324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/18 12:37:00.0625 5324 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/18 12:37:01.0171 5324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/18 12:37:01.0687 5324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/18 12:37:02.0015 5324 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/05/18 12:37:02.0500 5324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/18 12:37:02.0828 5324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/18 12:37:03.0156 5324 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/18 12:37:04.0671 5324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/18 12:37:05.0562 5324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/18 12:37:06.0312 5324 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2011/05/18 12:37:06.0734 5324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/18 12:37:08.0500 5324 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
2011/05/18 12:37:08.0812 5324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/18 12:37:09.0187 5324 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/18 12:37:09.0515 5324 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/18 12:37:09.0796 5324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/18 12:37:10.0156 5324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/18 12:37:10.0687 5324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/18 12:37:10.0968 5324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/18 12:37:11.0359 5324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/18 12:37:11.0640 5324 FETND5BV (7d53d569892b46738e87f39c9aa8488a) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/05/18 12:37:11.0937 5324 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/05/18 12:37:12.0328 5324 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/18 12:37:12.0593 5324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/18 12:37:12.0921 5324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/18 12:37:13.0281 5324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/18 12:37:13.0562 5324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/18 12:37:13.0843 5324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/18 12:37:14.0156 5324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/18 12:37:14.0453 5324 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/18 12:37:15.0109 5324 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/18 12:37:15.0468 5324 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/18 12:37:15.0843 5324 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/18 12:37:16.0250 5324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/18 12:37:17.0171 5324 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/18 12:37:17.0468 5324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/18 12:37:19.0187 5324 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/18 12:37:19.0484 5324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/18 12:37:19.0765 5324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/18 12:37:20.0078 5324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/18 12:37:20.0375 5324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/18 12:37:20.0656 5324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/18 12:37:20.0921 5324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/18 12:37:21.0250 5324 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/18 12:37:21.0578 5324 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/18 12:37:21.0875 5324 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/18 12:37:22.0218 5324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/18 12:37:22.0515 5324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/18 12:37:23.0203 5324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/18 12:37:23.0484 5324 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/18 12:37:23.0765 5324 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/18 12:37:24.0125 5324 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/18 12:37:24.0390 5324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/18 12:37:24.0687 5324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/18 12:37:25.0343 5324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/18 12:37:25.0703 5324 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/18 12:37:26.0031 5324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/18 12:37:26.0343 5324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/18 12:37:26.0609 5324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/18 12:37:26.0890 5324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/18 12:37:27.0234 5324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/18 12:37:27.0500 5324 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/18 12:37:27.0828 5324 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/05/18 12:37:28.0250 5324 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/05/18 12:37:28.0718 5324 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/18 12:37:29.0000 5324 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/18 12:37:29.0328 5324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/18 12:37:29.0609 5324 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/18 12:37:29.0937 5324 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/18 12:37:30.0265 5324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/18 12:37:30.0546 5324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/18 12:37:30.0828 5324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/18 12:37:31.0140 5324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/18 12:37:31.0437 5324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/18 12:37:31.0765 5324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/18 12:37:32.0281 5324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/18 12:37:32.0734 5324 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/05/18 12:37:33.0218 5324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/18 12:37:33.0609 5324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/18 12:37:33.0937 5324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/18 12:37:34.0328 5324 P0630VID (74446252eeae950240972108bbac2fbd) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
2011/05/18 12:37:34.0781 5324 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/18 12:37:35.0156 5324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/18 12:37:35.0531 5324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/18 12:37:35.0828 5324 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/18 12:37:36.0500 5324 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/18 12:37:36.0796 5324 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/18 12:37:37.0234 5324 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/05/18 12:37:39.0734 5324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/18 12:37:39.0921 5324 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Virgin Media\Security\BitDefender\profos.sys
2011/05/18 12:37:40.0312 5324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/18 12:37:40.0609 5324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/18 12:37:40.0906 5324 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/18 12:37:44.0234 5324 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
2011/05/18 12:37:44.0968 5324 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2011/05/18 12:37:45.0265 5324 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
2011/05/18 12:37:45.0515 5324 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
2011/05/18 12:37:45.0875 5324 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
2011/05/18 12:37:46.0187 5324 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
2011/05/18 12:37:46.0406 5324 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/18 12:37:46.0734 5324 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/05/18 12:37:46.0968 5324 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/18 12:37:47.0328 5324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/18 12:37:47.0625 5324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/18 12:37:47.0921 5324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/18 12:37:48.0265 5324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/18 12:37:48.0546 5324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/18 12:37:48.0828 5324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/18 12:37:49.0171 5324 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/18 12:37:49.0453 5324 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/05/18 12:37:49.0796 5324 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/18 12:37:50.0125 5324 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/18 12:37:50.0437 5324 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/18 12:37:50.0734 5324 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/18 12:37:51.0093 5324 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
2011/05/18 12:37:51.0437 5324 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
2011/05/18 12:37:51.0562 5324 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/18 12:37:51.0593 5324 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/18 12:37:51.0906 5324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/18 12:37:52.0265 5324 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/18 12:37:52.0562 5324 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/18 12:37:52.0875 5324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/18 12:37:53.0500 5324 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/18 12:37:53.0812 5324 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/05/18 12:37:54.0250 5324 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/05/18 12:37:54.0625 5324 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/05/18 12:37:55.0312 5324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/18 12:37:55.0656 5324 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/18 12:37:56.0000 5324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/18 12:37:56.0421 5324 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/05/18 12:37:56.0750 5324 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/05/18 12:37:57.0109 5324 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/05/18 12:37:57.0812 5324 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/18 12:37:58.0187 5324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/18 12:37:58.0515 5324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/18 12:37:59.0890 5324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/18 12:38:00.0250 5324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/18 12:38:00.0578 5324 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/05/18 12:38:00.0890 5324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/18 12:38:01.0218 5324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/18 12:38:01.0500 5324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/18 12:38:01.0968 5324 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys
2011/05/18 12:38:02.0359 5324 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/18 12:38:02.0640 5324 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/05/18 12:38:02.0953 5324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/18 12:38:03.0578 5324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/18 12:38:03.0875 5324 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/18 12:38:04.0203 5324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/18 12:38:04.0546 5324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/18 12:38:04.0812 5324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/18 12:38:05.0140 5324 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/18 12:38:05.0484 5324 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/18 12:38:05.0781 5324 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/05/18 12:38:06.0156 5324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/18 12:38:06.0437 5324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/18 12:38:06.0718 5324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/18 12:38:07.0015 5324 viagfx (bcb2353661cb74a28c2e3e08ccfdff12) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/05/18 12:38:07.0343 5324 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/18 12:38:07.0671 5324 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2011/05/18 12:38:08.0031 5324 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/18 12:38:08.0359 5324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/18 12:38:08.0906 5324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/18 12:38:09.0312 5324 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/18 12:38:09.0625 5324 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/18 12:38:09.0953 5324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/18 12:38:10.0343 5324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/18 12:38:10.0546 5324 ================================================================================
2011/05/18 12:38:10.0546 5324 Scan finished
2011/05/18 12:38:10.0546 5324 ================================================================================

Thanks :)

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 AM

Posted 18 May 2011 - 03:16 PM

Please run EXE Helper
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users