Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Newbie posting logs.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Newbie posting logs.

Unread postby martin3030 » August 12th, 2010, 7:29 am

Problems experienced include browser being hijacked and re routed when doing searches,settings being changed,unable to do system restore.
Norton scans fail to show any faults.

here is logfile;

Uninstall list;

Adobe Flash Player 10 Plugin
Apple Application Support
CCleaner
CloneCD
EPSON File Manager
EPSON Printer Software
Foxit Reader
Free Invoicer
HiJackThis
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
HP USB Disk Storage Format Tool
IrfanView (remove only)
Malwarebytes' Anti-Malware
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (3.5.11)
Norton Internet Security
QuickTime
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)


Logfile from Scan;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:06:42, on 12/08/2010
Platform: Windows XP SP3, v.5857 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

--
End of file - 3916 bytes


Many thanks.
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am
Advertisement
Register to Remove

Re: Newbie posting logs.

Unread postby deltalima » August 15th, 2010, 1:08 pm

Hi martin3030,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Newbie posting logs.

Unread postby martin3030 » August 15th, 2010, 1:18 pm

Thank you very much.I will do all you ask and then post.
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am

Re: Newbie posting logs.

Unread postby deltalima » August 15th, 2010, 1:21 pm

OK thanks
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Newbie posting logs.

Unread postby martin3030 » August 15th, 2010, 2:56 pm

OTL logfile created on: 15/08/2010 18:28:13 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\00\My Documents\Downloads
Windows XP Professional Edition Service Pack 3, v.5857 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3311)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

319.00 Mb Total Physical Memory | 23.00 Mb Available Physical Memory | 7.00% Memory free
678.00 Mb Paging File | 36.00 Mb Available in Paging File | 5.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.30 Gb Total Space | 8.71 Gb Free Space | 60.89% Space Free | Partition Type: NTFS
Drive D: | 8.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JJ-7BA46996F9DF
Current User Name: 00
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\00\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\mcui32.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SSC Service Utility\ssc_serv.exe (SSC Localization Group)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\00\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3311_x-ww_d7cb0e02\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (GTNDIS5) -- C:\WINDOWS\System32\GTNDIS5.SYS File not found
DRV - (BCM42RLY) -- C:\WINDOWS\System32\BCM42RLY.SYS File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100814.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100814.002\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100719.001\BHDrvx86.sys (Symantec Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100813.004\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (NtApm) -- C:\WINDOWS\system32\drivers\NtApm.sys (Microsoft Corporation)
DRV - (QCDonner) -- C:\WINDOWS\system32\drivers\OVCD.sys (Microsoft Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (DM9102) DAVICOM 9102(A) -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS (CNet Technology, Inc. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
IE - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/07/29 13:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/07/27 15:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 19:12:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 19:12:26 | 000,000,000 | ---D | M]

[2009/11/26 17:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\00\Application Data\Mozilla\Extensions
[2010/08/15 10:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\00\Application Data\Mozilla\Firefox\Profiles\hcrdej7y.default\extensions
[2010/07/29 06:52:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\00\Application Data\Mozilla\Firefox\Profiles\hcrdej7y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/30 14:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\00\Application Data\Mozilla\Firefox\Profiles\hcrdej7y.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/02/16 15:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/30 14:36:15 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/03 02:42:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/03 02:42:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/03 02:42:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/03 02:42:02 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/15 01:07:28 | 000,609,487 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe (SSC Localization Group)
O4 - HKU\.DEFAULT..\Run: [MSConfig] File not found
O4 - HKU\S-1-5-18..\Run: [MSConfig] File not found
O4 - HKU\S-1-5-21-1078081533-492894223-1202660629-1003..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1078081533-492894223-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\00\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\00\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/17 20:19:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f723030-1b06-11df-b83d-0080ad82aa7d}\Shell - "" = AutoRun
O33 - MountPoints2\{1f723030-1b06-11df-b83d-0080ad82aa7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f723030-1b06-11df-b83d-0080ad82aa7d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{b9b465f0-19d4-11df-b83b-0080ad82aa7d}\Shell - "" = AutoRun
O33 - MountPoints2\{b9b465f0-19d4-11df-b83b-0080ad82aa7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9b465f0-19d4-11df-b83b-0080ad82aa7d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{ed4bf6b0-1b00-11df-b83c-0080ad82aa7d}\Shell - "" = AutoRun
O33 - MountPoints2\{ed4bf6b0-1b00-11df-b83c-0080ad82aa7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ed4bf6b0-1b00-11df-b83c-0080ad82aa7d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/13 11:01:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\00\Recent
[2010/08/12 00:20:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/12 00:20:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/12 00:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/04 15:19:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/07/29 20:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/07/28 07:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/07/27 22:25:37 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
[2010/07/27 22:25:36 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
[2010/07/27 22:25:36 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.sys
[2010/07/27 22:25:36 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys
[2010/07/27 22:25:35 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys
[2010/07/27 22:25:35 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
[2010/07/27 22:25:35 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys
[2010/07/27 22:25:34 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.sys
[2010/07/27 22:23:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1107000.00C
[2010/07/27 15:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\00\My Documents\Symantec
[2010/07/27 15:36:14 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/27 15:36:14 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/27 15:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/27 15:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/27 15:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/07/27 15:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/07/27 15:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/07/27 15:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/27 15:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/07/27 15:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/23 15:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/22 02:06:28 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\00\Desktop\ATF-Cleaner.exe
[2010/07/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\00\Application Data\Malwarebytes
[2010/07/20 19:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/15 18:32:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/15 18:32:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 09:50:36 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/13 17:35:09 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 17:29:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 17:26:41 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-492894223-1202660629-1003.job
[2010/08/13 17:26:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/13 17:25:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 17:25:03 | 335,073,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/13 11:02:36 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\00\Desktop\HiJackThis.lnk
[2010/08/12 12:14:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-492894223-1202660629-1003.job
[2010/08/12 01:51:40 | 002,621,440 | ---- | M] () -- C:\Documents and Settings\00\ntuser.dat
[2010/08/12 01:51:31 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\00\Local Settings\Application Data\IconCache.db
[2010/08/12 01:17:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\00\ntuser.ini
[2010/08/12 00:21:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 19:13:40 | 000,313,567 | ---- | M] () -- C:\Documents and Settings\00\Desktop\post new thread window.jpg
[2010/08/09 22:32:44 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\00\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/09 22:32:41 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/09 10:33:25 | 000,019,957 | ---- | M] () -- C:\Documents and Settings\00\Desktop\145221_profile_634122738460000000.jpg
[2010/08/07 18:40:31 | 292,645,395 | ---- | M] () -- C:\Documents and Settings\00\Desktop\Adobe Acrobat Professional 7.0.8 Corporate.zip
[2010/08/06 23:46:43 | 000,802,028 | ---- | M] () -- C:\Documents and Settings\00\Desktop\2010-08-06 23-43.jpg
[2010/08/04 15:29:09 | 000,002,456 | ---- | M] () -- C:\Documents and Settings\00\Desktop\MKJ.jpg
[2010/08/04 15:01:06 | 000,317,019 | ---- | M] () -- C:\Documents and Settings\00\My Documents\june meeting 007.jpg
[2010/08/04 14:58:25 | 000,826,730 | ---- | M] () -- C:\Documents and Settings\00\My Documents\JKM.jpg
[2010/08/03 19:35:55 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\00\My Documents\JJ credit card charges.doc
[2010/08/03 19:35:49 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\00\My Documents\JJ PPi fees.doc
[2010/08/03 18:41:38 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\00\My Documents\jj revcc.doc
[2010/08/03 18:16:12 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\00\My Documents\Lloyds TSB Rej of settlement letter..doc
[2010/07/31 14:26:12 | 000,002,173 | ---- | M] () -- C:\Documents and Settings\00\Desktop\profilepic238928_1.gif.jpg
[2010/07/29 18:20:22 | 000,417,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/29 18:20:22 | 000,069,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/29 10:35:37 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/07/29 10:34:13 | 001,016,558 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/07/29 00:17:20 | 000,322,937 | ---- | M] () -- C:\Documents and Settings\00\My Documents\download.htm
[2010/07/27 15:36:14 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/27 15:36:13 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/27 15:36:13 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/27 15:36:13 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/27 13:19:33 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/27 08:48:07 | 000,042,980 | ---- | M] () -- C:\WINDOWS\System32\oiffl
[2010/07/27 08:48:06 | 000,105,472 | ---- | M] () -- C:\WINDOWS\System32\klgd.bmp
[2010/07/25 21:09:44 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\00\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 20:46:52 | 000,772,302 | ---- | M] () -- C:\Documents and Settings\00\My Documents\River July 027.jpg
[2010/07/25 20:46:52 | 000,667,191 | ---- | M] () -- C:\Documents and Settings\00\My Documents\River July 028.jpg
[2010/07/25 20:46:52 | 000,640,819 | ---- | M] () -- C:\Documents and Settings\00\My Documents\River July 029.jpg
[2010/07/22 02:06:30 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\00\Desktop\ATF-Cleaner.exe
[2010/07/20 20:57:02 | 000,082,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\zbpxxkfqsrif5.sys
[2010/07/20 16:08:19 | 000,002,230 | ---- | M] () -- C:\WINDOWS\mdll.dl
[2010/07/18 00:14:59 | 000,048,938 | ---- | M] () -- C:\Documents and Settings\00\My Documents\AVC CAMERA.PDF
[2010/07/17 15:22:59 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\00\My Documents\Questionnaire 2.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/12 00:21:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 20:19:41 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\00\Desktop\HiJackThis.lnk
[2010/08/10 19:13:36 | 000,313,567 | ---- | C] () -- C:\Documents and Settings\00\Desktop\post new thread window.jpg
[2010/08/09 10:33:14 | 000,019,957 | ---- | C] () -- C:\Documents and Settings\00\Desktop\145221_profile_634122738460000000.jpg
[2010/08/07 00:31:27 | 292,645,395 | ---- | C] () -- C:\Documents and Settings\00\Desktop\Adobe Acrobat Professional 7.0.8 Corporate.zip
[2010/08/06 23:46:33 | 000,802,028 | ---- | C] () -- C:\Documents and Settings\00\Desktop\2010-08-06 23-43.jpg
[2010/08/04 15:28:19 | 000,002,456 | ---- | C] () -- C:\Documents and Settings\00\Desktop\MKJ.jpg
[2010/08/04 14:58:23 | 000,826,730 | ---- | C] () -- C:\Documents and Settings\00\My Documents\JKM.jpg
[2010/08/03 18:41:37 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\00\My Documents\jj revcc.doc
[2010/08/03 15:13:17 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\00\My Documents\Lloyds TSB Rej of settlement letter..doc
[2010/07/31 14:25:57 | 000,002,173 | ---- | C] () -- C:\Documents and Settings\00\Desktop\profilepic238928_1.gif.jpg
[2010/07/29 18:30:30 | 000,322,937 | ---- | C] () -- C:\Documents and Settings\00\My Documents\download.htm
[2010/07/29 10:33:48 | 001,016,558 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/07/27 22:25:36 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat
[2010/07/27 22:25:36 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat
[2010/07/27 22:25:36 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat
[2010/07/27 22:25:36 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat
[2010/07/27 22:25:36 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf
[2010/07/27 22:25:36 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.inf
[2010/07/27 22:25:36 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010/07/27 22:25:36 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
[2010/07/27 22:25:35 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat
[2010/07/27 22:25:35 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat
[2010/07/27 22:25:35 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf
[2010/07/27 22:25:35 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf
[2010/07/27 22:25:35 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
[2010/07/27 22:25:34 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
[2010/07/27 22:25:34 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.cat
[2010/07/27 22:25:34 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.inf
[2010/07/27 22:23:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
[2010/07/27 15:36:14 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/27 15:36:14 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/27 15:35:35 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/07/27 08:48:07 | 000,042,980 | ---- | C] () -- C:\WINDOWS\System32\oiffl
[2010/07/27 08:48:06 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\klgd.bmp
[2010/07/25 20:46:46 | 000,772,302 | ---- | C] () -- C:\Documents and Settings\00\My Documents\River July 027.jpg
[2010/07/25 20:46:46 | 000,667,191 | ---- | C] () -- C:\Documents and Settings\00\My Documents\River July 028.jpg
[2010/07/25 20:46:46 | 000,640,819 | ---- | C] () -- C:\Documents and Settings\00\My Documents\River July 029.jpg
[2010/07/23 13:42:37 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2010/07/20 20:54:53 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\zbpxxkfqsrif5.sys
[2010/07/20 16:08:19 | 000,002,230 | ---- | C] () -- C:\WINDOWS\mdll.dl
[2010/07/18 05:33:12 | 002,621,440 | ---- | C] () -- C:\Documents and Settings\00\ntuser.dat
[2010/07/18 00:17:22 | 000,048,938 | ---- | C] () -- C:\Documents and Settings\00\My Documents\AVC CAMERA.PDF
[2010/07/17 15:22:58 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\00\My Documents\Questionnaire 2.doc
[2010/06/19 07:59:23 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2010/05/23 13:31:40 | 000,001,413 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/03 15:45:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2010/02/22 19:08:58 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/11/30 12:44:09 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/30 12:34:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER220.ini
[2009/11/22 17:24:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 365394 bytes -> C:\WINDOWS\Temp:temp
< End of report >
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am

Re: Newbie posting logs.

Unread postby deltalima » August 15th, 2010, 3:05 pm

Hi martin3030,

Please post the GMER log when complete. If there are problems running GMER then please run this alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Newbie posting logs.

Unread postby martin3030 » August 15th, 2010, 3:35 pm

Why cant I post logs-keeps saying connection was reset will keep trying.
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am

Re: Newbie posting logs.

Unread postby deltalima » August 15th, 2010, 3:40 pm

It could be that the infection is interfering with your internet connection and blocking the connection. Could you copy the log to another computer and post from that computer ?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Newbie posting logs.

Unread postby martin3030 » August 15th, 2010, 4:10 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3, v.5857)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAlertResumeThread, Type: Address change 0x8062F9E8-->81C9B050 [Unknown module filename]
ntoskrnl.exe-->NtAlertThread, Type: Address change 0x8057A76F-->81C9D050 [Unknown module filename]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80569153-->81AA64A8 [Unknown module filename]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805A24CA-->81C88050 [Unknown module filename]
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x80588DBB-->81D47F38 [Unknown module filename]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80572E9D-->F4C46210 [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x8057AB3F-->81AA59E8 [Unknown module filename]
ntoskrnl.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x8059F509-->81AA54D0 [Unknown module filename]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x8057BD7A-->81CECFB0 [Unknown module filename]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x8065B241-->81C8A050 [Unknown module filename]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x805952BE-->F4C46490 [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D50-->F4C469F0 [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x80573FE9-->81AA6600 [Unknown module filename]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: Address change 0x80569A7E-->81AA6308 [Unknown module filename]
ntoskrnl.exe-->NtImpersonateAnonymousToken, Type: Address change 0x805975D5-->81C97050 [Unknown module filename]
ntoskrnl.exe-->NtImpersonateThread, Type: Address change 0x8057F3AF-->81C99050 [Unknown module filename]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805A3B01-->81D82050 [Unknown module filename]
ntoskrnl.exe-->NtMapViewOfSection, Type: Address change 0x80578A81-->81AA6228 [Unknown module filename]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8057F72C-->81C94050 [Unknown module filename]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805741D0-->81AA67A0 [Unknown module filename]
ntoskrnl.exe-->NtOpenProcessToken, Type: Address change 0x80570735-->81CD9050 [Unknown module filename]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x8056E203-->81C90050 [Unknown module filename]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058B58D-->81AA66D0 [Unknown module filename]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x8057457F-->81AA55A0 [Unknown module filename]
ntoskrnl.exe-->NtResumeThread, Type: Address change 0x8057C3ED-->81C9F050 [Unknown module filename]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x8062DD47-->81CA5050 [Unknown module filename]
ntoskrnl.exe-->NtSetInformationProcess, Type: Address change 0x80570441-->81AA5EF8 [Unknown module filename]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805A7BED-->81C8C050 [Unknown module filename]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80579A43-->F4C46C40 [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062F92D-->81C92050 [Unknown module filename]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x805E0456-->81CA1050 [Unknown module filename]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805836B0-->81CDD050 [Unknown module filename]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8057B496-->81CA3050 [Unknown module filename]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Address change 0x80578606-->81CD5050 [Unknown module filename]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057F198-->81AA63D8 [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F79D6-->81ACC050 [Unknown module filename]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8496E4-->81ACA050 [Unknown module filename]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF852B85-->81AC9050 [Unknown module filename]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF820E74-->81ACB050 [Unknown module filename]
win32k.sys-->NtUserGetRawInputData, Type: Address change 0xBF916058-->81A9B050 [Unknown module filename]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EE66-->81347AC8 [Unknown module filename]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF8082DF-->81347C68 [Unknown module filename]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF86368B-->81347B98 [Unknown module filename]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF852C45-->81A9B1A8 [Unknown module filename]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F00F9-->81DA2A08 [Unknown module filename]
==============================================
>Processes
==============================================
0x81FCBA00 [4] System
0x81357020 [132] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation, Machine Debug Manager)
0x81EE4DA0 [188] C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation, Symantec Service Framework)
0x8124B418 [360] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x81AAE948 [452] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x813D0280 [512] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8134D540 [536] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x813091E0 [580] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x81301C78 [592] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0xFBC84400 [680] C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation, Notepad)
0x812C2CB0 [760] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFFB91B20 [840] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION, EPSON Status Monitor 3)
0x812A9020 [844] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x81288020 [912] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x81282768 [996] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x81272B28 [1108] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x81303D08 [1244] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0xFFBB5020 [1384] C:\Program Files\SSC Service Utility\ssc_serv.exe (SSC Localization Group, SSC Service Utility)
0xFFBBC9E0 [1396] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0xFFB9D800 [1428] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x81330328 [1732] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFFAAD020 [1888] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0xFFB7B020 [1940] C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation, Windows TaskManager)
0x81EC4020 [2016] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0xFFB2C348 [2036] C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation, Symantec Service Framework)
0xFBD093A0 [2184] C:\WINDOWS\notepad.exe (Microsoft Corporation, Notepad)
0xFFA80C68 [2268] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0xF944C9E8 [3364] C:\Documents and Settings\00\My Documents\Downloads\RKUnhookerLE(2).EXE (UG North, RKULE, SR2 Normandy)
0xFBC25418 [4076] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189184 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189184 bytes
0x804D7000 RAW 2189184 bytes
0x804D7000 WMIxWDM 2189184 bytes
0xF7FFB000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF2083000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100814.002\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0xF476B000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100719.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xF8282000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF4817000 C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xF49B1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF4953000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF4B68000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF7EF3000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xF4DC0000 C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xF4B11000 C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xF31DF000 C:\WINDOWS\system32\DRIVERS\OVCODEK2.sys 352256 bytes (Microsoft Corporation, Video Codec)
0xF8365000 SYMDS.SYS 352256 bytes
0xF2FC8000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100813.004\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)
0xF4074000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xF3A6B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7F4C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF4271000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8255000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF8326000 SYMEFA.SYS 184320 bytes
0xF2002000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF4A21000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF4A6E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF83F3000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF4AEB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF4C30000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xF471F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7F7C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7FA0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7FC4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF4A4C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF83BB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8419000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF4DA1000 C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xF4896000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF823B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x806EE000 C:\WINDOWS\system32\hal.dll 105344 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x806EE000 PCI_HAL 105344 bytes
0xF83DB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF830F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF202D000 C:\DOCUME~1\00\LOCALS~1\Temp\kwpoikog.sys 94208 bytes
0xF81DC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF4234000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF206F000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100814.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF7EDF000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7FE7000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF4BC1000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8353000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8438000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF81CB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF440E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF852A000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF859A000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF856A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF853A000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF431E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF85BA000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF84AA000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF858A000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF84EA000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF339B000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF848A000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF3F4C000 C:\WINDOWS\system32\DRIVERS\OVCAM2.sys 49152 bytes (Microsoft Corporation, Video Driver)
0xF850A000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF84BA000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF865A000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF854A000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF847A000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF84FA000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF855A000 C:\WINDOWS\system32\drivers\es1371mp.sys 40960 bytes (Creative Technology Ltd., ENSONIQ AudioPCI 97 WDM Audio Miniport)
0xF846A000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF85AA000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF85DA000 C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF857A000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF849A000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF851A000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7E9F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF341B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF85FA000 C:\WINDOWS\system32\drivers\oreans32.sys 36864 bytes
0xF863A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF87BA000 C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS 32768 bytes (CNet Technology, Inc. , NDIS 5.0 driver )
0xF871A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8762000 C:\WINDOWS\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0xF879A000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF86EA000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF87B2000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF883A000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF884A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8862000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF87DA000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF87CA000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8872000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF86F2000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF873A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF874A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF872A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF878A000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF8792000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8932000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF4592000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF893E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF887A000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8936000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8966000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF421C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF88F6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7E37000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF89DC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF896E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF89D4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF896A000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF89E4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF89E8000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF89EA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF898C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8996000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF896C000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8B61000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8A91000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8B14000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8A32000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x81F45AEA ?_empty_? 1302 bytes
0x81F45EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x81F043A8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF83DB000 WARNING: suspicious driver modification [atapi.sys::0x81F45AEA]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B754, Type: Inline - RelativeCall 0x804E2754-->8FCFD1B2 [unknown_code_page]
ntoskrnl.exe+0x0000B80C, Type: Inline - RelativeJump 0x804E280C-->804E27DC [ntoskrnl.exe]
[2016]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2016]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2016]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2016]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2016]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2016]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2016]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2016]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2016]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2016]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2016]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[912]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[912]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[912]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[912]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[912]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[912]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[912]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E41BD6E-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am

Re: Newbie posting logs.

Unread postby deltalima » August 15th, 2010, 4:13 pm

Hi martin3030,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Newbie posting logs.

Unread postby martin3030 » August 15th, 2010, 5:46 pm

2010/08/15 22:29:53.0007 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/15 22:29:53.0007 ================================================================================
2010/08/15 22:29:53.0007 SystemInfo:
2010/08/15 22:29:53.0007
2010/08/15 22:29:53.0007 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/15 22:29:53.0007 Product type: Workstation
2010/08/15 22:29:53.0007 ComputerName: JJ-7BA46996F9DF
2010/08/15 22:29:53.0048 UserName: 00
2010/08/15 22:29:53.0048 Windows directory: C:\WINDOWS
2010/08/15 22:29:53.0048 System windows directory: C:\WINDOWS
2010/08/15 22:29:53.0048 Processor architecture: Intel x86
2010/08/15 22:29:53.0048 Number of processors: 1
2010/08/15 22:29:53.0048 Page size: 0x1000
2010/08/15 22:29:53.0048 Boot type: Normal boot
2010/08/15 22:29:53.0048 ================================================================================
2010/08/15 22:29:55.0611 Initialize success
2010/08/15 22:30:13.0978 ================================================================================
2010/08/15 22:30:13.0978 Scan started
2010/08/15 22:30:13.0978 Mode: Manual;
2010/08/15 22:30:13.0978 ================================================================================
2010/08/15 22:30:16.0621 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/15 22:30:16.0962 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/15 22:30:18.0354 amdagp (e6067b54f2b6faf7a98f6a237c1fb9b8) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/15 22:30:19.0756 AsyncMac (8f619cf1d0750066a4aab48f38907d22) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/15 22:30:20.0106 atapi (7316afa8efa110621d6d90722af3efe6) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/15 22:30:20.0637 Atmarpc (af6f35d96b0220d1355318351e9b9fbe) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/15 22:30:20.0988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/15 22:30:21.0478 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/15 22:30:22.0270 BHDrvx86 (3da27ed4d83f7b47e057c36f72644b04) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100719.001\BHDrvx86.sys
2010/08/15 22:30:22.0890 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/15 22:30:23.0331 CCDECODE (1bb5f38470107ee77686d559312d5189) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/15 22:30:23.0782 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
2010/08/15 22:30:24.0403 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/15 22:30:24.0713 Cdfs (b7e6f9e557905f038d6efd115b4ff618) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/15 22:30:25.0104 Cdrom (f18ab264458913b1304fe899f5fa68fb) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/15 22:30:26.0896 Disk (40a52785370971e2cd137a5811e11aa4) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/15 22:30:27.0227 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
2010/08/15 22:30:27.0687 dmboot (fc6189cc82bd4a5738c0f2f08b478762) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/15 22:30:28.0128 dmio (672b7af1e9ab4040d74370a3500e5e5c) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/15 22:30:28.0458 dmload (b755abee0175f49eae633495249f545d) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/15 22:30:28.0458 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmload.sys. Real md5: b755abee0175f49eae633495249f545d, Fake md5: e9317282a63ca4d188c0df5e09c6ac5f
2010/08/15 22:30:28.0519 dmload - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/15 22:30:28.0799 DMusic (08f31922388cb31d32841690aca1379a) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/15 22:30:29.0430 drmkaud (780426dad0ceb30124a61a85d71e77d3) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/15 22:30:29.0790 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/15 22:30:30.0161 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2010/08/15 22:30:30.0481 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/08/15 22:30:30.0892 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/15 22:30:31.0303 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/08/15 22:30:31.0673 Fastfat (c473e4a84355a32b53f2f4ce3a0406ee) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/15 22:30:32.0204 Fdc (fa2d4ad77c535c75b00c799942fee927) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/15 22:30:32.0494 Fips (532b70a154643dc5d722eec7e82b8446) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/15 22:30:32.0825 Flpydisk (b91b6def9522cdc7310ed88563fabc37) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/15 22:30:33.0225 FltMgr (cdcacf60eb651f84f6307c7a4d5d26a0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/15 22:30:33.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/15 22:30:33.0866 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/15 22:30:34.0217 gameenum (e8572dbca1811131b8ac1e13c1714019) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/08/15 22:30:34.0587 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/08/15 22:30:34.0948 Gpc (a68d8864e187d6b4b60bbd9abd51f57d) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/15 22:30:35.0779 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/08/15 22:30:36.0240 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/08/15 22:30:36.0620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/15 22:30:37.0031 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/08/15 22:30:37.0912 i8042prt (72229484fdbb55a76cf2bf0a33c07199) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/15 22:30:38.0493 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100813.004\IDSxpx86.sys
2010/08/15 22:30:38.0813 Imapi (aaae7f1f575c1c6573084e910660be1b) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/15 22:30:39.0735 Ip6Fw (c0e5e466fc2c126429728060b5cd92d9) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/15 22:30:40.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/15 22:30:40.0416 IpInIp (87dcec7a87e8344e79da035a5edf8b0a) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/15 22:30:40.0806 IpNat (8eb436e01a5535dcd0ada273cbd4f7b0) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/15 22:30:41.0137 IPSec (13f79a5c92bb6a07540b7a37ac2c4aad) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/15 22:30:41.0417 IRENUM (6fa444f11b5213ad2048ea1ed5d58159) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/15 22:30:41.0788 isapnp (554ac08ffd31a9a4ed4337ba5f2b8702) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/15 22:30:42.0158 Kbdclass (6946e7c9b6acb20cddac1f12e08feb58) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/15 22:30:42.0499 kmixer (17566366ec1a5e48b9ba024db7869b3d) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/15 22:30:42.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/15 22:30:43.0720 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/15 22:30:44.0111 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/15 22:30:44.0461 Modem (906499c774232c4c9444cc93425f05e2) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/15 22:30:44.0912 Mouclass (db03590221f87989be31209394e112d1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/15 22:30:45.0223 MountMgr (14ffb41e7db770e282080e54240a6339) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/15 22:30:45.0823 MRxDAV (dc60415365c36fabec85f02510d33a5c) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/15 22:30:46.0204 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/15 22:30:46.0675 Msfs (e09362c993b1dfa569166da45c7e0cb8) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/15 22:30:46.0985 MSKSSRV (4159dbff2c48d4bd59cd7130318bbecb) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/15 22:30:47.0296 MSPCLOCK (74be6d8014ebc0996d43f29515442295) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/15 22:30:47.0596 MSPQM (9730536657538f248ee95973216dff59) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/15 22:30:47.0936 mssmbios (6a6f1b5f2e6079b6ceac7fc0580961f3) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/15 22:30:48.0277 MSTEE (f1c1da4989dea29c92af4bc04ee1c55e) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/15 22:30:48.0567 Mup (96f8a3cf98ecd12d68fc4899bc42cbba) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/15 22:30:48.0868 NABTSFEC (24a22de50acbe0045d584fa23f68183b) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/15 22:30:49.0439 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100814.002\NAVENG.SYS
2010/08/15 22:30:50.0060 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100814.002\NAVEX15.SYS
2010/08/15 22:30:50.0570 NDIS (104efce994264e4b36c1b6f5a846eb60) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/15 22:30:50.0871 NdisIP (bdccd979f1da1e9e2483d489a7f42dd2) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/15 22:30:51.0151 NdisTapi (e1605dbf08b51cf6a4585ca554392b15) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/15 22:30:51.0472 Ndisuio (4b51239904ffb424bf6ed20ee6860836) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/15 22:30:51.0802 NdisWan (6cc11a564fcd95313b0385c6787bbffe) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/15 22:30:52.0133 NDProxy (8a2db34106b39b44634bb6c74129a397) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/15 22:30:52.0443 NetBIOS (a012ec6d73b1acbb876dc0efbe0fafee) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/15 22:30:52.0844 NetBT (b24ed3a4966d1a9251899025759dc847) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/15 22:30:53.0765 Npfs (8209aeff434c0d37543930aad855bb79) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/15 22:30:54.0075 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
2010/08/15 22:30:54.0436 Ntfs (3e8a141dcbeb618add4126a61cf264dd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/15 22:30:54.0826 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/15 22:30:55.0407 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/15 22:30:55.0948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/15 22:30:56.0248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/15 22:30:56.0599 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
2010/08/15 22:30:57.0000 Parport (31acec5abbbc4f9037db1333f1663fcd) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/15 22:30:57.0300 PartMgr (07f08cdc6bcf2257bd884c3ee91288db) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/15 22:30:57.0590 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/15 22:30:58.0091 PCI (5de1e01e77255550e0038eff628f202e) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/15 22:30:58.0712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/15 22:30:59.0093 Pcmcia (bb7884fd8831691778f009a9a827401c) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/15 22:31:01.0206 PptpMiniport (6f8d4e8942170430e1e8e1392be1c7e2) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/15 22:31:01.0566 PSched (5f03f871dc8c223334ba91fc980e8eaf) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/15 22:31:01.0927 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/15 22:31:02.0568 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2010/08/15 22:31:04.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/15 22:31:04.0470 Rasl2tp (0acc9422b1029011d057fbabec4c5fa9) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/15 22:31:04.0801 RasPppoe (11c361aa15fb8e72118bd8415e6dbd7f) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/15 22:31:05.0161 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/15 22:31:05.0502 Rdbss (567b201561f77ed347c5be8820d55b2d) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/15 22:31:05.0832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/15 22:31:06.0313 rdpdr (689d94f2d76c44eeef04113b74f652e4) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/15 22:31:06.0663 RDPWD (a753138f6b1f4016cf47ff611b027b87) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/15 22:31:07.0284 redbook (ebe526e35f00189afbd4fe379c76e416) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/15 22:31:07.0915 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/15 22:31:08.0386 serenum (d4ff37d65724c22dff08f86f89a66740) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/15 22:31:08.0696 Serial (d39c4a6acb529be4ffa5e49eeccbbc5b) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/15 22:31:09.0007 Sfloppy (16c82920b49d58548dde524bd91fe275) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/15 22:31:09.0598 SLIP (b9ba9d5cfc7a45d936f416de770c9e58) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/15 22:31:10.0138 splitter (56d1314c6b52622b7b33f4b5941c07bc) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/15 22:31:10.0419 sr (f434259611a11e8b9f9e94454171dcdb) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/15 22:31:10.0799 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
2010/08/15 22:31:11.0220 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
2010/08/15 22:31:11.0550 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/15 22:31:11.0981 streamip (3e439dee339657f99ca12a998d156e63) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/15 22:31:12.0261 swenum (0c749e7ece8794ae1794099c1953db9e) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/15 22:31:12.0822 swmidi (d0dcd940e9301add51df993313f3115b) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/15 22:31:14.0104 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
2010/08/15 22:31:14.0725 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
2010/08/15 22:31:15.0366 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/08/15 22:31:15.0867 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
2010/08/15 22:31:16.0327 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
2010/08/15 22:31:17.0669 sysaudio (1e993bda05d911d49ff5531ea6d1b8cd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/15 22:31:18.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/15 22:31:18.0520 TDPIPE (fc56140fdbb88b504e9d745c1e3abb1c) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/15 22:31:19.0011 TDTCP (66b2c34bffe6e5ff9fc226f7dddecef5) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/15 22:31:19.0462 TermDD (3ca25bf3b7391d4ad0c6f1dc8d1b717d) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/15 22:31:20.0283 Udfs (885ed0a5a38e4db0b97837b647e26f5f) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/15 22:31:21.0074 Update (a2ce1dab37edb7a596966fa4baa93bbd) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/15 22:31:21.0585 usbccgp (39d4971f85200dce8dad69b1991afaec) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/15 22:31:21.0995 usbhub (23397705cae15d9c3ab04b6ccb51f588) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/15 22:31:22.0466 usbohci (36cda05548bdaedd3ea363f4a09fe5b6) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/15 22:31:22.0777 usbprint (2b772ece9d1701b875259ebbdb0baad7) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/15 22:31:23.0107 USBSTOR (ba215dd63ae739565ecb443d265ce0c6) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/15 22:31:23.0468 usbvideo (6839de7e02661b73a2db0a441af1ae60) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/15 22:31:23.0798 USB_RNDIS (b68aed6817f8a4ee6f3becef2a2b6b0c) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/08/15 22:31:24.0108 VgaSave (5437703622d5e398e45f5a0578a191ba) C:\WINDOWS\System32\drivers\vga.sys
2010/08/15 22:31:24.0699 VolSnap (4b7a8d499374ede1fdc7cec22094e12e) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/15 22:31:25.0150 Wanarp (91a407c7f833bcf97240564fd44b1a66) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/15 22:31:25.0691 wdmaud (76e4b15c066144e711464f72d7b27af3) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/15 22:31:26.0181 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/08/15 22:31:27.0083 WSTCODEC (16ff42f339db97429f1041b5db3a07bc) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/15 22:31:27.0503 ================================================================================
2010/08/15 22:31:27.0503 Scan finished
2010/08/15 22:31:27.0503 ================================================================================
2010/08/15 22:31:27.0664 Detected object count: 1
2010/08/15 22:31:45.0880 dmload (b755abee0175f49eae633495249f545d) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/15 22:31:45.0880 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmload.sys. Real md5: b755abee0175f49eae633495249f545d, Fake md5: e9317282a63ca4d188c0df5e09c6ac5f
2010/08/15 22:31:59.0239 Backup copy found, using it..
2010/08/15 22:32:00.0661 C:\WINDOWS\system32\drivers\dmload.sys - will be cured after reboot
2010/08/15 22:32:00.0661 Rootkit.Win32.TDSS.tdl3(dmload) - User select action: Cure
2010/08/15 22:32:07.0421 Deinitialize success
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am

Re: Newbie posting logs.

Unread postby deltalima » August 16th, 2010, 3:09 am

Hi martin3030,

Please run Malwarebytes, update and run a quick scan then post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Newbie posting logs.

Unread postby martin3030 » August 16th, 2010, 6:30 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4435

Windows 5.1.2600 Service Pack 3, v.5857
Internet Explorer 6.0.2900.3311

16/08/2010 11:28:32
mbam-log-2010-08-16 (11-28-32).txt

Scan type: Quick scan
Objects scanned: 123201
Time elapsed: 25 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am

Re: Newbie posting logs.

Unread postby deltalima » August 16th, 2010, 6:47 am

Hi martin3030,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Newbie posting logs.

Unread postby martin3030 » August 16th, 2010, 7:33 am

I opened this link but the accept button seems disabled.

I tried from another link and saw this;

The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. While you are waiting for the improved Online Scanner, why not take a free trial of Kaspersky Internet Security 2011, which has everything you need to keep your computer safe.
martin3030
Regular Member
 
Posts: 18
Joined: August 12th, 2010, 7:21 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 326 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware