Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having Issue with HTTP Tidserv Request


  • Please log in to reply
12 replies to this topic

#1 sam187

sam187

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 25 May 2010 - 11:11 AM

Hello Guys,
This is my first post and I am new to this. I turned on my computer this morning and logged on to the internet and Norton kept popping up saying there was an intrusion attempt by 7gafd33ja90a.com 85.12.46.159, 80 HTTP Tidserv Request???? I noticed I was also being redirected to other sites not the ones I was searching for. I tried to log onto this site Bleeping Computer and it was blocking me?? I am now logging in through my other laptop which is fine. I did download malwarebytes anti malware and did a scan and came up with this log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/25/2010 11:33:51 PM
mbam-log-2010-05-25 (23-33-51).txt

Scan type: Quick scan
Objects scanned: 137369
Time elapsed: 27 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\supremeadvertisingprogram.supremeadvertisingprogram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2cb03a3d-3cf0-5452-54e2-b4d7c515dc1b} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{68c774e4-5b04-765e-8b5f-ab4992caf0b4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{04ecaccd-a83a-27b2-d360-eca174eaee44} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04ecaccd-a83a-27b2-d360-eca174eaee44} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{04ecaccd-a83a-27b2-d360-eca174eaee44} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04ecaccd-a83a-27b2-d360-eca174eaee44} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supremeadvertisingprogram.supremeadvertisingprogram.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6ed8119a-e0c0-4f30-84b6-5294cfadc3dc} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3777260-7308-464a-baa2-cc492c0ce7d2} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\SupremeAdvertisingProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BprintingHost.Serv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SupremeAdvertisingProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc (Trojan.LDPinch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupremeAdvertisingProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\SupremeAdvertisingProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam Armenta\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SupremeAdvertisingProgram\SupremeAdvertisingProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\SupremeAdvertisingProgram\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam Armenta\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlh9jkd1q8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

This did not fix the issue, so I am here for some help on this. I am not the smartes guy when it comes to computers so a step by step fix would be greatly appreciated. I am running window XP2000 right now and have Norton Antivirus installed. Please let me know how I can fix this issue. Remember I am also using this laptop to fix the other ones issue...
Thanks in advance
Sam

Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 25 May 2010 - 01:58 PM

Hello and welcome. Is this PC on a network?

Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sam187

sam187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 25 May 2010 - 02:34 PM

Ok, I will try this and get back to you soon...
Thanks

#4 sam187

sam187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 26 May 2010 - 10:27 AM

Ok so after the rest of yesterday and all through the night this scan finally finished!! I unplugged the network and rebooted the system. It still pops up on norton when I search "Intrusion Attempt HTTP Tidserv Request 2" Yesterday it was request and now its request 2??? I re-scanned with MBAM and came up clean. Here is the log for that and also I am on a wireless network.. Thanks again for your help, I need this removed from my computer asap! I have a gig this Saturday and I need this laptop ughh!!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4145

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/26/2010 11:31:59 PM
mbam-log-2010-05-26 (23-31-59).txt

Scan type: Quick scan
Objects scanned: 149384
Time elapsed: 25 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I use firefox as my internet and not internet explorer if that makes any difference??

Thanks Again
Sam

#5 sam187

sam187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 26 May 2010 - 10:29 AM

Also I use an external HD to store all my music and pics and other programs if that helps any?
Thanks

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 26 May 2010 - 03:17 PM

Ok we are going to run TDDS Killer and I think we will gt this beast.
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sam187

sam187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 26 May 2010 - 05:08 PM

Ok, I ran the TDSSKiller and here is the log...
Thanks

06:18:27:203 0572 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
06:18:27:203 0572 ================================================================================
06:18:27:203 0572 SystemInfo:

06:18:27:203 0572 OS Version: 5.1.2600 ServicePack: 3.0
06:18:27:203 0572 Product type: Workstation
06:18:27:203 0572 ComputerName: LAUNICA
06:18:27:203 0572 UserName: Sam Armenta
06:18:27:203 0572 Windows directory: C:\WINDOWS
06:18:27:203 0572 Processor architecture: Intel x86
06:18:27:203 0572 Number of processors: 1
06:18:27:203 0572 Page size: 0x1000
06:18:27:203 0572 Boot type: Normal boot
06:18:27:203 0572 ================================================================================
06:18:28:250 0572 Initialize success
06:18:28:250 0572
06:18:28:250 0572 Scanning Services ...
06:18:28:937 0572 Raw services enum returned 369 services
06:18:28:953 0572
06:18:28:953 0572 Scanning Drivers ...
06:18:30:171 0572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:18:30:359 0572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:18:30:562 0572 aeaudio (f13d8e7e1faa31019c25eb17b5fb2662) C:\WINDOWS\system32\drivers\aeaudio.sys
06:18:30:718 0572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:18:30:859 0572 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
06:18:31:109 0572 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
06:18:31:484 0572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:18:32:031 0572 ApfiltrService (285b803bfa147716b6fe7545586450cd) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
06:18:32:140 0572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:18:32:375 0572 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
06:18:32:500 0572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:18:32:625 0572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:18:32:890 0572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:18:33:234 0572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:18:33:718 0572 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:18:34:000 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:18:34:187 0572 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys
06:18:34:312 0572 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
06:18:34:468 0572 BTWUSB (e6bcc8cd48a7bb9c83ea1536fcff0fd1) C:\WINDOWS\system32\Drivers\btwusb.sys
06:18:34:687 0572 BVRPMPR5 (18e0f9c1e7ec4aae40b3f67eab0aee99) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
06:18:34:890 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:18:35:015 0572 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys
06:18:35:156 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:18:35:265 0572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:18:35:406 0572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:18:35:578 0572 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:18:35:718 0572 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:18:36:031 0572 Disk (79846d2c3147820e7d95f308d483da7f) C:\WINDOWS\system32\DRIVERS\disk.sys
06:18:36:031 0572 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: 79846d2c3147820e7d95f308d483da7f, Fake md5: 044452051f3e02e7963599fc8f4f3e25
06:18:36:031 0572 File "C:\WINDOWS\system32\DRIVERS\disk.sys" infected by TDSS rootkit ... 06:18:37:406 0572 Backup copy found, using it..
06:18:37:531 0572 will be cured on next reboot
06:18:37:734 0572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:18:37:921 0572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:18:38:031 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:18:38:125 0572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:18:38:406 0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:18:38:531 0572 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
06:18:38:656 0572 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
06:18:38:937 0572 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:18:39:031 0572 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:18:39:312 0572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:18:39:453 0572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:18:39:546 0572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:18:39:640 0572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:18:39:812 0572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:18:39:953 0572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:18:40:031 0572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:18:40:250 0572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:18:40:406 0572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:18:40:531 0572 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
06:18:40:687 0572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:18:40:875 0572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:18:41:093 0572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:18:41:296 0572 ialm (f159a2aaf79d8fe6c7a77a8b3de92581) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
06:18:41:734 0572 IDSxpx86 (1ca8e9bd3cb6d16e54d08240dd3a4f66) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100518.002\IDSxpx86.sys
06:18:41:890 0572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:18:42:015 0572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:18:42:203 0572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:18:42:312 0572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:18:42:453 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:18:42:828 0572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:18:43:312 0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:18:44:140 0572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:18:44:296 0572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:18:44:421 0572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:18:44:515 0572 Iviaspi (cd8abfff1387e0f42cf6c6d7cdc19f0d) C:\WINDOWS\system32\drivers\iviaspi.sys
06:18:44:625 0572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:18:44:734 0572 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
06:18:44:828 0572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:18:45:031 0572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:18:45:218 0572 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
06:18:45:375 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:18:45:468 0572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:18:45:562 0572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:18:45:671 0572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:18:45:796 0572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:18:46:062 0572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:18:46:203 0572 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:18:46:406 0572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:18:46:750 0572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:18:46:968 0572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:18:47:093 0572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:18:47:187 0572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:18:47:250 0572 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
06:18:47:546 0572 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100526.006\NAVENG.SYS
06:18:47:781 0572 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100526.006\NAVEX15.SYS
06:18:48:078 0572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:18:48:281 0572 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:18:48:328 0572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:18:48:406 0572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:18:48:484 0572 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
06:18:48:562 0572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:18:48:703 0572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:18:48:812 0572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:18:48:937 0572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:18:49:187 0572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:18:49:328 0572 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
06:18:49:484 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:18:49:546 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:18:49:609 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:18:49:734 0572 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:18:49:828 0572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:18:50:046 0572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:18:50:187 0572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:18:50:281 0572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:18:50:453 0572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:18:50:531 0572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:18:50:656 0572 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
06:18:51:234 0572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:18:51:343 0572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:18:51:484 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:18:51:609 0572 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:18:52:078 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:18:52:187 0572 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
06:18:52:328 0572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:18:52:390 0572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:18:52:515 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:18:52:765 0572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:18:52:859 0572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:18:52:937 0572 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
06:18:53:046 0572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:18:53:468 0572 RTL8023xp (1e7978c5e355407efdfc7b7328ef13e7) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
06:18:53:578 0572 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
06:18:53:781 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:18:54:015 0572 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
06:18:54:218 0572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:18:54:312 0572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:18:54:390 0572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:18:54:578 0572 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
06:18:54:750 0572 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
06:18:55:062 0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:18:55:156 0572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:18:55:359 0572 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS
06:18:55:437 0572 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS
06:18:55:562 0572 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
06:18:55:875 0572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:18:56:015 0572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:18:56:406 0572 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS
06:18:57:265 0572 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
06:18:57:593 0572 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS
06:18:57:718 0572 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS
06:18:57:875 0572 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:18:57:921 0572 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:18:58:078 0572 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS
06:18:58:187 0572 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS
06:18:58:343 0572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:18:58:468 0572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:18:58:765 0572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:18:58:875 0572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:18:58:953 0572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:18:59:093 0572 tifm21 (a900f20ac0ed38223fbb87d2884cafb9) C:\WINDOWS\system32\drivers\tifm21.sys
06:18:59:250 0572 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
06:18:59:421 0572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:18:59:750 0572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:18:59:921 0572 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
06:19:00:046 0572 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:19:00:140 0572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:19:00:250 0572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:19:00:515 0572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:19:00:640 0572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:19:00:734 0572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:19:00:812 0572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:19:00:875 0572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:19:00:968 0572 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:19:01:046 0572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:19:01:437 0572 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
06:19:01:984 0572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:19:02:125 0572 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:19:02:343 0572 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
06:19:02:562 0572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:19:03:015 0572 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
06:19:03:218 0572 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:19:03:390 0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:19:03:546 0572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:19:03:593 0572 Reboot required for cure complete..
06:19:04:328 0572 Cure on reboot scheduled successfully
06:19:04:328 0572
06:19:04:328 0572 Completed
06:19:04:328 0572
06:19:04:328 0572 Results:
06:19:04:328 0572 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
06:19:04:328 0572 File objects infected / cured / cured on reboot: 1 / 0 / 1
06:19:04:328 0572
06:19:04:328 0572 KLMD(ARK) unloaded successfully

#8 sam187

sam187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 26 May 2010 - 05:46 PM

Ok, so everything seems to be going good (knock on wood). I been searching online and no pop ups from norton... Do i need to do anything with that DDSSKiller?? Also I was noticing that that thing knocked out my access to bleeping computers website??? Any ideas on how to change that back???
Thanks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 26 May 2010 - 07:51 PM

Hi Sam, looks good..

knocked out my access to bleeping computers website

What happems now?


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 sam187

sam187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 26 May 2010 - 08:35 PM

Thanks so much for your help... Any ideas on how I can log on to Bleepingcomputer.com? My laptop don't let me access this website???
Thanks

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 26 May 2010 - 08:49 PM

I meant what message are you getting when you try?

Edited by boopme, 26 May 2010 - 08:49 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 sam187

sam187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 26 May 2010 - 08:57 PM

Firefox says cannot access this page, check connection... I try other websites and they work fine... dont know why???

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 26 May 2010 - 09:11 PM

Firefox cannot load certain websites
If you find that Firefox can load some websites but not others, first clear your Firefox cookies and cache:

1.At the top of the Firefox window On the menu bar, click Tools, then select Clear Recent History....
2.In the Time Range to clear: drop-down, select Everything.
3.Click the arrow next to Details to display the list of items that can be cleared.
4.Select both Cookies and Cache.
5.Click Clear Now.


If you still cannot ...
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Then run GMER
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users