Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Issues


  • Please log in to reply
22 replies to this topic

#1 Capsarc

Capsarc

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 19 June 2011 - 02:27 AM

I'm currently having problems with a Google redirect virus and nothing I've done can seem to fix it. I'm running Windows XP and firefox version 4, and I've already tried using Symantec Endpoint Protection, Malwarebites' Anti-Malware and TDSSkiller and none of them have fixed the problem. Please help.

EDIT: I'm now getting error messages when I try to search on Google, they read as follows:

About this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.

This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more

Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very quickly.
IP address: 184.95.59.199
Time: 2011-06-19T07:25:36Z
URL: http://74.125.224.176/search?q=test&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Edited by Capsarc, 19 June 2011 - 02:30 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:16 AM

Posted 24 June 2011 - 10:10 PM

Can you post the logs from Malwarebytes and TDSSKiller?

#3 Capsarc

Capsarc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 29 June 2011 - 10:39 AM

Here's the Malwarebytes log. I'm going to restart and then I'll do TDSSKiller

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6974

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/29/2011 10:34:27 AM
mbam-log-2011-06-29 (10-34-27).txt

Scan type: Full scan (C:\|F:\|G:\|)
Objects scanned: 577376
Time elapsed: 5 hour(s), 23 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\microsoft games for windows - live\Client\GFWLive.exe (Spyware.Agent) -> Quarantined and deleted successfully.


Sorry, I would have got back to you sooner but I must have forgot to set up this post for e-mail notification. I think I fixed that now.

Edited by Capsarc, 29 June 2011 - 11:51 AM.


#4 Capsarc

Capsarc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 29 June 2011 - 11:53 AM

And here are the TDSSKiller logs. At least I think this is what you wanted...

2011/06/29 11:48:14.0046 1384 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 11:48:14.0452 1384 ================================================================================
2011/06/29 11:48:14.0452 1384 SystemInfo:
2011/06/29 11:48:14.0452 1384
2011/06/29 11:48:14.0452 1384 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/29 11:48:14.0452 1384 Product type: Workstation
2011/06/29 11:48:14.0452 1384 ComputerName: HOMER
2011/06/29 11:48:14.0452 1384 UserName: Don McLeod
2011/06/29 11:48:14.0452 1384 Windows directory: C:\WINDOWS
2011/06/29 11:48:14.0452 1384 System windows directory: C:\WINDOWS
2011/06/29 11:48:14.0452 1384 Processor architecture: Intel x86
2011/06/29 11:48:14.0452 1384 Number of processors: 2
2011/06/29 11:48:14.0452 1384 Page size: 0x1000
2011/06/29 11:48:14.0452 1384 Boot type: Normal boot
2011/06/29 11:48:14.0452 1384 ================================================================================
2011/06/29 11:48:15.0437 1384 Initialize success
2011/06/29 11:48:22.0062 4536 ================================================================================
2011/06/29 11:48:22.0062 4536 Scan started
2011/06/29 11:48:22.0062 4536 Mode: Manual;
2011/06/29 11:48:22.0062 4536 ================================================================================
2011/06/29 11:48:22.0609 4536 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/29 11:48:22.0687 4536 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/29 11:48:22.0719 4536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/29 11:48:22.0766 4536 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/29 11:48:22.0812 4536 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/06/29 11:48:22.0859 4536 AegisP (accd563bf09c4659b54143fde633b57d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/29 11:48:22.0906 4536 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/06/29 11:48:22.0969 4536 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/29 11:48:23.0016 4536 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/29 11:48:23.0062 4536 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/29 11:48:23.0125 4536 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/29 11:48:23.0172 4536 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/29 11:48:23.0219 4536 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/29 11:48:23.0250 4536 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/29 11:48:23.0281 4536 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/29 11:48:23.0312 4536 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/29 11:48:23.0391 4536 AR5416 (1f96e1324ab7eb3dc7afe107bfbc8a84) C:\WINDOWS\system32\DRIVERS\ar5416.sys
2011/06/29 11:48:23.0469 4536 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/29 11:48:23.0500 4536 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/29 11:48:23.0531 4536 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/29 11:48:23.0562 4536 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/29 11:48:23.0641 4536 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/06/29 11:48:23.0687 4536 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/29 11:48:23.0734 4536 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/29 11:48:23.0828 4536 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/06/29 11:48:23.0891 4536 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/29 11:48:23.0938 4536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/29 11:48:23.0984 4536 b57w2k (8c0403aa21029804f31d869e6b0adedf) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/29 11:48:24.0016 4536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/29 11:48:24.0094 4536 Cam3820 (d97d29761f49f10f3de9e17b15aad838) C:\WINDOWS\system32\Drivers\cam3820a.sys
2011/06/29 11:48:24.0141 4536 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/29 11:48:24.0172 4536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/29 11:48:24.0203 4536 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/29 11:48:24.0266 4536 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/29 11:48:24.0313 4536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/29 11:48:24.0359 4536 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/29 11:48:24.0422 4536 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/29 11:48:24.0500 4536 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/29 11:48:24.0594 4536 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/29 11:48:24.0625 4536 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/06/29 11:48:24.0672 4536 COMMONFX.DLL (66a74c8978127576503df48170ce5a32) C:\WINDOWS\system32\COMMONFX.DLL
2011/06/29 11:48:24.0750 4536 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/29 11:48:24.0828 4536 CT20XUT.DLL (25f971a1a985e86c903dbec21a358224) C:\WINDOWS\system32\CT20XUT.DLL
2011/06/29 11:48:24.0875 4536 ctac32k (8a9c65ce4fe6e8cb24ce06ba28d951a0) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/06/29 11:48:24.0922 4536 ctaud2k (47236971dfb3e03690b98e41665d0924) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/06/29 11:48:24.0984 4536 CTAUDFX.DLL (6ee73842c19a437489c97cb09ee70ffb) C:\WINDOWS\system32\CTAUDFX.DLL
2011/06/29 11:48:25.0063 4536 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/06/29 11:48:27.0407 4536 CTEAPSFX.DLL (bda8c7f7254f279897e7103394115ee3) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/06/29 11:48:27.0641 4536 CTEXFIFX.DLL (f58a97fe5da6404c00c2d85fd91e0679) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/06/29 11:48:27.0688 4536 CTHWIUT.DLL (b03328d9e47c8381bae939e442523d0f) C:\WINDOWS\system32\CTHWIUT.DLL
2011/06/29 11:48:27.0766 4536 ctprxy2k (2381cf056c15271f6b8dab50ff82cf3a) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/06/29 11:48:27.0813 4536 CTSBLFX.DLL (33dc9eab528df0fba6e4c2be9393a791) C:\WINDOWS\system32\CTSBLFX.DLL
2011/06/29 11:48:27.0875 4536 ctsfm2k (da1c530de86c85a701138b30fb145af3) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/06/29 11:48:27.0922 4536 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/29 11:48:27.0985 4536 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/29 11:48:28.0047 4536 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/29 11:48:28.0110 4536 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/29 11:48:28.0141 4536 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/29 11:48:28.0203 4536 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/29 11:48:28.0250 4536 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/29 11:48:28.0282 4536 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/29 11:48:28.0297 4536 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/29 11:48:28.0344 4536 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/29 11:48:28.0391 4536 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/29 11:48:28.0407 4536 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/29 11:48:28.0500 4536 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/29 11:48:28.0610 4536 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/06/29 11:48:28.0672 4536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/29 11:48:28.0750 4536 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/29 11:48:28.0797 4536 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/29 11:48:28.0860 4536 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/29 11:48:28.0907 4536 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/29 11:48:28.0954 4536 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/29 11:48:28.0985 4536 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/29 11:48:29.0079 4536 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/29 11:48:29.0172 4536 emupia (661cf27263f3e0b553be050a42d357db) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/06/29 11:48:29.0266 4536 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/29 11:48:29.0375 4536 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/29 11:48:29.0454 4536 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/29 11:48:29.0547 4536 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/06/29 11:48:29.0579 4536 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/29 11:48:29.0625 4536 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/29 11:48:29.0688 4536 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/29 11:48:29.0750 4536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/29 11:48:29.0782 4536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/29 11:48:29.0844 4536 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/29 11:48:29.0922 4536 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/29 11:48:30.0001 4536 ha20x2k (862d4185d43128fef7818711f8f30436) C:\WINDOWS\system32\drivers\ha20x2k.sys
2011/06/29 11:48:30.0063 4536 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/29 11:48:30.0110 4536 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/29 11:48:30.0188 4536 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/29 11:48:30.0251 4536 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/29 11:48:30.0297 4536 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/29 11:48:30.0360 4536 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/29 11:48:30.0407 4536 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/29 11:48:30.0454 4536 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/29 11:48:30.0532 4536 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/29 11:48:30.0579 4536 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/29 11:48:30.0641 4536 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/29 11:48:30.0719 4536 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/29 11:48:30.0766 4536 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/29 11:48:30.0813 4536 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/29 11:48:30.0876 4536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/29 11:48:30.0938 4536 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/29 11:48:30.0985 4536 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/29 11:48:31.0047 4536 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/29 11:48:31.0110 4536 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/29 11:48:31.0157 4536 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/29 11:48:31.0219 4536 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/29 11:48:31.0282 4536 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/29 11:48:31.0329 4536 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/29 11:48:31.0391 4536 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/29 11:48:31.0485 4536 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/06/29 11:48:31.0548 4536 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/06/29 11:48:31.0626 4536 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/06/29 11:48:31.0688 4536 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/06/29 11:48:31.0876 4536 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/06/29 11:48:31.0985 4536 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/29 11:48:32.0048 4536 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/06/29 11:48:32.0110 4536 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/29 11:48:32.0173 4536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/29 11:48:32.0235 4536 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/29 11:48:32.0282 4536 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/29 11:48:32.0344 4536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/29 11:48:32.0407 4536 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/29 11:48:32.0454 4536 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/29 11:48:32.0516 4536 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/29 11:48:32.0563 4536 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/29 11:48:32.0626 4536 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/29 11:48:32.0688 4536 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/29 11:48:32.0719 4536 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/29 11:48:32.0751 4536 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/29 11:48:32.0782 4536 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/29 11:48:32.0829 4536 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/29 11:48:32.0876 4536 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/29 11:48:32.0954 4536 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/06/29 11:48:33.0001 4536 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/29 11:48:33.0141 4536 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110628.020\NAVENG.SYS
2011/06/29 11:48:33.0282 4536 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110628.020\NAVEX15.SYS
2011/06/29 11:48:33.0376 4536 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/29 11:48:33.0438 4536 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/29 11:48:33.0485 4536 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/29 11:48:33.0532 4536 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/29 11:48:33.0595 4536 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/29 11:48:33.0626 4536 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/29 11:48:33.0688 4536 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/29 11:48:33.0813 4536 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/29 11:48:33.0891 4536 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/29 11:48:33.0954 4536 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/06/29 11:48:34.0063 4536 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/06/29 11:48:34.0626 4536 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/29 11:48:34.0782 4536 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/29 11:48:34.0892 4536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/29 11:48:35.0173 4536 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/29 11:48:35.0517 4536 nvatabus (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/06/29 11:48:35.0579 4536 nvoclock (96c5900331bd17344f338d006888bae5) C:\WINDOWS\system32\DRIVERS\nvoclock.sys
2011/06/29 11:48:35.0642 4536 nvraid (4bc863e8fb65ebcfdde04822cf875e76) C:\WINDOWS\system32\drivers\nvraid.sys
2011/06/29 11:48:35.0704 4536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/29 11:48:35.0782 4536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/29 11:48:35.0829 4536 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/29 11:48:35.0892 4536 ossrv (99f877a7bb6feb5af1184eafe937c208) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/06/29 11:48:35.0954 4536 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/29 11:48:36.0017 4536 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/29 11:48:36.0064 4536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/29 11:48:36.0110 4536 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/29 11:48:36.0173 4536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/29 11:48:36.0251 4536 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/29 11:48:36.0423 4536 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/29 11:48:36.0470 4536 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/29 11:48:36.0532 4536 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/29 11:48:36.0595 4536 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/29 11:48:36.0642 4536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/29 11:48:36.0689 4536 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/29 11:48:36.0751 4536 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/29 11:48:36.0782 4536 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/29 11:48:36.0845 4536 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/29 11:48:36.0923 4536 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/29 11:48:36.0954 4536 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/29 11:48:37.0001 4536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/29 11:48:37.0048 4536 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/29 11:48:37.0079 4536 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/29 11:48:37.0126 4536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/29 11:48:37.0157 4536 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/29 11:48:37.0189 4536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/29 11:48:37.0235 4536 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/29 11:48:37.0298 4536 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/29 11:48:37.0376 4536 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/29 11:48:37.0486 4536 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/29 11:48:37.0548 4536 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/29 11:48:37.0579 4536 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/29 11:48:37.0673 4536 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/29 11:48:37.0736 4536 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/29 11:48:37.0782 4536 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/29 11:48:37.0845 4536 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/29 11:48:37.0954 4536 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/29 11:48:38.0048 4536 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/29 11:48:38.0111 4536 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/29 11:48:38.0189 4536 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/29 11:48:38.0267 4536 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/06/29 11:48:38.0345 4536 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/06/29 11:48:38.0407 4536 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/06/29 11:48:38.0470 4536 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/29 11:48:38.0564 4536 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/29 11:48:38.0595 4536 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/29 11:48:38.0642 4536 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/29 11:48:38.0704 4536 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/29 11:48:38.0751 4536 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/29 11:48:38.0814 4536 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/06/29 11:48:38.0876 4536 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/06/29 11:48:38.0908 4536 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/06/29 11:48:38.0923 4536 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/29 11:48:38.0970 4536 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/29 11:48:39.0033 4536 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/29 11:48:39.0095 4536 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/29 11:48:39.0158 4536 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/29 11:48:39.0189 4536 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/29 11:48:39.0251 4536 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/29 11:48:39.0408 4536 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/29 11:48:39.0486 4536 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/29 11:48:39.0533 4536 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/29 11:48:39.0595 4536 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/29 11:48:39.0689 4536 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/29 11:48:39.0767 4536 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/29 11:48:40.0095 4536 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/29 11:48:40.0423 4536 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/29 11:48:40.0751 4536 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/29 11:48:41.0173 4536 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/29 11:48:41.0642 4536 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/29 11:48:42.0064 4536 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/29 11:48:42.0517 4536 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/29 11:48:42.0752 4536 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/29 11:48:42.0830 4536 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/29 11:48:42.0877 4536 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/29 11:48:42.0939 4536 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/29 11:48:43.0002 4536 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/29 11:48:43.0064 4536 vvftav211 (af0850cfd99e9e5e142537cd601bcb72) C:\WINDOWS\system32\drivers\vvftav211.sys
2011/06/29 11:48:43.0142 4536 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/29 11:48:43.0236 4536 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/29 11:48:43.0330 4536 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/06/29 11:48:43.0392 4536 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/29 11:48:43.0470 4536 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/06/29 11:48:43.0517 4536 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/29 11:48:43.0580 4536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/29 11:48:43.0642 4536 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/29 11:48:43.0767 4536 ZSMC30x (6929d439ca9767ab6cb9e6b7bf1c2d52) C:\WINDOWS\system32\Drivers\ZS211.sys
2011/06/29 11:48:43.0861 4536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/29 11:48:43.0939 4536 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/06/29 11:48:44.0033 4536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR6
2011/06/29 11:48:44.0049 4536 Boot (0x1200) (8696259d50c26a821a028f8befb50a48) \Device\Harddisk0\DR0\Partition0
2011/06/29 11:48:44.0049 4536 Boot (0x1200) (e3ae3c5282a096e915d6a50c5e0cdda7) \Device\Harddisk1\DR1\Partition0
2011/06/29 11:48:44.0064 4536 Boot (0x1200) (c962ff5f2c7beac874c5633fdbce50f3) \Device\Harddisk2\DR6\Partition0
2011/06/29 11:48:44.0080 4536 ================================================================================
2011/06/29 11:48:44.0080 4536 Scan finished
2011/06/29 11:48:44.0080 4536 ================================================================================
2011/06/29 11:48:44.0080 4612 Detected object count: 0
2011/06/29 11:48:44.0080 4612 Actual detected object count: 0



#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:16 AM

Posted 29 June 2011 - 02:19 PM

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#6 Capsarc

Capsarc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 03 July 2011 - 04:45 PM

I tried GMER and left it running overnight, but when I went to check it in the morning I couldn't get my computer out of sleep mode and had to reset without saving the log or even seeing if it had finished the scan. Is there a way of getting the log back? If not, how can I make sure this doesn't happen again?

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:16 AM

Posted 03 July 2011 - 06:28 PM

Turn sleep mode off, and let it scan.

#8 Capsarc

Capsarc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 08 July 2011 - 10:17 PM

I can't get GMER to work at all, not even in Safe Mode. It's just always crashing and I can't get it to finish the process. I thought I got a log from it but it was just a blank file. Is there any other kind of software that I can use?

Super AntiSpyware quick scan

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2011 at 07:06 AM

Application Version : 4.55.1000

Core Rules Database Version : 7362
Trace Rules Database Version: 5174

Scan type : Quick Scan
Total Scan Time : 02:16:20

Memory items scanned : 289
Memory threats detected : 0
Registry items scanned : 1927
Registry threats detected : 1
File items scanned : 171932
File threats detected : 158

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@forums.sexyandfunny[2].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@partner2profit[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@pointroll[2].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@alladultchannel[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@ads.imarketservices[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@adxpose[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@lucidmedia[2].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@www.alladultchannel[2].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@1071812883[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@servedby.da-traffic[2].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@ad.103092804[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@optimize.indieclick[2].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@clickthrough.kanoodle[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@1067766890[1].txt
C:\Documents and Settings\Don McLeod\Cookies\don mcleod@ads.planetactive[1].txt
105-bmp.googleadservices.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
2009.9buckgaysex.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
2mdn.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
79.memecounter.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
adbureau.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
atdmt.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
banners.securedataimages.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
bc.youporn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
c2.zedo.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn-small.content.adultcentro.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn-widgets.cracked.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn-www.pornhub.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn.eyewonder.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn.insights.gravity.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn1.eyewonder.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn1.static.pornhub.phncdn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn2.specificmedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn2.themis-media.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cdn4.specificclick.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cds017.ch2.cdn.themis-media.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
cloudfront.mediamatters.org [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
content.oddcast.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
convoad.technoratimedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
core.insightexpressai.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
crackle.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
ds.serving-sys.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
ec.atdmt.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
eurosexfeed.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
files.adbrite.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
files.youporn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
galleries.nakednewsanchors.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
i.adultswim.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
ia.media-imdb.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
ictv-bd-ec.indieclicktv.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
ictv-cdn-hw.indieclicktv.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
ictv-tf-ec.indieclicktv.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
images.indieclick.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
indieclick.3janecdn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
input.insights.gravity.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
interclick.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
m1.2mdn.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
m1.emea.2mdn.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
m3.2mdn.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
macromedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media-att.pictela.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media-macys.pictela.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media-macys1.pictela.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media-macys2.pictela.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.entertonement.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.g4tv.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.gamespy.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.heavy.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.ign.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.jambocast.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.kens5.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.khou.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.king5.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.monster.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.mtvnservices.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.nbcnewyork.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.podaddies.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.resulthost.org [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.scanscout.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.socialvibe.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.tattomedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.theonion.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media.wfaa.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media01.kyte.tv [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media1.break.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media1.gameinformer.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media1.shufuni.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media10.washingtonpost.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
media2.firstshowing.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
mediacloud.whirled.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
mediaforgews.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
mediaplex.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
memecounter.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
myfreepaysite.privatemediacontent.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
myfreepaysite.teenslovebigcock.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
naiadsystems.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
objects.tremormedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
oddcast.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
pennyweb.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
perfect-banner.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
pornotube.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
s0.2mdn.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
secure-it.imrworldwide.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
service.twistage.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
sexgamesforyou.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
spe.atdmt.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
static.2mdn.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
static.discoverymedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
static.themis-media.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
static.youporn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
tonictracker.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
track.trackads.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
trackads.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
tribalfusion.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
udn.specificclick.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
video.redorbit.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
videomedia.ign.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
videos.allelitepass.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
vidii.hardsextube.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
vitamine.networldmedia.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
widgets.buddymedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
widgets.cracked.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
widgets.demandmedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www-edge.pornwall.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.5levelmedia.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.99counters.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.adultdvdfeeds.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.adultswim.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.crackle.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.eadultgames.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.elitetvonline.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.bleephardcore.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.ilovetocooknaked.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.japaneseporntube.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.megaporn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.naiadsystems.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.nakedkombat.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.nakedsword.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.pornhub.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.sexfight-corner.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
www.sexyandfunny.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
yieldmanager.edgesuite.net [ C:\Documents and Settings\Don McLeod\Application Data\Macromedia\Flash Player\#SharedObjects\GCADXJU7 ]
.doubleclick.net [ C:\Documents and Settings\Don McLeod\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\Don McLeod\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Don McLeod\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Don McLeod\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Don McLeod\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Don McLeod\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.stopzilla.com [ C:\Documents and Settings\Don McLeod\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
C:\Documents and Settings\Don McLeod\Local Settings\Temp\Cookies\don mcleod@sonyonlineentertainment.112.2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[1].txt

Trojan.Agent/Gen-Koobface[Bonkers]
F:\DON'S STUFF\BLUR_PATCH\BM.EXE


Super AntiSpyware full scan

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2011 at 04:26 PM

Application Version : 4.55.1000

Core Rules Database Version : 7362
Trace Rules Database Version: 5174

Scan type : Complete Scan
Total Scan Time : 04:59:19

Memory items scanned : 287
Memory threats detected : 0
Registry items scanned : 9652
Registry threats detected : 1
File items scanned : 424101
File threats detected : 1

System.BrokenFileAssociation
HKCR\.exe

Trojan.Agent/Gen-Bancos
C:\PROGRAM FILES\CORECODEC\THE CORE MEDIA PLAYER\PLUGINS\COREMEDIAPROP.CDL



#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:16 AM

Posted 09 July 2011 - 07:40 AM

When GMER crashes the computer does it cause a Blue Screen of Death?

#10 Capsarc

Capsarc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 09 July 2011 - 10:55 AM

When GMER crashes the computer does it cause a Blue Screen of Death?


Not in Safe Mode, no, but it's been different affects each time. The first time the GMER window was just blank white inside and the computer froze up while I was trying to move it, and the second time I couldn't tell if the program was working or not, and I managed to save a log, but my mouse became unresponsive.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:16 AM

Posted 09 July 2011 - 10:59 AM

So no blue screens of death?

#12 Capsarc

Capsarc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 09 July 2011 - 06:21 PM

No, no BSOD

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:16 AM

Posted 09 July 2011 - 06:36 PM

Lets try this: Temp File Cleaner and see if the issue is in relation to a bad temp file.

#14 Capsarc

Capsarc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 16 July 2011 - 04:06 PM

I tried that temp file thing, and GMER worked to completion, at least as far as I can tell, but I wasn't able to get a log from it, just a blank file.

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:16 AM

Posted 20 July 2011 - 11:32 AM

Are you still experiencing the same issue, I would try a complete removal of firefox and try installing it again the scan show up clean.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users