Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirects and more


  • This topic is locked This topic is locked
21 replies to this topic

#1 gset

gset

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 23 May 2010 - 07:21 AM

HI I have been having trouble with my search engine being redirected. I thought I had it cured but its back after a week with a vengance. at first it was only loading spam search engines when I clicked on google results. Now it is opening new tabs and trying to download trojans. When I reboot my computer spy sweeper warns me that it has blocked access to Z0G7YAI0.com a site on a list of sites known to be related to spyware. It also appears that this virus is periodically blocking my internet connection as I somtimes have a message that I have limited or no connectivity. While preparing this post a new tab was opened and my antivirus warned me that a trojan had been blocked.
attached is my dds log. I have tired to run gmer twice and both times my system has crashed after about 2 hours.

DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 8:07:01.67 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CM Sears\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\progra~1\common~1\verizo~1\sfp\vzbb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\progra~1\common~1\verizo~1\sfp\vzbb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [Sonic RecordNow!]
mRun: [IntelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [DVDSentry] "c:\windows\system32\DSentry.exe"
mRun: [REGSHAVE] "c:\program files\regshave\REGSHAVE.EXE" /AUTORUN
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mExplorerRun: [NoActiveDesktopChanges] 00000000
mExplorerRun: [NoActiveDesktop] 0 (0x0)
mExplorerRun: [NoSaveSettings] 0 (0x0)
mExplorerRun: [ClassicShell] 0 (0x0)
StartupFolder: c:\docume~1\cmsear~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\cmsear~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
uPolicies-explorer: NoActiveDesktopChanges = 00000000
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.18.39/ttinst.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cmsear~1\applic~1\mozilla\firefox\profiles\vef41mke.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-7-28 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-15 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-15 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-5-15 1201640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S2 gupdate1c99097a65a9cec;Google Update Service (gupdate1c99097a65a9cec);c:\program files\google\update\GoogleUpdate.exe [2009-2-16 133104]
S3 Asentb;Asentb; [x]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-9-2 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-9-2 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-9-2 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-9-2 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-9-2 1079176]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-6-13 223128]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-12-6 372824]
S3 XCMDIDE;XCMDIDE;\??\c:\docume~1\cmsear~1\locals~1\temp\xcmdide.sys --> c:\docume~1\cmsear~1\locals~1\temp\XCMDIDE.SYS [?]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

=============== Created Last 30 ================

2010-05-23 10:28:45 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-23 00:08:35 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-15 13:28:50 0 d-----w- c:\windows\pss
2010-05-15 03:37:55 0 d-----w- c:\docume~1\cmsear~1\applic~1\Malwarebytes
2010-05-15 03:37:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 03:37:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-15 03:37:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 03:37:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 17:02:05 0 d-----w- c:\program files\Trend Micro
2010-05-14 16:39:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-14 16:34:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-14 12:09:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-10 11:27:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-05-09 20:37:19 1904 ------w- c:\windows\system32\SetupBD.din
2010-05-09 20:37:18 256712 ----a-w- c:\windows\system32\PROUnstl.exe
2010-05-05 11:51:13 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-05-02 11:06:57 5018 ----a-w- c:\windows\system32\KGyGaAvL.sys
2010-03-24 21:31:20 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-03-24 21:06:12 764024 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-03-24 21:06:12 524408 ----a-w- c:\windows\system32\accesor.dll
2010-03-24 20:44:18 128120 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-03-24 20:27:46 1733240 ----a-w- c:\windows\system32\ncscolib.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-27 21:00:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 8:09:47.90 ===============

Edited by gset, 23 May 2010 - 07:27 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:05 PM

Posted 23 May 2010 - 09:16 AM

Hello gset

Welcome to BleepingComputer smile.gif
==========================
Download the following GMER Rootkit Scanner from Here
  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 gset

gset
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 23 May 2010 - 07:23 PM

Have tried several times to run GMER. Both in regular and safe modes. After running for a while I get a blue screen error. Should I continue to try to complete the GMER scan?

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:05 PM

Posted 24 May 2010 - 06:20 AM

Ok try it once more with everything unchecked but for Sections and the C:\ drive option.

If it still crashes then we will move on to something else.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 gset

gset
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 24 May 2010 - 09:24 AM

Completed the reduced GMER scan. Attached is the log as requested.

Should I attach it or just copy and paste it into my reply?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-24 09:42:25
Windows 5.1.2600 Service Pack 3
Running: zcs2u490.exe; Driver: C:\DOCUME~1\CMSEAR~1\LOCALS~1\Temp\fxtoapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 172 804E49CC 4 Bytes JMP 31F5F710
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F5F7AEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP F5F7D8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805AEDE2 7 Bytes JMP F5F7DA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP F5F79536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD4989.SYS The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF78C3360, 0x37388D, 0xE8000020]
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF8951760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1296] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0189000A
.text C:\WINDOWS\System32\svchost.exe[1296] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F1000A
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[2076] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2268] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2348] MSVCRT.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3572] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3572] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3572] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3572] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\WINDOWS\Explorer.EXE[3704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[3704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[3704] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- EOF - GMER 1.0.15 ----

Edited by gset, 24 May 2010 - 09:32 AM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:05 PM

Posted 24 May 2010 - 12:56 PM

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 gset

gset
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 25 May 2010 - 08:42 AM

Hi Thanks so much for helping me smile.gif
Ran combofix this morning and I'm still getting random search engine tabs opening in Firefox while I am searching on google. Here is a web site it tried to open hxxp://cyclevision.com/search.php (I changed the t's to x's in http.) also when the system rebooted after running combofix spy sweeper told me it blocked access to the same potentially threatening web page as before.
Follows is my combofix log

ComboFix 10-05-23.08 - CM Sears 05/25/2010 8:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.225 [GMT -4:00]
Running from: c:\documents and settings\CM Sears\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CM Sears\Application Data\Install.dat
c:\documents and settings\CM Sears\Recent\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-23 10:28 . 2010-05-23 10:28 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-23 00:08 . 2010-05-23 10:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-15 06:19 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-15 06:19 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-15 06:19 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-15 06:19 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-15 06:19 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-15 06:19 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-15 06:19 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-15 06:18 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-15 06:18 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-15 03:37 . 2010-05-15 03:37 -------- d-----w- c:\documents and settings\CM Sears\Application Data\Malwarebytes
2010-05-15 03:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 03:37 . 2010-05-15 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 03:37 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 03:37 . 2010-05-15 03:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 17:02 . 2010-05-14 17:02 -------- d-----w- c:\program files\Trend Micro
2010-05-14 16:39 . 2010-05-14 16:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-14 16:00 . 2010-05-14 16:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-14 15:57 . 2010-05-14 15:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Webroot
2010-05-14 12:09 . 2010-05-14 12:09 -------- d-----w- c:\program files\Alwil Software
2010-05-14 12:09 . 2010-05-14 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-10 11:27 . 2010-05-10 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-05-09 20:37 . 2010-02-23 16:00 256712 ----a-w- c:\windows\system32\PROUnstl.exe
2010-05-05 11:51 . 2010-05-12 18:34 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 03:00 . 2008-08-02 00:29 -------- d-----w- c:\documents and settings\CM Sears\Application Data\Webroot
2010-05-20 17:26 . 2004-04-13 05:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-20 17:24 . 2009-12-25 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-17 17:49 . 2007-07-29 22:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-16 13:20 . 2008-09-02 18:46 -------- d-----w- c:\program files\Spyware Doctor
2010-05-15 23:25 . 2008-08-01 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-05-15 23:10 . 2004-04-13 06:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-15 23:09 . 2005-12-09 01:39 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2010-05-15 23:09 . 2006-08-04 19:46 -------- d-----w- c:\program files\Yahoo!
2010-05-15 20:25 . 2004-04-13 06:06 -------- d-----w- c:\program files\Norton AntiVirus
2010-05-15 20:24 . 2004-04-13 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-15 03:09 . 2006-06-26 20:49 -------- d-----w- c:\program files\Google
2010-05-14 16:36 . 2004-04-13 05:46 -------- d-----w- c:\program files\Java
2010-05-09 20:40 . 2004-04-13 05:49 -------- d-----w- c:\program files\Intel
2010-05-02 11:06 . 2004-09-11 16:53 5018 ----a-w- c:\windows\system32\KGyGaAvL.sys
2010-04-26 16:25 . 2007-09-01 00:12 -------- d-----w- c:\documents and settings\CM Sears\Application Data\SmartDraw
2010-04-15 23:32 . 2009-12-10 22:48 -------- d-----w- c:\documents and settings\CM Sears\Application Data\FileZilla
2010-04-10 16:06 . 2008-02-16 21:37 -------- d-----w- c:\program files\Outspark
2010-04-09 12:25 . 2010-04-09 12:25 -------- d-----w- c:\documents and settings\CM Sears\Application Data\GetRightToGo
2010-04-08 14:29 . 2010-03-29 11:24 503744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-31 11:33 . 2004-04-13 05:46 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 17:24 . 2010-03-27 17:08 -------- d-----w- c:\program files\CamStudio
2010-03-26 20:06 . 2009-12-10 22:47 -------- d-----w- c:\program files\FileZilla FTP Client
2010-03-24 21:31 . 2010-03-24 21:31 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-03-24 21:06 . 2010-03-24 21:06 764024 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-03-24 21:06 . 2010-03-24 21:06 524408 ----a-w- c:\windows\system32\accesor.dll
2010-03-24 20:44 . 2010-03-24 20:44 128120 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-03-24 20:27 . 2010-03-24 20:27 1733240 ----a-w- c:\windows\system32\ncscolib.dll
2010-03-10 06:15 . 2002-08-29 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 12:07 . 2010-03-08 12:07 116944 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2010-02-25 06:24 . 2004-12-07 21:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-29 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-08-05 1691648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-25 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

c:\documents and settings\CM Sears\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-26 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-1-26 278528]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cartoon Network\\Ben 10 Bounty Hunters\\RT_Multiplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30122:TCP"= 30122:TCP:*:Disabled:SolidNetworkManager
"30122:UDP"= 30122:UDP:*:Disabled:SolidNetworkManager
"57028:TCP"= 57028:TCP:Pando Media Booster
"57028:UDP"= 57028:UDP:Pando Media Booster
"58425:TCP"= 58425:TCP:Pando Media Booster
"58425:UDP"= 58425:UDP:Pando Media Booster

R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [7/28/2008 4:44 PM 29808]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/15/2010 2:19 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/15/2010 2:19 AM 19024]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [5/15/2010 7:18 PM 1201640]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [6/13/2006 9:10 PM 642560]
S2 gupdate1c99097a65a9cec;Google Update Service (gupdate1c99097a65a9cec);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2009 8:35 PM 133104]
S3 Asentb;Asentb; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/2/2008 2:46 PM 356920]
S3 vaxscsi;vaxscsi;c:\windows\SYSTEM32\DRIVERS\vaxscsi.sys [6/13/2006 9:13 PM 223128]
S3 XCMDIDE;XCMDIDE;\??\c:\docume~1\CMSEAR~1\LOCALS~1\Temp\XCMDIDE.SYS --> c:\docume~1\CMSEAR~1\LOCALS~1\Temp\XCMDIDE.SYS [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 00:34]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 00:34]

2010-05-21 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-01 19:19]

2010-05-21 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-01 19:19]

2010-05-21 c:\windows\Tasks\wrSpySweeper_L4CC8592DD8D146D798EE5C86368EB3BE.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-01 19:19]

2010-05-21 c:\windows\Tasks\wrSpySweeper_L4CC8592DD8D146D798EE5C86368EB3BE.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-01 19:19]

2010-05-23 c:\windows\Tasks\wrSpySweeper_L7E4EDC14FB3E43F08029996760EDD275.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-01 19:19]

2010-05-23 c:\windows\Tasks\wrSpySweeper_L7E4EDC14FB3E43F08029996760EDD275.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-01 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\CM Sears\Application Data\Mozilla\Firefox\Profiles\vef41mke.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)
AddRemove-Construction - F:\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 08:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3036206618-2449982290-476471742-1008\Software\Zepter Software\RegLib*8c1e5feb\AnyDVD/1]
"1"=dword:448f654a
"2"=dword:448f654a

[HKEY_USERS\S-1-5-21-3036206618-2449982290-476471742-1008\Software\Zepter Software\RegLib*8c1e5feb\CloneDVD2/2]
"1"=dword:44a1174d
"2"=dword:44a1174d

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-25 08:55:42
ComboFix-quarantined-files.txt 2010-05-25 12:55

Pre-Run: 17,555,070,976 bytes free
Post-Run: 25,786,257,408 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 98EDAC7EB16E37F05EC6BD607CEE3184


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:05 PM

Posted 25 May 2010 - 12:55 PM

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===========
Please click here to download Kaspersky Virus Removal Tool.
  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 gset

gset
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 26 May 2010 - 12:05 PM

WOW is all I can say about this one...

Follows is Malwarebytes' Anti-Malware and then Kaspersky virus tool scan logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4143

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2010 3:11:36 PM
mbam-log-2010-05-25 (15-11-36).txt

Scan type: Quick scan
Objects scanned: 173131
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky Virus Removal Tool Scan Log

Autoscan: stopped 4 hours ago (events: 8, objects: 1269, time: 00:16:43)
5/26/2010 7:39:17 AM Task started
5/26/2010 7:40:29 AM Detected: Rootkit.Win32.TDSS.d Unknown application
5/26/2010 7:42:54 AM Cannot be backed up: Rootkit.Win32.TDSS.d Unknown application
5/26/2010 7:50:23 AM Detected: Trojan-Dropper.Win32.Delf.fki C:\Program Files\SpongeBob SquarePants Diner Dash\SBDD.exe
5/26/2010 7:52:32 AM Deleted: Trojan-Dropper.Win32.Delf.fki C:\Program Files\SpongeBob SquarePants Diner Dash\SBDD.exe
5/26/2010 7:52:32 AM Deleted: Trojan-Dropper.Win32.Delf.fki C:\Program Files\SpongeBob SquarePants Diner Dash\SBDD.exe
5/26/2010 7:54:29 AM Detected: Rootkit.Win32.TDSS.d System Memory
5/26/2010 7:56:37 AM Task stopped
Disinfect active threats: completed 4 hours ago (events: 7, objects: 4000, time: 00:07:59)
5/26/2010 7:56:37 AM Task started
5/26/2010 7:56:37 AM Detected: Rootkit.Win32.TDSS.d System Memory
5/26/2010 7:56:47 AM Disinfected: Rootkit.Win32.TDSS.d System Memory
5/26/2010 7:56:47 AM Disinfected: Rootkit.Win32.TDSS.d System Memory
5/26/2010 7:58:54 AM Detected: Rootkit.Win32.TDSS.d Unknown application
5/26/2010 7:59:20 AM Cannot be backed up: Rootkit.Win32.TDSS.d Unknown application
5/26/2010 8:04:36 AM Task completed
Autoscan: completed 18 minutes ago (events: 159, objects: 400242, time: 03:57:27)
5/26/2010 8:25:28 AM Task started
5/26/2010 8:28:24 AM Detected: Rootkit.Win32.TDSS.ap C:\WINDOWS\System32\DRIVERS\redbook.sys
5/26/2010 8:28:25 AM Untreated: Rootkit.Win32.TDSS.ap C:\WINDOWS\System32\DRIVERS\redbook.sys Postponed
5/26/2010 8:38:05 AM Detected: Rootkit.Win32.TDSS.ap c:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
5/26/2010 8:38:05 AM Untreated: Rootkit.Win32.TDSS.ap c:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys Postponed
5/26/2010 9:23:03 AM Detected: not-a-virus:AdWare.Win32.WebSearch.by C:\Documents and Settings\CM Sears\Desktop\Greg\Cipher Software\camo\SW\invsecr.exe/WiseSFXDropper/WISE0018.BIN
5/26/2010 9:23:03 AM Untreated: not-a-virus:AdWare.Win32.WebSearch.by C:\Documents and Settings\CM Sears\Desktop\Greg\Cipher Software\camo\SW\invsecr.exe/WiseSFXDropper/WISE0018.BIN Postponed
5/26/2010 9:23:30 AM Detected: Trojan.Win32.Swisyn.afjj C:\Documents and Settings\CM Sears\Desktop\Greg\Cipher Software\GifSplitter\GifSplitter.exe/UPX
5/26/2010 9:23:30 AM Untreated: Trojan.Win32.Swisyn.afjj C:\Documents and Settings\CM Sears\Desktop\Greg\Cipher Software\GifSplitter\GifSplitter.exe/UPX Postponed
5/26/2010 9:24:38 AM Detected: Trojan.Win32.Swisyn.afjj C:\Documents and Settings\CM Sears\Desktop\Greg\Greg Stuff\Softwarezip\gs.zip/GifSplitter.exe/UPX
5/26/2010 9:24:39 AM Untreated: Trojan.Win32.Swisyn.afjj C:\Documents and Settings\CM Sears\Desktop\Greg\Greg Stuff\Softwarezip\gs.zip/GifSplitter.exe/UPX Postponed
5/26/2010 9:36:03 AM Detected: not-a-virus:AdWare.Win32.WebSearch.by C:\Documents and Settings\CM Sears\Local Settings\temp\PR64.tmp/WISE0018.BIN
5/26/2010 9:36:03 AM Untreated: not-a-virus:AdWare.Win32.WebSearch.by C:\Documents and Settings\CM Sears\Local Settings\temp\PR64.tmp/WISE0018.BIN Postponed
5/26/2010 9:44:03 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\1\21fb6c01-70baabf5
5/26/2010 9:44:03 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\1\21fb6c01-70baabf5 Postponed
5/26/2010 9:44:03 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\10\36b59f0a-11713705
5/26/2010 9:44:03 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\10\36b59f0a-11713705 Postponed
5/26/2010 9:44:07 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-2949196b/OP.class
5/26/2010 9:44:07 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-50d8898f/OP.class
5/26/2010 9:44:07 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-2949196b/OP.class Postponed
5/26/2010 9:44:07 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-50d8898f/OP.class Postponed
5/26/2010 9:44:09 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-290229e4
5/26/2010 9:44:09 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-290229e4 Postponed
5/26/2010 9:44:09 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\674a0f91-5dc77d3c/OP.class
5/26/2010 9:44:10 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\674a0f91-5dc77d3c/OP.class Postponed
5/26/2010 9:44:12 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\20\7af974d4-47bbc23b
5/26/2010 9:44:12 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\20\7af974d4-47bbc23b Postponed
5/26/2010 9:44:13 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-5732ecb2
5/26/2010 9:44:13 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-5732ecb2 Postponed
5/26/2010 9:44:13 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\737d53d5-3049a584/OP.class
5/26/2010 9:44:14 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\737d53d5-3049a584/OP.class Postponed
5/26/2010 9:44:15 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-74304e67/OP.class
5/26/2010 9:44:15 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-74304e67/OP.class Postponed
5/26/2010 9:44:16 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewSecurityClassLoader.class
5/26/2010 9:44:16 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewSecurityClassLoader.class Postponed
5/26/2010 9:44:16 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewURLClassLoader.class
5/26/2010 9:44:16 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewURLClassLoader.class Postponed
5/26/2010 9:44:17 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\24\6c4214d8-13297c3e
5/26/2010 9:44:17 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\24\6c4214d8-13297c3e Postponed
5/26/2010 9:44:17 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-7582629e/OP.class
5/26/2010 9:44:18 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-7582629e/OP.class Postponed
5/26/2010 9:44:22 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\29\6d7d779d-14d92318/OP.class
5/26/2010 9:44:22 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\29\6d7d779d-14d92318/OP.class Postponed
5/26/2010 9:44:22 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\31\150aa41f-6231a677
5/26/2010 9:44:22 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\31\150aa41f-6231a677 Postponed
5/26/2010 9:44:23 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\33\40bf31a1-1cc8e7d0
5/26/2010 9:44:23 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\33\40bf31a1-1cc8e7d0 Postponed
5/26/2010 9:44:24 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\35\5eaed3e3-5f789ef5
5/26/2010 9:44:24 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\35\5eaed3e3-5f789ef5 Postponed
5/26/2010 9:44:24 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\36\1ac8b764-553e6185/OP.class
5/26/2010 9:44:25 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\36\1ac8b764-553e6185/OP.class Postponed
5/26/2010 9:44:26 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\42\2a06cd6a-25dc7612/OP.class
5/26/2010 9:44:26 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\42\2a06cd6a-25dc7612/OP.class Postponed
5/26/2010 9:44:26 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\266f63ec-6efc2c8b/OP.class
5/26/2010 9:44:27 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\266f63ec-6efc2c8b/OP.class Postponed
5/26/2010 9:44:28 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\caa36ac-22be4709
5/26/2010 9:44:28 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\caa36ac-22be4709 Postponed
5/26/2010 9:44:28 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewSecurityClassLoader.class
5/26/2010 9:44:28 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewSecurityClassLoader.class Postponed
5/26/2010 9:44:28 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewURLClassLoader.class
5/26/2010 9:44:28 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewURLClassLoader.class Postponed
5/26/2010 9:44:30 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\48\73128df0-5ae1294f
5/26/2010 9:44:30 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\48\73128df0-5ae1294f Postponed
5/26/2010 9:44:31 AM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-6a4d64f3/OP.class
5/26/2010 9:44:31 AM Detected: Exploit.Java.Agent.f C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-66fb6bc8/vmain.class
5/26/2010 9:44:31 AM Untreated: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-6a4d64f3/OP.class Postponed
5/26/2010 9:44:31 AM Untreated: Exploit.Java.Agent.f C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-66fb6bc8/vmain.class Postponed
5/26/2010 9:44:33 AM Detected: Trojan-Downloader.Java.OpenConnection.ao C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/MagicApplet.class
5/26/2010 9:44:35 AM Untreated: Trojan-Downloader.Java.OpenConnection.ao C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/MagicApplet.class Postponed
5/26/2010 9:44:37 AM Detected: Trojan.Java.ClassLoader.au C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/OwnClassLoader.class
5/26/2010 9:44:38 AM Untreated: Trojan.Java.ClassLoader.au C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/OwnClassLoader.class Postponed
5/26/2010 9:44:38 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-3bb75a1a
5/26/2010 9:44:38 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-3bb75a1a Postponed
5/26/2010 9:44:39 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\1da3057f-280d3c1a
5/26/2010 9:44:39 AM Untreated: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\1da3057f-280d3c1a Postponed
5/26/2010 9:44:39 AM Detected: Trojan-Downloader.Java.OpenConnection.ar C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\59ef263f-1689f0cc/Java2SE.class
5/26/2010 9:44:39 AM Untreated: Trojan-Downloader.Java.OpenConnection.ar C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\59ef263f-1689f0cc/Java2SE.class Postponed
5/26/2010 11:20:24 AM Detected: Trojan-Dropper.Win32.Delf.fki C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144503.exe
5/26/2010 11:20:24 AM Untreated: Trojan-Dropper.Win32.Delf.fki C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144503.exe Postponed
5/26/2010 11:20:32 AM Detected: not-a-virus:AdWare.Win32.WebSearch.by C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144545.exe/WiseSFXDropper/WISE0018.BIN
5/26/2010 11:20:32 AM Untreated: not-a-virus:AdWare.Win32.WebSearch.by C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144545.exe/WiseSFXDropper/WISE0018.BIN Postponed
5/26/2010 11:20:32 AM Detected: Trojan.Win32.Swisyn.afjj C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144544.exe/UPX
5/26/2010 11:20:32 AM Untreated: Trojan.Win32.Swisyn.afjj C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144544.exe/UPX Postponed
5/26/2010 11:20:54 AM Detected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144546.sys
5/26/2010 11:20:54 AM Untreated: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144546.sys Postponed
5/26/2010 11:47:55 AM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\10\36b59f0a-11713705
5/26/2010 12:18:10 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\10\36b59f0a-11713705
5/26/2010 12:18:10 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-290229e4
5/26/2010 12:18:21 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-290229e4
5/26/2010 12:18:21 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\1\21fb6c01-70baabf5
5/26/2010 12:18:27 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\1\21fb6c01-70baabf5
5/26/2010 12:18:27 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\20\7af974d4-47bbc23b
5/26/2010 12:18:56 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\20\7af974d4-47bbc23b
5/26/2010 12:18:56 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-5732ecb2
5/26/2010 12:19:01 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-5732ecb2
5/26/2010 12:19:01 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\24\6c4214d8-13297c3e
5/26/2010 12:19:03 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\24\6c4214d8-13297c3e
5/26/2010 12:19:03 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\31\150aa41f-6231a677
5/26/2010 12:19:07 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\31\150aa41f-6231a677
5/26/2010 12:19:08 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\33\40bf31a1-1cc8e7d0
5/26/2010 12:19:31 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\33\40bf31a1-1cc8e7d0
5/26/2010 12:19:31 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\35\5eaed3e3-5f789ef5
5/26/2010 12:19:36 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\35\5eaed3e3-5f789ef5
5/26/2010 12:19:36 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\caa36ac-22be4709
5/26/2010 12:19:39 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\caa36ac-22be4709
5/26/2010 12:19:39 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\48\73128df0-5ae1294f
5/26/2010 12:19:43 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\48\73128df0-5ae1294f
5/26/2010 12:19:43 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-3bb75a1a
5/26/2010 12:19:45 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-3bb75a1a
5/26/2010 12:19:45 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\1da3057f-280d3c1a
5/26/2010 12:19:47 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\1da3057f-280d3c1a
5/26/2010 12:19:47 PM Detected: Trojan-Dropper.Win32.Delf.fki C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144503.exe
5/26/2010 12:20:01 PM Deleted: Trojan-Dropper.Win32.Delf.fki C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144503.exe
5/26/2010 12:20:02 PM Detected: Trojan.Win32.Swisyn.afjj C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144544.exe/UPX
5/26/2010 12:20:06 PM Deleted: Trojan.Win32.Swisyn.afjj C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144544.exe
5/26/2010 12:20:07 PM Detected: not-a-virus:AdWare.Win32.WebSearch.by C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144545.exe/WiseSFXDropper/WISE0018.BIN
5/26/2010 12:20:41 PM Deleted: not-a-virus:AdWare.Win32.WebSearch.by C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144545.exe
5/26/2010 12:20:41 PM Detected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144546.sys
5/26/2010 12:20:48 PM Disinfected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144546.sys
5/26/2010 12:20:48 PM Disinfected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0144546.sys
5/26/2010 12:21:00 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-2949196b/OP.class
5/26/2010 12:21:14 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-2949196b/OP.class
5/26/2010 12:21:14 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-50d8898f/OP.class
5/26/2010 12:21:56 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\14\27ad8f8e-50d8898f/OP.class
5/26/2010 12:21:56 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\674a0f91-5dc77d3c/OP.class
5/26/2010 12:22:03 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\17\674a0f91-5dc77d3c/OP.class
5/26/2010 12:22:03 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\737d53d5-3049a584/OP.class
5/26/2010 12:22:05 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\21\737d53d5-3049a584/OP.class
5/26/2010 12:22:05 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-74304e67/OP.class
5/26/2010 12:22:09 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-74304e67/OP.class
5/26/2010 12:22:10 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewSecurityClassLoader.class
5/26/2010 12:22:12 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewSecurityClassLoader.class
5/26/2010 12:22:12 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewURLClassLoader.class
5/26/2010 12:22:16 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\23\44616b17-41493661/NewURLClassLoader.class
5/26/2010 12:22:17 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-7582629e/OP.class
5/26/2010 12:22:19 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-7582629e/OP.class
5/26/2010 12:22:20 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\29\6d7d779d-14d92318/OP.class
5/26/2010 12:22:21 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\29\6d7d779d-14d92318/OP.class
5/26/2010 12:22:21 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\36\1ac8b764-553e6185/OP.class
5/26/2010 12:22:23 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\36\1ac8b764-553e6185/OP.class
5/26/2010 12:22:23 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\42\2a06cd6a-25dc7612/OP.class
5/26/2010 12:22:27 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\42\2a06cd6a-25dc7612/OP.class
5/26/2010 12:22:28 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\266f63ec-6efc2c8b/OP.class
5/26/2010 12:22:31 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\44\266f63ec-6efc2c8b/OP.class
5/26/2010 12:22:31 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewSecurityClassLoader.class
5/26/2010 12:22:33 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewSecurityClassLoader.class
5/26/2010 12:22:33 PM Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewURLClassLoader.class
5/26/2010 12:22:37 PM Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\45\413ced2d-164aee67/NewURLClassLoader.class
5/26/2010 12:22:37 PM Detected: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-6a4d64f3/OP.class
5/26/2010 12:22:40 PM Deleted: Trojan-Downloader.Java.OpenStream.ac C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-6a4d64f3/OP.class
5/26/2010 12:22:40 PM Detected: Exploit.Java.Agent.f C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-66fb6bc8/vmain.class
5/26/2010 12:22:43 PM Deleted: Exploit.Java.Agent.f C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-66fb6bc8/vmain.class
5/26/2010 12:22:43 PM Detected: Trojan-Downloader.Java.OpenConnection.ao C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/MagicApplet.class
5/26/2010 12:22:48 PM Deleted: Trojan-Downloader.Java.OpenConnection.ao C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/MagicApplet.class
5/26/2010 12:22:49 PM Detected: Trojan.Java.ClassLoader.au C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/OwnClassLoader.class
5/26/2010 12:22:51 PM Deleted: Trojan.Java.ClassLoader.au C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-2cd88f4f/OwnClassLoader.class
5/26/2010 12:22:51 PM Detected: Trojan-Downloader.Java.OpenConnection.ar C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\59ef263f-1689f0cc/Java2SE.class
5/26/2010 12:22:54 PM Deleted: Trojan-Downloader.Java.OpenConnection.ar C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\6.0\63\59ef263f-1689f0cc/Java2SE.class
5/26/2010 12:22:55 PM Task completed


#10 gset

gset
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 26 May 2010 - 12:20 PM

I forgot to mention the redirects appear to be gone. Also when I rebooted after running the Kaspersky tool I did not recieve the message from spy sweeper about the blocked web page smile.gif

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:05 PM

Posted 26 May 2010 - 01:01 PM

Great let's do this to double check please.

Download TDSSKiller and save it to your Desktop.
  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 gset

gset
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 26 May 2010 - 01:36 PM

tdsskiller ran quickly and without a hitch. the log follows smile.gif

14:29:58:984 2976 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
14:29:58:984 2976 ================================================================================
14:29:58:984 2976 SystemInfo:

14:29:58:984 2976 OS Version: 5.1.2600 ServicePack: 3.0
14:29:58:984 2976 Product type: Workstation
14:29:58:984 2976 ComputerName: DB5YGP41
14:29:58:984 2976 UserName: CM Sears
14:29:58:984 2976 Windows directory: C:\WINDOWS
14:29:58:984 2976 Processor architecture: Intel x86
14:29:58:984 2976 Number of processors: 2
14:29:58:984 2976 Page size: 0x1000
14:29:58:984 2976 Boot type: Normal boot
14:29:58:984 2976 ================================================================================
14:30:00:421 2976 Initialize success
14:30:00:421 2976
14:30:00:421 2976 Scanning Services ...
14:30:00:953 2976 Raw services enum returned 388 services
14:30:00:968 2976
14:30:00:968 2976 Scanning Drivers ...
14:30:01:921 2976 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
14:30:02:015 2976 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
14:30:02:093 2976 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:30:02:156 2976 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:30:02:203 2976 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
14:30:02:250 2976 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
14:30:02:296 2976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:30:02:343 2976 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:30:02:515 2976 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
14:30:02:593 2976 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
14:30:02:671 2976 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
14:30:02:734 2976 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
14:30:02:781 2976 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
14:30:02:843 2976 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
14:30:02:875 2976 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
14:30:02:921 2976 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
14:30:03:000 2976 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
14:30:03:062 2976 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
14:30:03:109 2976 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
14:30:03:156 2976 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
14:30:03:250 2976 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
14:30:03:296 2976 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:30:03:328 2976 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
14:30:03:375 2976 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
14:30:03:421 2976 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
14:30:03:468 2976 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
14:30:03:515 2976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:30:03:562 2976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:30:03:671 2976 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:30:03:796 2976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:30:03:875 2976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:30:03:921 2976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:30:04:093 2976 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
14:30:04:125 2976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:30:04:156 2976 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
14:30:04:187 2976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:30:04:250 2976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:30:04:296 2976 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
14:30:04:328 2976 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
14:30:04:375 2976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:30:04:437 2976 cdudf_xp (fabd9428fdd3d73b5a4ad13f44b3516e) C:\WINDOWS\system32\drivers\cdudf_xp.sys
14:30:04:531 2976 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
14:30:04:562 2976 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
14:30:04:609 2976 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
14:30:04:656 2976 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
14:30:04:687 2976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:30:04:781 2976 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:30:04:875 2976 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:30:04:906 2976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:30:04:953 2976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:30:05:000 2976 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
14:30:05:031 2976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:30:05:078 2976 DVDVRRdr_xp (fcdf14fb7b95fbaaa4fb46f6882edc36) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
14:30:05:125 2976 dvd_2K (7fe8ce3147eb9a3e927af8757d2973af) C:\WINDOWS\system32\drivers\dvd_2K.sys
14:30:05:234 2976 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:30:05:406 2976 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
14:30:05:546 2976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:30:05:578 2976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:30:05:625 2976 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:30:05:671 2976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:30:05:734 2976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:30:05:765 2976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:30:05:812 2976 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:30:05:859 2976 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:30:05:921 2976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:30:05:953 2976 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:30:06:000 2976 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
14:30:06:078 2976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:30:06:125 2976 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:30:06:171 2976 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
14:30:06:203 2976 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:30:06:265 2976 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:30:06:328 2976 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:30:06:390 2976 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:30:06:453 2976 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:30:06:531 2976 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:30:06:593 2976 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:30:06:656 2976 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:30:06:718 2976 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:30:06:812 2976 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:30:06:890 2976 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:30:06:953 2976 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys
14:30:07:000 2976 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys
14:30:07:046 2976 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys
14:30:07:109 2976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:30:07:140 2976 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
14:30:07:265 2976 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
14:30:07:390 2976 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
14:30:07:453 2976 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
14:30:07:515 2976 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
14:30:07:593 2976 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:30:07:640 2976 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:30:07:687 2976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:30:07:750 2976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:30:07:796 2976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:30:07:828 2976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:30:07:859 2976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:30:07:906 2976 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:30:07:953 2976 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:30:08:031 2976 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
14:30:08:093 2976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:30:08:125 2976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:30:08:234 2976 MASPINT (98312c9eab656053be1aca3a8a5912b3) C:\WINDOWS\system32\drivers\MASPINT.sys
14:30:08:281 2976 mmc_2K (0b457fd42e19f0dc33b7c330b6accf3e) C:\WINDOWS\system32\drivers\mmc_2K.sys
14:30:08:406 2976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:30:08:453 2976 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:30:08:484 2976 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:30:08:515 2976 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
14:30:08:546 2976 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:30:08:625 2976 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:30:08:656 2976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:30:08:734 2976 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
14:30:08:796 2976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:30:08:890 2976 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:30:08:937 2976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:30:08:984 2976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:30:09:046 2976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:30:09:109 2976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:30:09:187 2976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:30:09:218 2976 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:30:09:250 2976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:30:09:281 2976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:30:09:328 2976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:30:09:359 2976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:30:09:390 2976 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:30:09:437 2976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:30:09:484 2976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:30:09:546 2976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:30:09:609 2976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:30:09:687 2976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:30:10:000 2976 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:30:10:328 2976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:30:10:375 2976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:30:10:437 2976 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
14:30:10:484 2976 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
14:30:10:546 2976 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
14:30:10:578 2976 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:30:10:625 2976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:30:10:656 2976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:30:10:687 2976 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:30:10:750 2976 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:30:10:796 2976 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:30:10:843 2976 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
14:30:11:000 2976 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
14:30:11:046 2976 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
14:30:11:109 2976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:30:11:156 2976 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:30:11:187 2976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:30:11:218 2976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:30:11:281 2976 pwd_2k (111b156412717281237473b52a037cf4) C:\WINDOWS\system32\drivers\pwd_2k.sys
14:30:11:328 2976 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:30:11:390 2976 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
14:30:11:453 2976 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
14:30:11:500 2976 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
14:30:11:562 2976 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
14:30:11:609 2976 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
14:30:11:656 2976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:30:11:703 2976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:30:11:734 2976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:30:11:781 2976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:30:11:812 2976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:30:11:843 2976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:30:11:890 2976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:30:11:937 2976 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:30:12:031 2976 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\drivers\redbook.kav
14:30:12:125 2976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:30:12:203 2976 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
14:30:12:234 2976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:30:12:281 2976 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:30:12:312 2976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:30:12:406 2976 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
14:30:12:468 2976 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
14:30:12:593 2976 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
14:30:12:671 2976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:30:12:750 2976 sptd (6ccb1458a7f72ca3649929cc448fda3c) C:\WINDOWS\system32\Drivers\sptd.sys
14:30:12:781 2976 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 6ccb1458a7f72ca3649929cc448fda3c
14:30:12:812 2976 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:30:12:890 2976 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:30:12:937 2976 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
14:30:12:984 2976 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
14:30:13:031 2976 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
14:30:13:218 2976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:30:13:281 2976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:30:13:343 2976 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
14:30:13:406 2976 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
14:30:13:453 2976 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
14:30:13:500 2976 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
14:30:13:546 2976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:30:13:625 2976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:30:13:687 2976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:30:13:734 2976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:30:13:781 2976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:30:13:828 2976 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
14:30:13:921 2976 UDFReadr (2eaefddac3eab20144ca74be0ce91c9c) C:\WINDOWS\system32\drivers\UDFReadr.sys
14:30:13:968 2976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:30:14:015 2976 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
14:30:14:109 2976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:30:14:156 2976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:30:14:218 2976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:30:14:250 2976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:30:14:296 2976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:30:14:343 2976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:30:14:390 2976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:30:14:437 2976 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
14:30:14:484 2976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:30:14:531 2976 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
14:30:14:593 2976 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
14:30:14:640 2976 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:30:14:734 2976 vsdatant (1d4af8c2d2a57edf055ccd75467a45e8) C:\WINDOWS\system32\vsdatant.sys
14:30:14:937 2976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:30:15:062 2976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:30:15:093 2976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:30:15:140 2976 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:30:15:203 2976 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:30:15:250 2976 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:30:15:328 2976
14:30:15:328 2976 Completed
14:30:15:328 2976
14:30:15:328 2976 Results:
14:30:15:328 2976 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:30:15:328 2976 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:30:15:328 2976
14:30:15:328 2976 KLMD(ARK) unloaded successfully


#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:05 PM

Posted 26 May 2010 - 06:52 PM

Great since you had many infections I would like to run another scan to check.

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 gset

gset
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 May 2010 - 10:54 AM

Nothing found by ESET smile.gif log follows

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3a44c7e63d48f347b6a22c2125a69a98
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-27 03:01:58
# local_time=2010-05-27 11:01:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 182247 182247 0 0
# compatibility_mode=768 16777175 100 0 199816 199816 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=208527
# found=0
# cleaned=0
# scan_time=12111


#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:05 PM

Posted 27 May 2010 - 12:51 PM

Great please do me a favor and see if your cd drive works correctly.
Just test it by putting in a disk and see if it reads it correctly and also check the burning function.
Let me know of any other issues as well.
The reason I ask this is because of the rootkit you had infected the driver for your cd drive.

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users