Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

some thing wrong with the computer?


  • Please log in to reply
7 replies to this topic

#1 Rockadder

Rockadder

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 03 January 2012 - 09:42 PM

i just had a virus and want to know if i am still infected, my other computer had a bootkit, after being infected with the same virus. here is the info
MiniToolBox by Farbar
Ran by TIM (administrator) on 03-01-2012 at 21:09:49
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 59.106.183.209:8081

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


46.4.179.109 google.com
46.4.179.109 yahoo.com
46.4.179.109 bing.com
46.4.179.109 facebook.com
46.4.179.109 yahoo.com
46.4.179.109 bing.com
46.4.179.109 facebook.com
127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : tim-1be25ba6905

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-12-3F-87-95-87

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, January 03, 2012 3:47:53 PM

Lease Expires . . . . . . . . . . : Wednesday, January 04, 2012 3:47:53 PM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.147, 74.125.115.106, 74.125.115.103, 74.125.115.104
74.125.115.99, 74.125.115.105



Pinging google.com [46.4.179.109] with 32 bytes of data:



Reply from 46.4.179.109: bytes=32 time=109ms TTL=252

Reply from 46.4.179.109: bytes=32 time=101ms TTL=252



Ping statistics for 46.4.179.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 101ms, Maximum = 109ms, Average = 105ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [46.4.179.109] with 32 bytes of data:



Reply from 46.4.179.109: bytes=32 time=108ms TTL=252

Reply from 46.4.179.109: bytes=32 time=110ms TTL=252



Ping statistics for 46.4.179.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 108ms, Maximum = 110ms, Average = 109ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 87 95 87 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2011 06:39:26 PM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb958483, P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (12/27/2011 06:39:24 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 3.0 Service Pack 2KB9584831603C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20111227_233727937-Msi0.txt(NULL)

Error: (12/27/2011 06:39:03 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 1935. An error occurred during the installation of assembly 'PresentationFramework,publicKeyToken="31bf3856ad364e35",culture="neutral",fileVersion="3.0.6920.1500",processorArchitecture="MSIL",version="3.0.0.0"'. Please refer to Help and Support for more information. HRESULT: 0x80070020. assembly interface: IAssemblyCacheItem, function: Commit, component: {5B78B07D-2382-444D-A58F-4FC87A84EFC5}(NULL)(NULL)(NULL)(NULL)

Error: (12/27/2011 05:13:40 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 2278, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (12/27/2011 11:12:19 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/27/2011 09:59:09 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:44:31 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:32:38 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:19:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:05:50 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


System errors:
=============
Error: (01/03/2012 03:49:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (01/03/2012 02:43:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (01/02/2012 09:05:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (01/02/2012 03:12:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (01/01/2012 01:23:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (12/31/2011 00:13:14 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (12/30/2011 04:36:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (12/29/2011 10:10:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (12/29/2011 00:05:40 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (12/28/2011 00:36:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd


Microsoft Office Sessions:
=========================
Error: (12/27/2011 06:39:26 PM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 3.0-kb95848310331603msif9.0.31211.0installx86xp1935

Error: (12/27/2011 06:39:24 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 3.0 Service Pack 2KB9584831603C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB958483_20111227_233727937-Msi0.txt(NULL)

Error: (12/27/2011 06:39:03 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 1935. An error occurred during the installation of assembly 'PresentationFramework,publicKeyToken="31bf3856ad364e35",culture="neutral",fileVersion="3.0.6920.1500",processorArchitecture="MSIL",version="3.0.0.0"'. Please refer to Help and Support for more information. HRESULT: 0x80070020. assembly interface: IAssemblyCacheItem, function: Commit, component: {5B78B07D-2382-444D-A58F-4FC87A84EFC5}(NULL)(NULL)(NULL)(NULL)

Error: (12/27/2011 05:13:40 PM) (Source: LoadPerf)(User: )
Description: 2278

Error: (12/27/2011 11:12:19 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/27/2011 09:59:09 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:44:31 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:32:38 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:19:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (12/27/2011 09:05:50 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


=========================== Installed Programs ============================

Leawo MP4 Converter version 4.0.0.0
µTorrent (Version: 2.0.4)
32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.4.7 (Version: 9.4.7)
avast! Free Antivirus (Version: 6.0.1289.0)
BufferChm (Version: 130.0.331.000)
CASHFLOW® 202 THE E-GAME
CASHFLOW® THE E-GAME
CM DiskCleaner
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DivX Setup (Version: 2.4.0.6)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Fallout
Fax (Version: 130.0.418.000)
FileASSASSIN (Version: 1.06)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
MarketResearch (Version: 130.0.374.000)
Master of Orion II
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ Run Time Lib Setup (Version: 1.0.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 130.0.374.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
RAR File Open Knife - Free Opener (Version: 2.10)
Rome Total War - patch 1.3 (Version: 1.3)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.373.000)
Solid MP4 to iPod Video Converter 1.3.1
SolutionCenter (Version: 130.0.373.000)
Star Wars Galactic Battlegrounds: Saga
Status (Version: 130.0.373.000)
System Requirements Lab for Intel (Version: 4.4.24.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 2)
Yahoo! Toolbar
Yontoo Layers Client 1.10.01 (Version: 1.10.01)

========================= Devices: ================================

Name: TSSTcorp CDRW/DVD TSL462C
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".


========================= Memory info: ===================================

Percentage of memory in use: 92%

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TIM :: TIM-1BE25BA6905 [administrator]

1/3/2012 9:21:26 PM
mbam-log-2012-01-03 (21-21-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179492
Time elapsed: 19 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LtttzPPNycAiv28234A (Trojan.FakeAlert.CLGen) -> Data: C:\WINDOWS\system32\AV Protection 2011v121.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\documents and settings\tim\local settings\temp\oiu0.08676861769444977.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\tim\local settings\application data\erb.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\tim\local settings\application data\pvl.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\TIM\Application Data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 AM

Posted 06 January 2012 - 10:22 PM

Hello, Ifeel we shoul run a few more than clean up some apps that are not safe.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Rockadder

Rockadder
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 07 January 2012 - 09:44 PM

21:13:44.0781 2064 .redbook - ok
21:13:45.0000 2064 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:13:45.0015 2064 Aavmker4 - ok
21:13:45.0046 2064 Abiosdsk - ok
21:13:45.0062 2064 abp480n5 - ok
21:13:45.0171 2064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:13:45.0171 2064 ACPI - ok
21:13:45.0296 2064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:13:45.0312 2064 ACPIEC - ok
21:13:45.0484 2064 adpu160m - ok
21:13:45.0625 2064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:13:45.0625 2064 aec - ok
21:13:45.0687 2064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:13:45.0703 2064 AFD - ok
21:13:45.0718 2064 Aha154x - ok
21:13:45.0734 2064 aic78u2 - ok
21:13:45.0859 2064 aic78xx - ok
21:13:45.0875 2064 AliIde - ok
21:13:45.0890 2064 amsint - ok
21:13:45.0906 2064 asc - ok
21:13:45.0921 2064 asc3350p - ok
21:13:45.0937 2064 asc3550 - ok
21:13:46.0062 2064 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:13:46.0078 2064 aswFsBlk - ok
21:13:46.0250 2064 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
21:13:46.0281 2064 aswMon2 - ok
21:13:46.0343 2064 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
21:13:46.0343 2064 aswRdr - ok
21:13:46.0484 2064 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
21:13:46.0703 2064 aswSnx - ok
21:13:46.0890 2064 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
21:13:46.0921 2064 aswSP - ok
21:13:46.0984 2064 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
21:13:47.0000 2064 aswTdi - ok
21:13:47.0093 2064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:13:47.0343 2064 AsyncMac - ok
21:13:47.0625 2064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:13:47.0625 2064 atapi - ok
21:13:47.0703 2064 Atdisk - ok
21:13:47.0843 2064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:13:47.0859 2064 Atmarpc - ok
21:13:48.0140 2064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:13:48.0140 2064 audstub - ok
21:13:48.0296 2064 b57w2k (8143be3d94866258f0b93373830cef01) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:13:48.0312 2064 b57w2k - ok
21:13:48.0406 2064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:13:48.0421 2064 Beep - ok
21:13:48.0656 2064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:13:48.0750 2064 cbidf2k - ok
21:13:49.0015 2064 cd20xrnt - ok
21:13:49.0156 2064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:13:49.0171 2064 Cdaudio - ok
21:13:49.0546 2064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:13:49.0562 2064 Cdfs - ok
21:13:49.0812 2064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:13:49.0828 2064 Cdrom - ok
21:13:50.0031 2064 cerc6 - ok
21:13:50.0109 2064 Changer - ok
21:13:50.0156 2064 CmdIde - ok
21:13:50.0187 2064 Cpqarray - ok
21:13:50.0343 2064 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
21:13:50.0359 2064 cpudrv - ok
21:13:50.0593 2064 dac2w2k - ok
21:13:50.0734 2064 dac960nt - ok
21:13:50.0875 2064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:13:50.0890 2064 Disk - ok
21:13:51.0187 2064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:13:51.0265 2064 dmboot - ok
21:13:51.0359 2064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:13:51.0390 2064 dmio - ok
21:13:51.0453 2064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:13:51.0671 2064 dmload - ok
21:13:51.0750 2064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:13:51.0812 2064 DMusic - ok
21:13:51.0875 2064 dpti2o - ok
21:13:51.0937 2064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:13:51.0953 2064 drmkaud - ok
21:13:52.0109 2064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:13:52.0109 2064 Fastfat - ok
21:13:52.0203 2064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:13:52.0218 2064 Fdc - ok
21:13:52.0250 2064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:13:52.0265 2064 Fips - ok
21:13:52.0296 2064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:13:52.0312 2064 Flpydisk - ok
21:13:52.0421 2064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:13:52.0593 2064 FltMgr - ok
21:13:52.0703 2064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:13:52.0734 2064 Fs_Rec - ok
21:13:53.0093 2064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:13:53.0187 2064 Ftdisk - ok
21:13:53.0812 2064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:13:53.0859 2064 Gpc - ok
21:13:54.0328 2064 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:13:54.0328 2064 hidusb - ok
21:13:54.0359 2064 hpn - ok
21:13:54.0453 2064 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:13:54.0468 2064 HPZid412 - ok
21:13:54.0546 2064 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:13:54.0546 2064 HPZipr12 - ok
21:13:54.0562 2064 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:13:54.0593 2064 HPZius12 - ok
21:13:54.0687 2064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:13:54.0750 2064 HTTP - ok
21:13:54.0796 2064 i2omgmt - ok
21:13:54.0843 2064 i2omp - ok
21:13:54.0890 2064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:13:54.0890 2064 i8042prt - ok
21:13:56.0218 2064 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:13:57.0250 2064 ialm - ok
21:13:57.0453 2064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:13:57.0484 2064 Imapi - ok
21:13:57.0531 2064 ini910u - ok
21:13:57.0578 2064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:13:57.0703 2064 IntelIde - ok
21:13:57.0781 2064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:13:57.0781 2064 intelppm - ok
21:13:57.0828 2064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:13:57.0828 2064 Ip6Fw - ok
21:13:57.0875 2064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:13:57.0875 2064 IpFilterDriver - ok
21:13:57.0890 2064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:13:57.0890 2064 IpInIp - ok
21:13:57.0937 2064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:13:57.0953 2064 IpNat - ok
21:13:58.0015 2064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:13:58.0062 2064 IPSec - ok
21:13:58.0140 2064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:13:58.0156 2064 IRENUM - ok
21:13:58.0312 2064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:13:58.0328 2064 isapnp - ok
21:13:58.0406 2064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:13:58.0421 2064 Kbdclass - ok
21:13:58.0484 2064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:13:58.0500 2064 kmixer - ok
21:13:58.0671 2064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:13:58.0671 2064 KSecDD - ok
21:13:58.0703 2064 lbrtfdc - ok
21:13:58.0765 2064 mcdbus - ok
21:13:58.0859 2064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:13:58.0875 2064 mnmdd - ok
21:13:58.0953 2064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:13:58.0968 2064 Modem - ok
21:13:59.0046 2064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:13:59.0046 2064 Mouclass - ok
21:13:59.0078 2064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:13:59.0078 2064 mouhid - ok
21:13:59.0109 2064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:13:59.0109 2064 MountMgr - ok
21:13:59.0156 2064 mraid35x - ok
21:13:59.0187 2064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:13:59.0187 2064 MRxDAV - ok
21:13:59.0250 2064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:13:59.0265 2064 MRxSmb - ok
21:13:59.0296 2064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:13:59.0296 2064 Msfs - ok
21:13:59.0343 2064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:13:59.0343 2064 MSKSSRV - ok
21:13:59.0390 2064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:13:59.0390 2064 MSPCLOCK - ok
21:13:59.0406 2064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:13:59.0406 2064 MSPQM - ok
21:13:59.0453 2064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:13:59.0453 2064 mssmbios - ok
21:13:59.0500 2064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:13:59.0515 2064 Mup - ok
21:13:59.0578 2064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:13:59.0625 2064 NDIS - ok
21:13:59.0875 2064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:13:59.0937 2064 NdisTapi - ok
21:14:00.0015 2064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:14:00.0046 2064 Ndisuio - ok
21:14:00.0125 2064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:14:00.0203 2064 NdisWan - ok
21:14:00.0375 2064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:14:00.0406 2064 NDProxy - ok
21:14:00.0484 2064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:14:00.0625 2064 NetBIOS - ok
21:14:00.0687 2064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:14:00.0734 2064 NetBT - ok
21:14:00.0781 2064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:14:00.0796 2064 Npfs - ok
21:14:00.0953 2064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:14:01.0031 2064 Ntfs - ok
21:14:01.0078 2064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:14:01.0078 2064 Null - ok
21:14:01.0125 2064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:14:01.0125 2064 NwlnkFlt - ok
21:14:01.0140 2064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:14:01.0140 2064 NwlnkFwd - ok
21:14:01.0171 2064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:14:01.0187 2064 Parport - ok
21:14:01.0203 2064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:14:01.0203 2064 PartMgr - ok
21:14:01.0234 2064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:14:01.0234 2064 ParVdm - ok
21:14:01.0281 2064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:14:01.0281 2064 PCI - ok
21:14:01.0296 2064 PCIDump - ok
21:14:01.0328 2064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:14:01.0343 2064 PCIIde - ok
21:14:01.0406 2064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:14:01.0421 2064 Pcmcia - ok
21:14:01.0437 2064 PDCOMP - ok
21:14:01.0437 2064 PDFRAME - ok
21:14:01.0453 2064 PDRELI - ok
21:14:01.0468 2064 PDRFRAME - ok
21:14:01.0468 2064 perc2 - ok
21:14:01.0484 2064 perc2hib - ok
21:14:01.0546 2064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:14:01.0546 2064 PptpMiniport - ok
21:14:01.0562 2064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:14:01.0562 2064 PSched - ok
21:14:01.0609 2064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:14:01.0609 2064 Ptilink - ok
21:14:01.0656 2064 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:14:01.0656 2064 PxHelp20 - ok
21:14:01.0671 2064 ql1080 - ok
21:14:01.0687 2064 Ql10wnt - ok
21:14:01.0687 2064 ql12160 - ok
21:14:01.0703 2064 ql1240 - ok
21:14:01.0718 2064 ql1280 - ok
21:14:01.0734 2064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:14:01.0734 2064 RasAcd - ok
21:14:01.0765 2064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:14:01.0781 2064 Rasl2tp - ok
21:14:01.0781 2064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:14:01.0796 2064 RasPppoe - ok
21:14:01.0796 2064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:14:01.0812 2064 Raspti - ok
21:14:01.0843 2064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:14:01.0843 2064 Rdbss - ok
21:14:01.0859 2064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:14:01.0859 2064 RDPCDD - ok
21:14:01.0906 2064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:14:01.0921 2064 rdpdr - ok
21:14:01.0968 2064 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:14:01.0984 2064 RDPWD - ok
21:14:02.0031 2064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:14:02.0031 2064 redbook - ok
21:14:02.0078 2064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:14:02.0093 2064 Secdrv - ok
21:14:02.0156 2064 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:14:02.0187 2064 senfilt - ok
21:14:02.0234 2064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:14:02.0234 2064 serenum - ok
21:14:02.0250 2064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:14:02.0250 2064 Serial - ok
21:14:02.0265 2064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:14:02.0265 2064 Sfloppy - ok
21:14:02.0281 2064 Simbad - ok
21:14:02.0343 2064 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:14:02.0359 2064 smwdm - ok
21:14:02.0359 2064 Sparrow - ok
21:14:02.0375 2064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:14:02.0390 2064 splitter - ok
21:14:02.0406 2064 sptd - ok
21:14:02.0453 2064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:14:02.0453 2064 sr - ok
21:14:02.0484 2064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:14:02.0484 2064 Srv - ok
21:14:02.0515 2064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:14:02.0515 2064 swenum - ok
21:14:02.0546 2064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:14:02.0546 2064 swmidi - ok
21:14:02.0562 2064 symc810 - ok
21:14:02.0578 2064 symc8xx - ok
21:14:02.0593 2064 sym_hi - ok
21:14:02.0593 2064 sym_u3 - ok
21:14:02.0625 2064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:14:02.0625 2064 sysaudio - ok
21:14:02.0734 2064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:14:02.0734 2064 Tcpip - ok
21:14:02.0781 2064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:14:02.0781 2064 TDPIPE - ok
21:14:02.0796 2064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:14:02.0796 2064 TDTCP - ok
21:14:02.0843 2064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:14:02.0843 2064 TermDD - ok
21:14:02.0859 2064 TosIde - ok
21:14:02.0906 2064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:14:02.0906 2064 Udfs - ok
21:14:02.0921 2064 ultra - ok
21:14:02.0968 2064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:14:02.0968 2064 Update - ok
21:14:03.0046 2064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:14:03.0046 2064 usbccgp - ok
21:14:03.0062 2064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:14:03.0062 2064 usbehci - ok
21:14:03.0109 2064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:14:03.0109 2064 usbhub - ok
21:14:03.0140 2064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:14:03.0140 2064 usbprint - ok
21:14:03.0171 2064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:14:03.0203 2064 usbscan - ok
21:14:03.0234 2064 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:14:03.0234 2064 usbstor - ok
21:14:03.0265 2064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:14:03.0265 2064 usbuhci - ok
21:14:03.0312 2064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:14:03.0312 2064 VgaSave - ok
21:14:03.0328 2064 ViaIde - ok
21:14:03.0343 2064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:14:03.0343 2064 VolSnap - ok
21:14:03.0359 2064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:14:03.0359 2064 Wanarp - ok
21:14:03.0375 2064 WDICA - ok
21:14:03.0421 2064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:14:03.0421 2064 wdmaud - ok
21:14:03.0500 2064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:14:03.0656 2064 \Device\Harddisk0\DR0 - ok
21:14:03.0656 2064 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
21:14:03.0703 2064 \Device\Harddisk1\DR3 - ok
21:14:03.0703 2064 Boot (0x1200) (681bf8c214a2ad1e827ad274c049fc6c) \Device\Harddisk0\DR0\Partition0
21:14:03.0718 2064 \Device\Harddisk0\DR0\Partition0 - ok
21:14:03.0718 2064 Boot (0x1200) (d63f55aab23be40857f3fdb3b7dd46d8) \Device\Harddisk1\DR3\Partition0
21:14:03.0718 2064 \Device\Harddisk1\DR3\Partition0 - ok
21:14:03.0718 2064 ============================================================
21:14:03.0718 2064 Scan finished
21:14:03.0718 2064 ============================================================
21:14:03.0734 2068 Detected object count: 0
21:14:03.0734 2068 Actual detected object count: 0
21:14:14.0484 1020 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 AM

Posted 07 January 2012 - 11:27 PM

How about the SAS and MBAM? So we can remove the other items.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Rockadder

Rockadder
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 07 January 2012 - 11:31 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TIM :: TIM-1BE25BA6905 [administrator]

1/7/2012 10:27:25 PM
mbam-log-2012-01-07 (22-27-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217638
Time elapsed: 1 hour(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/07/2012 at 10:17 PM

Application Version : 5.0.1142

Core Rules Database Version : 8112
Trace Rules Database Version: 5924

Scan type : Complete Scan
Total Scan Time : 00:33:20

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 273
Memory threats detected : 0
Registry items scanned : 36994
Registry threats detected : 0
File items scanned : 27967
File threats detected : 192

Adware.Tracking Cookie
C:\Documents and Settings\TIM\Cookies\GD2HN3JQ.txt [ /casalemedia.com ]
C:\Documents and Settings\TIM\Cookies\GQXNCELD.txt [ /accounts.google.com ]
C:\Documents and Settings\TIM\Cookies\0VILOVYV.txt [ /insightexpressai.com ]
C:\Documents and Settings\TIM\Cookies\PU8LPU8Q.txt [ /averscanner.com ]
C:\Documents and Settings\TIM\Cookies\4YD5DYKI.txt [ /ghmedia.com ]
C:\Documents and Settings\TIM\Cookies\XPA9S0AV.txt [ /azjmp.com ]
C:\Documents and Settings\TIM\Cookies\THB713GX.txt [ /imrworldwide.com ]
C:\Documents and Settings\TIM\Cookies\YLL0LCV3.txt [ /ads.intergi.com ]
C:\Documents and Settings\TIM\Cookies\4YHME7PG.txt [ /fastclick.net ]
C:\Documents and Settings\TIM\Cookies\OZVD710G.txt [ /indieclick.com ]
C:\Documents and Settings\TIM\Cookies\M070732V.txt [ /atdmt.com ]
C:\Documents and Settings\TIM\Cookies\2AN6215H.txt [ /ads2.theawl.com ]
C:\Documents and Settings\TIM\Cookies\KBZXOXE8.txt [ /media6degrees.com ]
C:\Documents and Settings\TIM\Cookies\K4TPFRNC.txt [ /overture.com ]
C:\Documents and Settings\TIM\Cookies\91JF6MXZ.txt [ /www.burstnet.com ]
C:\Documents and Settings\TIM\Cookies\SG007AGG.txt [ /zedo.com ]
C:\Documents and Settings\TIM\Cookies\F0EZ3CQY.txt [ /advertising.com ]
C:\Documents and Settings\TIM\Cookies\91O0Z0QR.txt [ /pro-market.net ]
C:\Documents and Settings\TIM\Cookies\8AWN55U6.txt [ /www.cracked.com ]
C:\Documents and Settings\TIM\Cookies\RPDCDAI9.txt [ /adlegend.com ]
C:\Documents and Settings\TIM\Cookies\PJWDXEWO.txt [ /revsci.net ]
C:\Documents and Settings\TIM\Cookies\U1LOJXOY.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\TIM\Cookies\EMJW8MGE.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\TIM\Cookies\AFSKI2O3.txt [ /serving-sys.com ]
C:\Documents and Settings\TIM\Cookies\D2BB0V9K.txt [ /ads.gamersmedia.com ]
C:\Documents and Settings\TIM\Cookies\V9XWBX56.txt [ /edge.jeetyetmedia.com ]
C:\Documents and Settings\TIM\Cookies\BLMAHQWM.txt [ /ads.undertone.com ]
C:\Documents and Settings\TIM\Cookies\H5OAXNXE.txt [ /doubleclick.net ]
C:\Documents and Settings\TIM\Cookies\I1TF169O.txt [ /mediaplex.com ]
C:\Documents and Settings\TIM\Cookies\HU4P18Z1.txt [ /optimize.indieclick.com ]
C:\Documents and Settings\TIM\Cookies\S4NQ76LC.txt [ /yieldmanager.net ]
C:\Documents and Settings\TIM\Cookies\M2AV6SWK.txt [ /citi.bridgetrack.com ]
C:\Documents and Settings\TIM\Cookies\YX7MONIW.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\TIM\Cookies\BE9VOBP8.txt [ /ar.atwola.com ]
C:\Documents and Settings\TIM\Cookies\X4TX79RE.txt [ /liveperson.net ]
C:\Documents and Settings\TIM\Cookies\I25U4PH7.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\TIM\Cookies\YZ4B1S8L.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\TIM\Cookies\72O5RFZ2.txt [ /ads.pixfuture.net ]
C:\Documents and Settings\TIM\Cookies\EN5KTZ3V.txt [ /gotacha.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\TIM\Cookies\1XYN7U8C.txt [ /statcounter.com ]
C:\Documents and Settings\TIM\Cookies\7O21BY5A.txt [ /burstnet.com ]
C:\Documents and Settings\TIM\Cookies\XAGZS6B8.txt [ /healthgrades.112.2o7.net ]
C:\Documents and Settings\TIM\Cookies\BUARCJ1K.txt [ /liveperson.net ]
C:\Documents and Settings\TIM\Cookies\FJ7QWRJI.txt [ /messagespace.advertserve.com ]
C:\Documents and Settings\TIM\Cookies\6A6Q5ZRH.txt [ /mtvn.112.2o7.net ]
C:\Documents and Settings\TIM\Cookies\RW360NSD.txt [ /ads.pointroll.com ]
C:\Documents and Settings\TIM\Cookies\4XEQP62T.txt [ /hpi.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\TIM\Cookies\DGRFSIBA.txt [ /ads.ad4game.com ]
C:\Documents and Settings\TIM\Cookies\1J0L9S7Y.txt [ /specificclick.net ]
C:\Documents and Settings\TIM\Cookies\O0UWV8IC.txt [ /aimfar.solution.weborama.fr ]
C:\Documents and Settings\TIM\Cookies\RQIX80PK.txt [ /ads.livenation.com ]
C:\Documents and Settings\TIM\Cookies\P8H96ZDH.txt [ /harborfreight.122.2o7.net ]
C:\Documents and Settings\TIM\Cookies\4KRUMO0L.txt [ /flatwatermedia.com ]
C:\Documents and Settings\TIM\Cookies\186560D2.txt [ /a1.interclick.com ]
C:\Documents and Settings\TIM\Cookies\HN8Z4ACC.txt [ /247realmedia.com ]
C:\Documents and Settings\TIM\Cookies\FW817XDQ.txt [ /apmebf.com ]
C:\Documents and Settings\TIM\Cookies\RSZLVY9V.txt [ /adserver.leanmarket.com ]
C:\Documents and Settings\TIM\Cookies\2OVDV2YJ.txt [ /clickbooth.com ]
C:\Documents and Settings\TIM\Cookies\U8UC4RCU.txt [ /lucidmedia.com ]
C:\Documents and Settings\TIM\Cookies\P8G3D3EI.txt [ /collective-media.net ]
C:\Documents and Settings\TIM\Cookies\1F49TFUQ.txt [ /cracked.com ]
C:\Documents and Settings\TIM\Cookies\ELNHZBKH.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\TIM\Cookies\J9V0DP50.txt [ /media.adfrontiers.com ]
C:\Documents and Settings\TIM\Cookies\J0SA4V8A.txt [ /toplist.cz ]
C:\Documents and Settings\TIM\Cookies\RZ83RNEO.txt [ /server.cpmstar.com ]
C:\Documents and Settings\TIM\Cookies\3KPSXTIN.txt [ /adbrite.com ]
C:\Documents and Settings\TIM\Cookies\Z0PPOP19.txt [ /questionmarket.com ]
C:\Documents and Settings\TIM\Cookies\OAGY9M2U.txt [ /atwola.com ]
C:\Documents and Settings\TIM\Cookies\Y518IIY4.txt [ /sales.liveperson.net ]
C:\Documents and Settings\TIM\Cookies\1TS0MPQE.txt [ /cdmedia.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\TIM\Cookies\16UD7JHE.txt [ /tribalfusion.com ]
C:\Documents and Settings\TIM\Cookies\FG2J8SH0.txt [ /pointroll.com ]
C:\Documents and Settings\TIM\Cookies\GH19F1H4.txt [ /2o7.net ]
C:\Documents and Settings\TIM\Cookies\DIU2W6KL.txt [ /r1-ads.ace.advertising.com ]
C:\Documents and Settings\TIM\Cookies\TR3HVQZK.txt [ /dmtracker.com ]
C:\Documents and Settings\TIM\Cookies\4H45O8N8.txt [ /adxpose.com ]
C:\Documents and Settings\TIM\Cookies\T1GLV2PS.txt [ /ru4.com ]
C:\Documents and Settings\TIM\Cookies\LLW0Y08H.txt [ /adserver.webmasterbond.com ]
C:\Documents and Settings\TIM\Cookies\DHHPIRXD.txt [ /realmedia.com ]
C:\Documents and Settings\TIM\Cookies\HF1P5ZIY.txt [ /ads.cpxadroit.com ]
C:\Documents and Settings\TIM\Cookies\YIB29XE1.txt [ /ads.addesktop.com ]
C:\Documents and Settings\TIM\Cookies\D6ZHY3ZZ.txt [ /interclick.com ]
C:\Documents and Settings\TIM\Cookies\ZD5OOCWG.txt [ /xm.xtendmedia.com ]
C:\Documents and Settings\TIM\Cookies\1E0UWOOY.txt [ /ads.fdma-media.com ]
C:\Documents and Settings\TIM\Cookies\R1IS5XEF.txt [ /www.technologyquestions.com ]
C:\Documents and Settings\TIM\Cookies\20K4VXQO.txt [ /ad.isleadvertise.com ]
C:\Documents and Settings\TIM\Cookies\J8GABWD5.txt [ /at.atwola.com ]
C:\Documents and Settings\TIM\Cookies\XSIM8JVC.txt [ /rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\TIM\Cookies\V8N7TPCY.txt [ /kontera.com ]
C:\Documents and Settings\TIM\Cookies\YOCV3AXE.txt [ /legolas-media.com ]
C:\Documents and Settings\TIM\Cookies\XFONAOCG.txt [ /liveperson.net ]
C:\Documents and Settings\TIM\Cookies\SWITJ392.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\TIM\Cookies\XX0DNAK9.txt [ /invitemedia.com ]
C:\Documents and Settings\TIM\Cookies\4MFWFGBG.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\TIM\Cookies\WWG790EF.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\TIM\Cookies\ZRF6MFV5.txt [ /themis-media.com ]
C:\Documents and Settings\TIM\Cookies\9MLE1OW3.txt [ /ads.as4x.tmcs.ticketmaster.com ]
C:\Documents and Settings\TIM\Cookies\RY2LDA14.txt [ /openx.jeetyetmedia.com ]
C:\Documents and Settings\TIM\Cookies\ETB92ZJ8.txt [ /ad.wsod.com ]
C:\Documents and Settings\TIM\Cookies\GHZS02M5.txt [ /technologyquestions.com ]
C:\Documents and Settings\TIM\Cookies\8N2DR7K6.txt [ /xiti.com ]
C:\Documents and Settings\TIM\Cookies\GHG0WE8A.txt [ /ads.bridgetrack.com ]
C:\Documents and Settings\TIM\Cookies\ZBXSHOP5.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\TIM\Cookies\28S7IL4C.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\TIM\Cookies\JIY494NO.txt [ /smalldogadvertising.com ]
C:\Documents and Settings\TIM\Cookies\Q6MJXFBH.txt [ /macromedia.com ]
C:\Documents and Settings\TIM\Cookies\HFI9U951.txt [ /adup.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\TIM\Cookies\Z12LF0J9.txt [ /www.googleadservices.com ]
C:\Documents and Settings\TIM\Cookies\L4P4NAN6.txt [ /myroitracking.com ]
C:\Documents and Settings\TIM\Cookies\U750JH2I.txt [ /www.tomtracker.com ]
C:\Documents and Settings\TIM\Cookies\URUS83VV.txt [ /medhelpinternational.112.2o7.net ]
C:\Documents and Settings\TIM\Cookies\BJYIFXVF.txt [ /network.realmedia.com ]
C:\Documents and Settings\TIM\Cookies\8JHL29YQ.txt [ /malakmedia.com ]
C:\Documents and Settings\TIM\Cookies\BX99RJ85.txt [ /jeetyetmedia.com ]
C:\Documents and Settings\TIM\Cookies\UQY39G5F.txt [ /112.2o7.net ]
C:\Documents and Settings\TIM\Cookies\6L7123CZ.txt [ /ads.addynamix.com ]
C:\Documents and Settings\TIM\Cookies\VO21ZZT4.txt [ /weborama.fr ]
C:\Documents and Settings\TIM\Cookies\RBNWEVK2.txt [ /ox-d.jeetyetmedia.com ]
C:\Documents and Settings\TIM\Cookies\IHWS00Z1.txt [ /viacom.adbureau.net ]
C:\Documents and Settings\TIM\Cookies\T5BJXQMA.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\TIM\Cookies\ZMXQW68R.txt [ /eyewonder.com ]
C:\Documents and Settings\TIM\Cookies\DDL44PY9.txt [ /eas.apm.emediate.eu ]
C:\Documents and Settings\TIM\Cookies\UZCJ9J9J.txt [ /solvemedia.com ]
C:\Documents and Settings\TIM\Cookies\CVAUPBDP.txt [ /trafficmp.com ]
C:\Documents and Settings\TIM\Cookies\RYVFSR7P.txt [ /mm.chitika.net ]
C:\Documents and Settings\TIM\Cookies\8IV4RT8C.txt [ /adtech.de ]
C:\Documents and Settings\TIM\Cookies\T7520TNZ.txt [ /accounts.youtube.com ]
C:\Documents and Settings\TIM\Cookies\QB6C7NHN.txt [ /micklemedia.com ]
C:\Documents and Settings\TIM\Cookies\5CMQ42XI.txt [ /lfstmedia.com ]
C:\Documents and Settings\TIM\Cookies\2XB8IODL.txt [ /gr.burstnet.com ]
C:\Documents and Settings\TIM\Cookies\KU33W0BM.txt [ /intermundomedia.com ]
C:\Documents and Settings\TIM\Cookies\KV40UNDN.txt [ /hhm.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\TIM\Cookies\GT0Q2HU1.txt [ /liveperson.net ]
C:\Documents and Settings\TIM\Cookies\Q7NMPKO8.txt [ /c.atdmt.com ]
C:\Documents and Settings\TIM\Cookies\YZO0SZ0F.txt [ /adultfriendfinder.com ]
C:\Documents and Settings\TIM\Cookies\1I32QCDJ.txt [ /hotlog.ru ]
C:\Documents and Settings\TIM\Cookies\AID3XOUY.txt [ /us.sitestat.com ]
C:\Documents and Settings\TIM\Cookies\5NEJC4Z5.txt [ /ad.360yield.com ]
C:\Documents and Settings\TIM\Cookies\AU0SIFWU.txt [ /dtag.112.2o7.net ]
C:\Documents and Settings\TIM\Cookies\3U1RR1JD.txt [ /counters.gigya.com ]
C:\Documents and Settings\TIM\Cookies\TE2CKP1R.txt [ /ads.gorillavid.com ]
C:\Documents and Settings\TIM\Cookies\95WUASUM.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\TIM\Cookies\32TKR14N.txt [ /harrenmedianetwork.com ]
C:\Documents and Settings\TIM\Cookies\I3XZUSW7.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\TIM\Cookies\8M4JMGOT.txt [ /mediamikes.com ]
C:\Documents and Settings\TIM\Cookies\713OW18X.txt [ /c1.atdmt.com ]
C:\Documents and Settings\TIM\Cookies\V0QCPM0Y.txt [ /www.burstbeacon.com ]
C:\Documents and Settings\TIM\Cookies\A58D3891.txt [ /in.getclicky.com ]
C:\Documents and Settings\TIM\Cookies\QG0HKER5.txt [ /brandspotmedia.com ]
C:\Documents and Settings\TIM\Cookies\BE7V33LW.txt [ /c.gigcount.com ]
C:\Documents and Settings\TIM\Cookies\S762XLSZ.txt [ /openstat.net ]
C:\Documents and Settings\TIM\Cookies\P7FMBXQ5.txt [ /estat.com ]
C:\Documents and Settings\TIM\Cookies\GY3A3D45.txt [ /pfa.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\TIM\Cookies\E2E9ODJE.txt [ /adinterax.com ]
C:\Documents and Settings\TIM\Cookies\5JS7SXQ8.txt [ /us.sitestat.com ]
C:\Documents and Settings\TIM\Cookies\F5J8GR6C.txt [ /tacoda.net ]
C:\Documents and Settings\TIM\Cookies\3DEQZ57U.txt [ /burstbeacon.com ]
C:\Documents and Settings\TIM\Cookies\WLTKY3FX.txt [ /ads.shorttail.net ]
C:\Documents and Settings\TIM\Cookies\V2O9GQYK.txt [ /clicksor.com ]
C:\DOCUMENTS AND SETTINGS\TIM\Cookies\WWILSDAM.txt [ Cookie:tim@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\TIM\Cookies\CN6CK2G3.txt [ Cookie:tim@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\TIM\Cookies\62UP8DJ4.txt [ Cookie:tim@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\TIM\Cookies\VCFK8FTV.txt [ Cookie:tim@tosh.comedycentral.com/blog/2011/11/09/porno-protest/ ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
bbca.channelfinder.net [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
cdn.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
cdn.selectablemedia.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
cdn2.themis-media.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
ictv-ic-ec.indieclicktv.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
media.avclub.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
media.oprah.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
members.adultdvdarchive.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
sftrack.searchforce.net [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
static.cdn.360.sorensonmedia.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
www.99counters.com [ C:\DOCUMENTS AND SETTINGS\TIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEW2VXA7 ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\TIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Kazy
C:\PROGRAM FILES\LP\5872\23F.EXE

Trojan.Agent/Gen-Frauder
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43CB5605-D81C-4551-A767-A9A57F46ADFA}\RP391\A0067678.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43CB5605-D81C-4551-A767-A9A57F46ADFA}\RP400\A0070036.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43CB5605-D81C-4551-A767-A9A57F46ADFA}\RP400\A0070037.EXE

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 AM

Posted 07 January 2012 - 11:43 PM

Good thanks..
So how is it running now?

Java and Adobe need updating.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional


I would also remove the Yahoo Toolbar.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Rockadder

Rockadder
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 08 January 2012 - 12:27 AM

its running preety well, looks like the problem resolved itself thanks.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 AM

Posted 08 January 2012 - 07:03 PM

There were some malwares removed that willl cause some running issues.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users