Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Generic2 Kicking My Buttocks

Started by paydaydoc , Oct 17 2006 05:17 AM

  • Please log in to reply

#16
paydaydoc
Posted 20 October 2006 - 08:33 PM

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello! 3 days of long work gone and I am ready to kick those virus buttocks out the door!

I did as instructed and AVG still says I have Spysheriff...Desktop.htt in c:\Documents and settings and some Trojans in my System Restore

Do I need to dump my Spyware programs and AVG and download new ones? How do I clean out my restore or is this necessary?

Oh...I also want to know something else. I saw while going through all of this that one of the bugs I had was a dialer...does that mean someone has been looking at [bleep] on my computer??!!!

Anyway, I am here for the weekend so I'll keep checking back with ya. I am sure you are very busy helping others from the volume of customers I have seen in the past 4 days here.

Oh, and my puter is working ok except for it seems kinda slow loading and it has frozen a few times while on web pages. Other than that it is ok.

Sincerely thankful for what all you have done and can do,
Lori :whistling:

Edited by paydaydoc, 20 October 2006 - 08:48 PM.

  • 0

Advertisements

#17
Wizard
Posted 21 October 2006 - 02:21 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DESKTOP.HTT

Have that file scanned Here


Save any results to notepad and post them back here please.
  • 0

#18
paydaydoc
Posted 21 October 2006 - 05:54 AM

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The Virus Total info is below, but while I was running it, AVG popped up and said I am still infected with SpySheriff. And I forgot to tell ya that sometimes when I click on things I just get completely knocked off of the internet. That never happened before all this.

AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found


Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class mIRC]" on desktop.
* File length: 107435 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSSYSTEM32iexplorere.exe.
* Deletes file 1.

[ Changes to registry ]
* Creates value "AdobeReaderProEvo"="iexplorere.exe" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".
* Creates value "AdobeReaderProEvo"="iexplorere.exe" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices".
* Creates key "HKCUSoftwareMicrosoftOLE".
* Sets value "AdobeReaderProEvo"="iexplorere.exe" in key "HKCUSoftwareMicrosoftOLE".

[ Network services ]
* Looks for an Internet connection.
* Connects to "god.adv.allcrazy.net" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses password gu.
* IRC: Uses nickname xyz-8034002.
* IRC: Uses username ezkieyaca.
* IRC: Joins channel #tow with password x9.
* IRC: Sets the usermode for user xyz-8034002 to +xB.

[ Process/window information ]
* Creates a mutex rx10B.
* Will automatically restart after boot (I'll be back...).

Edited by paydaydoc, 21 October 2006 - 01:08 PM.

  • 0

#19
Wizard
Posted 22 October 2006 - 05:21 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Well for something thats not suppose to be infected,the Norman Sandbox results arent what I expected.


I need to know exactly what AVG is flagging?


Copy the contents of this next code box to Notepad.
Name the file inspect.bat
Save as Type: All files
Save it to the desktop.

Double click on inspect.bat and let it run.
When finished it will open a file in Notepad.
That file will be named lsa.txt
Please post the contents of lsa.txt into your next reply here.


If not exist Files MkDir Files


regedit /a /e files\2.txt HKEY_CURRENT_USER\Software\Microsoft\OLE
regedit /a /e files\3.txt HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa
regedit /a /e files\4.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
regedit /a /e files\5.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
regedit /e /a files\6.txt HKEY_USERS\DEFAULT\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA
regedit /a /e files\7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
regedit /a /e files\8.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center"
Regedit /a /e files\9.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Regedit /a /e files\10.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Regedit /a /e files\11.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WindowsFirewall
Regedit /a /e files\12.txt HKEY_CURRENT_USER\SOFTWARE\Policies\WindowsFirewall
regedit /a /e files\13.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
regedit /a /e files\14.txt HKEY_LOCAL_MACHINE\SYSTEM\Services\SharedAccess


Copy files\*.txt = lsa.txt
rmdir /s /q files
Start Notepad lsa.txt

  • 0

#20
paydaydoc
Posted 22 October 2006 - 07:37 AM

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the results.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\OLE]

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000224
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:36,9f,09,b9,f3,88,2a,71,af,4c,39,b6,81,4b,3d,e7,39,62,36,63,36,\
33,36,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,40,ca,06,00,5b,a5,\
bf,71,04,00,00,00,10,00,00,00,00,00,00,00,80,19,30,4f

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:9b,1e,b8,64,1f,56,cd,33,9b

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:8d,d3,4b,69,08,5a

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:0e,de,2b,fa,c0,26,a8,01,22,76,b2,b8,35,61,88,b4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:70,8b,95,3a,46,ae,c5,01

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,60,6b,4e,dd,27,c1,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,7f,16,f3,96,27,c1,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,60,6b,4e,dd,27,c1,01
"Type"=dword:00000031

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=dword:00000000



I keep getting knocked off of the internet. Do you know why? Can I fix that too?
Thanks,
Lori
  • 0

#21
Wizard
Posted 23 October 2006 - 01:57 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I need to know exactly what AVG is finding that is infected.

Please run the F-Secure Scan again and post those results and let me know what AVG is finding?

Edited by Cretemonster, 23 October 2006 - 01:58 AM.

  • 0

#22
paydaydoc
Posted 23 October 2006 - 03:58 PM

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It is now 5pm and I will be home to check the puter in about 3 hours. WHen I left for work this morning it was doing the f-secure scan and had found 8 virus's! How can I keep getting them over and over? Anyway, I set it to clean but my husband said the cleaning process froze...I guess I gotta do it all over again. I'll run it again tonight and post when it is done. Sorry for not posting AVG, I guess I was in a stupor.
Thanks for being so patient!
  • 0

#23
paydaydoc
Posted 23 October 2006 - 07:11 PM

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK, home now and the fsecure did freeze during cleanup. I ran AVG again and it still pegs "SpySheriff" in the desktop.htt---------I am currently doing another scan and cleanup with Fsecure, but here is what it DID get:

F-Secure Online Scanner 3.0.19 - Scanning Report - Monday, October 23, 2006 19:57:23Scanning
Report
Monday, October 23, 2006 05:55:43 - 19:57:10
Computer name: MARTINEZFAMILY
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\



Result: 14 malware found
HTML/IFrame.E@expl (virus)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\OLK967KP\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\IDO7QHQL\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\GZSZYL4N\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\FI35L93B\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\83RJ285X\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\01I3WTIZ\RUNNER[1].HTM (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System (Submitted)
System
System
System
System
W32/Spywad.AUD (virus)
C:\SYSTEM VOLUME
INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP239\A0021319.EXE
(Submitted)
W32/Spywad.BSD (virus)
C:\SYSTEM VOLUME
INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP239\A0021324.DLL
(Submitted)



Statistics
Scanned:
Files: 16681
System: 4187
Not scanned: 8
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 13
Submitted: 9
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{89907A33-2732-407D-ABC0-E5DDDCFB2382}.BIN

C:\SYSTEM VOLUME
INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP241\A0021419.EXE
C:\SYSTEM VOLUME
INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP238\A0021287.EXE
C:\SYSTEM VOLUME
INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP238\A0021298.EXE
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\APPLICATION
DATA\MICROSOFT\INTERNET EXPLORER\DESKTOP.HTT



Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-23
F-Secure Libra: 2.4.1, 2006-10-21
F-Secure Orion: 1.2.37, 2006-10-23
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 2006-10-18
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

It seems to be in my "restore" How can I clean it? anyway, I'll get the AVG report and another FSecure report on here as soon as they are done...
  • 0

#24
paydaydoc
Posted 23 October 2006 - 08:02 PM

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the AVG report, which said "error while handling file, cannot heal" for all of them-------


";"""";""Virus found SpySheriff"";""C:\Documents and Settings\Lori Sims-Martinez\Application Data\Microsoft\Internet Explorer\Desktop.htt"";""10/23/2006 8:46:41 PM"";""Desktop.htt"";""2.8 KB"""
";"""";""Virus found Downloader.Tibs"";""C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP238\A0021276.0XE"";""10/23/2006 8:46:45 PM"";""A0021276.0XE"";""7.25 KB"""
";"""";""Virus found Downloader.Tibs"";""C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP238\A0021287.exe"";""10/23/2006 8:46:47 PM"";""A0021287.exe"";""17.62 KB"""
";"""";""Virus found Downloader.Tibs"";""C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP238\A0021298.exe"";""10/23/2006 8:46:49 PM"";""A0021298.exe"";""17.62 KB"""
";"""";""Virus found Downloader.Tibs"";""C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP238\A0021300.0XE"";""10/23/2006 8:46:51 PM"";""A0021300.0XE"";""7.25 KB"""
";"""";""Virus found Downloader.Tibs"";""C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP239\A0021363.0XE"";""10/23/2006 8:46:53 PM"";""A0021363.0XE"";""7.25 KB"""
";"""";""Virus found Downloader.Tibs"";""C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP241\A0021419.exe"";""10/23/2006 8:46:55 PM"";""A0021419.exe"";""17.62 KB"""


And here is the FSecure report:


F-Secure Online Scanner 3.0.19 - Scanning Report - Monday, October 23, 2006 22:02:27Scanning
Report
Monday, October 23, 2006 21:06:43 - 22:02:21
Computer name: MARTINEZFAMILY
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\



Result: 8 malware found
HTML/IFrame.E@expl (virus)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\OLK967KP\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\IDO7QHQL\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\GZSZYL4N\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\FI35L93B\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\83RJ285X\RUNNER[1].HTM (Submitted)
C:\DOCUMENTS AND SETTINGS\LORI SIMS-MARTINEZ\LOCAL SETTINGS\TEMPORARY INTERNET
FILES\CONTENT.IE5\01I3WTIZ\RUNNER[1].HTM (Submitted)
W32/Spywad.AUD (virus)
C:\SYSTEM VOLUME
INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP239\A0021319.EXE
(Submitted)
W32/Spywad.BSD (virus)
C:\SYSTEM VOLUME
INFORMATION\_RESTORE{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP239\A0021324.DLL
(Submitted)



Statistics
Scanned:
Files: 16705
System: 4171
Not scanned: 4
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 8
Submitted: 8
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{89907A33-2732-407D-ABC0-E5DDDCFB2382}.BIN




Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-23
F-Secure Libra: 2.4.1, 2006-10-23
F-Secure Orion: 1.2.37, 2006-10-23
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 2006-10-18
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

Ok, that's it Crete. I'll check back when I wake up in the mornin.
Lori :whistling:

Edited by paydaydoc, 23 October 2006 - 09:05 PM.

  • 0

#25
Wizard
Posted 24 October 2006 - 02:49 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
There is definatly something fishy about that file.

I have the very same file on my XP Home system.

Two things,it wouldnt be the first time AVG has flagged a file like that and it was a false Positive.

Second,it wouldnt be the first time a virus has infected a legit Microsoft file.

Since you had the file scanned and it came back clean,I have to think its AVG making a false positive.

Since F-Secure didnt flag that file as Not Scanned in this last report,I think just renaming the file for now would be best.

Go to C:\Documents and Settings\Lori Sims-Martinez\Application Data\Microsoft\Internet Explorer\Desktop.htt

Right Click Desktop.htt and Select Rename--> Rename it to Desktop.old


Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)


Download GMER from Here

Right Click the Zip and Select "Extract All"

Double Click gmer.exe to launch the program.

Click on the Rootkit Tab and then click Scan.

It takes a while to run,once complete,copy the results to notepad and save them somewhere safe.

Post those results in the next reply.

Edited by Cretemonster, 24 October 2006 - 02:51 AM.

  • 0

Advertisements

#26
paydaydoc
Posted 25 October 2006 - 08:03 AM

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
it's pretty long so here goes:

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-25 08:51:11
Windows 5.1.2600


---- System - GMER 1.0.11 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

INT 0x00 \WINDOWS\system32\ntoskrnl.exe 804D59B2
INT 0x01 \WINDOWS\system32\ntoskrnl.exe 804D5B06
INT 0x03 \WINDOWS\system32\ntoskrnl.exe 804D5E2E
INT 0x04 \WINDOWS\system32\ntoskrnl.exe 804D5F96
INT 0x05 \WINDOWS\system32\ntoskrnl.exe 804D60DE
INT 0x06 \WINDOWS\system32\ntoskrnl.exe 804D6242
INT 0x07 \WINDOWS\system32\ntoskrnl.exe 804D681E
INT 0x09 \WINDOWS\system32\ntoskrnl.exe 804D6C41
INT 0x0A \WINDOWS\system32\ntoskrnl.exe 804D6D49
INT 0x0B \WINDOWS\system32\ntoskrnl.exe 804D6E75
INT 0x0C \WINDOWS\system32\ntoskrnl.exe 804D7042
INT 0x0D \WINDOWS\system32\ntoskrnl.exe 804D7310
INT 0x0E \WINDOWS\system32\ntoskrnl.exe 804D79A4
INT 0x0F \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x10 \WINDOWS\system32\ntoskrnl.exe 804D7E58
INT 0x11 \WINDOWS\system32\ntoskrnl.exe 804D7F78
INT 0x12 \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x13 \WINDOWS\system32\ntoskrnl.exe 804D80C8
INT 0x14 \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x15 \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x16 \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x17 \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x18 \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x19 \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x1A \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x1B \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x1C \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x1D \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x1E \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x1F \WINDOWS\system32\hal.dll 806B6150
INT 0x2A \WINDOWS\system32\ntoskrnl.exe 804D525E
INT 0x2B \WINDOWS\system32\ntoskrnl.exe 804D5354
INT 0x2C \WINDOWS\system32\ntoskrnl.exe 804D54C4
INT 0x2D \WINDOWS\system32\ntoskrnl.exe 804D5D1E
INT 0x2E \WINDOWS\system32\ntoskrnl.exe 804D4DCD
INT 0x2F \WINDOWS\system32\ntoskrnl.exe 804D7D50
INT 0x30 \WINDOWS\system32\ntoskrnl.exe 804D44B0
INT 0x31 \WINDOWS\system32\ntoskrnl.exe 804D44BA
INT 0x32 \WINDOWS\system32\ntoskrnl.exe 804D44C4
INT 0x33 \WINDOWS\system32\ntoskrnl.exe 804D44CE
INT 0x34 \WINDOWS\system32\ntoskrnl.exe 804D44D8
INT 0x35 \WINDOWS\system32\ntoskrnl.exe 804D44E2
INT 0x36 \WINDOWS\system32\ntoskrnl.exe 804D44EC
INT 0x37 \WINDOWS\system32\hal.dll 806B5900
INT 0x38 \WINDOWS\system32\ntoskrnl.exe 804D4500
INT 0x39 \WINDOWS\system32\ntoskrnl.exe 804D450A
INT 0x3A \WINDOWS\system32\ntoskrnl.exe 804D4514
INT 0x3B \WINDOWS\system32\ntoskrnl.exe 804D451E
INT 0x3C \WINDOWS\system32\ntoskrnl.exe 804D4528
INT 0x3D \WINDOWS\system32\hal.dll 806B6C94
INT 0x3E \WINDOWS\system32\ntoskrnl.exe 804D453C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe 804D4546
INT 0x40 \WINDOWS\system32\ntoskrnl.exe 804D4550
INT 0x41 \WINDOWS\system32\hal.dll 806B6B08
INT 0x42 \WINDOWS\system32\ntoskrnl.exe 804D4564
INT 0x43 \WINDOWS\system32\ntoskrnl.exe 804D456E
INT 0x44 \WINDOWS\system32\ntoskrnl.exe 804D4578
INT 0x45 \WINDOWS\system32\ntoskrnl.exe 804D4582
INT 0x46 \WINDOWS\system32\ntoskrnl.exe 804D458C
INT 0x47 \WINDOWS\system32\ntoskrnl.exe 804D4596
INT 0x48 \WINDOWS\system32\ntoskrnl.exe 804D45A0
INT 0x49 \WINDOWS\system32\ntoskrnl.exe 804D45AA
INT 0x4A \WINDOWS\system32\ntoskrnl.exe 804D45B4
INT 0x4B \WINDOWS\system32\ntoskrnl.exe 804D45BE
INT 0x4C \WINDOWS\system32\ntoskrnl.exe 804D45C8
INT 0x4D \WINDOWS\system32\ntoskrnl.exe 804D45D2
INT 0x4E \WINDOWS\system32\ntoskrnl.exe 804D45DC
INT 0x4F \WINDOWS\system32\ntoskrnl.exe 804D45E6
INT 0x50 \WINDOWS\system32\hal.dll 806B59D8
INT 0x51 \WINDOWS\system32\ntoskrnl.exe 804D45FA
INT 0x52 \WINDOWS\system32\ntoskrnl.exe 804D4604
INT 0x53 \WINDOWS\system32\ntoskrnl.exe 804D460E
INT 0x54 \WINDOWS\system32\ntoskrnl.exe 804D4618
INT 0x55 \WINDOWS\system32\ntoskrnl.exe 804D4622
INT 0x56 \WINDOWS\system32\ntoskrnl.exe 804D462C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe 804D4636
INT 0x58 \WINDOWS\system32\ntoskrnl.exe 804D4640
INT 0x59 \WINDOWS\system32\ntoskrnl.exe 804D464A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe 804D4654
INT 0x5B \WINDOWS\system32\ntoskrnl.exe 804D465E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe 804D4668
INT 0x5D \WINDOWS\system32\ntoskrnl.exe 804D4672
INT 0x5E \WINDOWS\system32\ntoskrnl.exe 804D467C
INT 0x5F \WINDOWS\system32\ntoskrnl.exe 804D4686
INT 0x60 \WINDOWS\system32\ntoskrnl.exe 804D4690
INT 0x61 \WINDOWS\system32\ntoskrnl.exe 804D469A
INT 0x64 \WINDOWS\system32\ntoskrnl.exe 804D46B8
INT 0x65 \WINDOWS\system32\ntoskrnl.exe 804D46C2
INT 0x66 \WINDOWS\system32\ntoskrnl.exe 804D46CC
INT 0x67 \WINDOWS\system32\ntoskrnl.exe 804D46D6
INT 0x68 \WINDOWS\system32\ntoskrnl.exe 804D46E0
INT 0x69 \WINDOWS\system32\ntoskrnl.exe 804D46EA
INT 0x6A \WINDOWS\system32\ntoskrnl.exe 804D46F4
INT 0x6B \WINDOWS\system32\ntoskrnl.exe 804D46FE
INT 0x6C \WINDOWS\system32\ntoskrnl.exe 804D4708
INT 0x6D \WINDOWS\system32\ntoskrnl.exe 804D4712
INT 0x6E \WINDOWS\system32\ntoskrnl.exe 804D471C
INT 0x6F \WINDOWS\system32\ntoskrnl.exe 804D4726
INT 0x70 \WINDOWS\system32\ntoskrnl.exe 804D4730
INT 0x71 \WINDOWS\system32\ntoskrnl.exe 804D473A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe 804D4744
INT 0x73 \WINDOWS\system32\ntoskrnl.exe 804D474E
INT 0x74 \WINDOWS\system32\ntoskrnl.exe 804D4758
INT 0x75 \WINDOWS\system32\ntoskrnl.exe 804D4762
INT 0x76 \WINDOWS\system32\ntoskrnl.exe 804D476C
INT 0x77 \WINDOWS\system32\ntoskrnl.exe 804D4776
INT 0x78 \WINDOWS\system32\ntoskrnl.exe 804D4780
INT 0x79 \WINDOWS\system32\ntoskrnl.exe 804D478A
INT 0x7A \WINDOWS\system32\ntoskrnl.exe 804D4794
INT 0x7B \WINDOWS\system32\ntoskrnl.exe 804D479E
INT 0x7C \WINDOWS\system32\ntoskrnl.exe 804D47A8
INT 0x7D \WINDOWS\system32\ntoskrnl.exe 804D47B2
INT 0x7E \WINDOWS\system32\ntoskrnl.exe 804D47BC
INT 0x7F \WINDOWS\system32\ntoskrnl.exe 804D47C6
INT 0x80 \WINDOWS\system32\ntoskrnl.exe 804D47D0
INT 0x81 \WINDOWS\system32\ntoskrnl.exe 804D47DA
INT 0x84 \WINDOWS\system32\ntoskrnl.exe 804D47F8
INT 0x85 \WINDOWS\system32\ntoskrnl.exe 804D4802
INT 0x86 \WINDOWS\system32\ntoskrnl.exe 804D480C
INT 0x87 \WINDOWS\system32\ntoskrnl.exe 804D4816
INT 0x88 \WINDOWS\system32\ntoskrnl.exe 804D4820
INT 0x89 \WINDOWS\system32\ntoskrnl.exe 804D482A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe 804D4834
INT 0x8B \WINDOWS\system32\ntoskrnl.exe 804D483E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe 804D4848
INT 0x8D \WINDOWS\system32\ntoskrnl.exe 804D4852
INT 0x8E \WINDOWS\system32\ntoskrnl.exe 804D485C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe 804D4866
INT 0x90 \WINDOWS\system32\ntoskrnl.exe 804D4870
INT 0x91 \WINDOWS\system32\ntoskrnl.exe 804D487A
INT 0x94 \WINDOWS\system32\ntoskrnl.exe 804D4898
INT 0x95 \WINDOWS\system32\ntoskrnl.exe 804D48A2
INT 0x96 \WINDOWS\system32\ntoskrnl.exe 804D48AC
INT 0x97 \WINDOWS\system32\ntoskrnl.exe 804D48B6
INT 0x98 \WINDOWS\system32\ntoskrnl.exe 804D48C0
INT 0x99 \WINDOWS\system32\ntoskrnl.exe 804D48CA
INT 0x9A \WINDOWS\system32\ntoskrnl.exe 804D48D4
INT 0x9B \WINDOWS\system32\ntoskrnl.exe 804D48DE
INT 0x9C \WINDOWS\system32\ntoskrnl.exe 804D48E8
INT 0x9D \WINDOWS\system32\ntoskrnl.exe 804D48F2
INT 0x9E \WINDOWS\system32\ntoskrnl.exe 804D48FC
INT 0x9F \WINDOWS\system32\ntoskrnl.exe 804D4906
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 804D4910
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 804D491A
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 804D4924
INT 0xA4 \WINDOWS\system32\ntoskrnl.exe 804D4938
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 804D4942
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 804D494C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 804D4956
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 804D4960
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 804D496A
INT 0xAA \WINDOWS\system32\ntoskrnl.exe 804D4974
INT 0xAB \WINDOWS\system32\ntoskrnl.exe 804D497E
INT 0xAC \WINDOWS\system32\ntoskrnl.exe 804D4988
INT 0xAD \WINDOWS\system32\ntoskrnl.exe 804D4992
INT 0xAE \WINDOWS\system32\ntoskrnl.exe 804D499C
INT 0xAF \WINDOWS\system32\ntoskrnl.exe 804D49A6
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 804D49B0
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 804D49CE
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 804D49E2
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 804D49EC
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 804D49F6
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 804D4A00
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 804D4A0A
INT 0xBA \WINDOWS\system32\ntoskrnl.exe 804D4A14
INT 0xBB \WINDOWS\system32\ntoskrnl.exe 804D4A1E
INT 0xBC \WINDOWS\system32\ntoskrnl.exe 804D4A28
INT 0xBD \WINDOWS\system32\ntoskrnl.exe 804D4A32
INT 0xBE \WINDOWS\system32\ntoskrnl.exe 804D4A3C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe 804D4A46
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 804D4A50
INT 0xC1 \WINDOWS\system32\hal.dll 806B5B44
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 804D4A64
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 804D4A6E
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 804D4A78
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 804D4A82
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 804D4A8C
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 804D4A96
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 804D4AA0
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 804D4AAA
INT 0xCA \WINDOWS\system32\ntoskrnl.exe 804D4AB4
INT 0xCB \WINDOWS\system32\ntoskrnl.exe 804D4ABE
INT 0xCC \WINDOWS\system32\ntoskrnl.exe 804D4AC8
INT 0xCD \WINDOWS\system32\ntoskrnl.exe 804D4AD2
INT 0xCE \WINDOWS\system32\ntoskrnl.exe 804D4ADC
INT 0xCF \WINDOWS\system32\ntoskrnl.exe 804D4AE6
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 804D4AF0
INT 0xD1 \WINDOWS\system32\hal.dll 806B4EE4
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 804D4B04
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 804D4B0E
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 804D4B18
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 804D4B22
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 804D4B2C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 804D4B36
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 804D4B40
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 804D4B4A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe 804D4B54
INT 0xDB \WINDOWS\system32\ntoskrnl.exe 804D4B5E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe 804D4B68
INT 0xDD \WINDOWS\system32\ntoskrnl.exe 804D4B72
INT 0xDE \WINDOWS\system32\ntoskrnl.exe 804D4B7C
INT 0xDF \WINDOWS\system32\ntoskrnl.exe 804D4B86
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 804D4B90
INT 0xE1 \WINDOWS\system32\hal.dll 806B60A0
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 804D4BA4
INT 0xE3 \WINDOWS\system32\hal.dll 806B5E1C
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 804D4BB8
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 804D4BC2
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 804D4BCC
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 804D4BD6
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 804D4BE0
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 804D4BEA
INT 0xEA \WINDOWS\system32\ntoskrnl.exe 804D4BF4
INT 0xEB \WINDOWS\system32\ntoskrnl.exe 804D4BFE
INT 0xEC \WINDOWS\system32\ntoskrnl.exe 804D4C08
INT 0xED \WINDOWS\system32\ntoskrnl.exe 804D4C12
INT 0xEE \WINDOWS\system32\ntoskrnl.exe 804D4C19
INT 0xEF \WINDOWS\system32\ntoskrnl.exe 804D4C20
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 804D4C27
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 804D4C2E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 804D4C35
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 804D4C3C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 804D4C43
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 804D4C4A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 804D4C51
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 804D4C58
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 804D4C5F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 804D4C66
INT 0xFA \WINDOWS\system32\ntoskrnl.exe 804D4C6D
INT 0xFB \WINDOWS\system32\ntoskrnl.exe 804D4C74
INT 0xFC \WINDOWS\system32\ntoskrnl.exe 804D4C7B
INT 0xFD \WINDOWS\system32\hal.dll 806B65CC
INT 0xFE \WINDOWS\system32\hal.dll 806B6754
INT 0xFF \WINDOWS\system32\ntoskrnl.exe 804D4C90

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804D4DA0

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9151200] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [804F2529] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F9151DA5] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F9137687] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F9138428] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F915353F] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F91390B1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F915353F] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F915353F] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F9162A23] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F91524E2] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F91524E2] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F9157595] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F91568D4] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F91524E2] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [804F2529] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F9149476] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F91679E3] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F91514DA] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [804F2529] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F91524E2] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F91524E2] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [804F2529] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [804F2529] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [804F2529] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F915353F] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F915353F] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [F91A03FC] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [F9167BBB] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoRead [F91544CE] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoWrite [F9164898] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [F9159DB0] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [F9159C14] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoLock [F9167E66] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [F9167F26] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [F919E1B9] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [F919E2FD] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [F91526F4] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [F9152721] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [F9164FC6] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [F91A3918] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs MdlRead [F9165233] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs MdlReadComplete [8051E58F] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [F916436D] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [805F28AA] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [F9159EC5] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [F91523DB] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [F915239C] Ntfs.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [F472FF08] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_NAMED_PIPE [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE [F472FC3E] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ [F472CCA8] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE [F472C6F4] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION [F473201C] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION [F4732612] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA [F4744988] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA [F474435C] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS [F4741C58] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION [F4730A26] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION [F474BB64] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL [F47342B2] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL [F4735E8B] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL [F474140C] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_INTERNAL_DEVICE_CONTROL [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN [F474B0C7] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL [F474A844] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP [F4730882] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_MAILSLOT [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_SECURITY [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_SECURITY [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_POWER [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SYSTEM_CONTROL [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CHANGE [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_QUOTA [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_QUOTA [804F2529] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP [F4739477] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoCheckIfPossible [F4746888] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoRead [805F28D2] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom FastIoWrite [805BE91F] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom FastIoQueryBasicInfo [F47337D7] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoQueryStandardInfo [F4736F5A] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoLock [F473A2E1] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoUnlockSingle [F473AA0E] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoUnlockAll [F474A546] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoUnlockAllByKey [F474A634] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom FastIoQueryNetworkOpenInfo [F4746916] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom AcquireForCcFlush [F4731A74] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom ReleaseForCcFlush [F4731ADE] Fastfat.SYS
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F90F95D3] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F90F95D3] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLOSE [F90F9CC6] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_READ [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F9105A0B] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F90FC031] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F910764A] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F910A671] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F910A74A] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F90F9971] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F9106E81] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F90F9C88] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F90F95D3] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F90F5ABC] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F90F576D] Mup.sys
Device \FileSystem\Mup \Dfs FastIoCheckIfPossible [F9106FCA] Mup.sys
Device \FileSystem\Mup \Dfs FastIoRead [F910700E] Mup.sys
Device \FileSystem\Mup \Dfs FastIoWrite [F9107052] Mup.sys
Device \FileSystem\Mup \Dfs FastIoQueryBasicInfo [F9107096] Mup.sys
Device \FileSystem\Mup \Dfs FastIoQueryStandardInfo [F90FBBB6] Mup.sys
Device \FileSystem\Mup \Dfs FastIoLock [F90FBFA4] Mup.sys
Device \FileSystem\Mup \Dfs FastIoUnlockSingle [F90FBFD0] Mup.sys
Device \FileSystem\Mup \Dfs FastIoUnlockAll [F91070D1] Mup.sys
Device \FileSystem\Mup \Dfs FastIoUnlockAllByKey [F9107109] Mup.sys
Device \FileSystem\Mup \Dfs AcquireFileForNtCreateSection [F9107144] Mup.sys
Device \FileSystem\Mup \Dfs ReleaseFileForNtCreateSection [F91071CF] Mup.sys
Device \FileSystem\Mup \Dfs FastIoDetachDevice [F9107243] Mup.sys
Device \FileSystem\Mup \Dfs FastIoQueryNetworkOpenInfo [F90FBFFC] Mup.sys
Device \FileSystem\Mup \Dfs AcquireForModWrite [F9107384] Mup.sys
Device \FileSystem\Mup \Dfs MdlRead [F9107246] Mup.sys
Device \FileSystem\Mup \Dfs MdlReadComplete [F91072A0] Mup.sys
Device \FileSystem\Mup \Dfs PrepareMdlWrite [F91072E2] Mup.sys
Device \FileSystem\Mup \Dfs MdlWriteComplete [F910733C] Mup.sys
Device \FileSystem\Mup \Dfs FastIoReadCompressed [F91073F7] Mup.sys
Device \FileSystem\Mup \Dfs FastIoWriteCompressed [F910744A] Mup.sys
Device \FileSystem\Mup \Dfs MdlReadCompleteCompressed [F910749D] Mup.sys
Device \FileSystem\Mup \Dfs MdlWriteCompleteCompressed [F91074D2] Mup.sys
Device \FileSystem\Mup \Dfs ReleaseForModWrite [F91073BF] Mup.sys
Device \FileSystem\Mup \Dfs AcquireForCcFlush [F90FC211] Mup.sys
Device \FileSystem\Mup \Dfs ReleaseForCcFlush [F90FC24D] Mup.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F91BF718] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSE [F91BF718] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_READ [F91BF718] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F91BF718] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F91BF718] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [F91BF718] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [F91BF718] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [804F2529] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE [F404B4A0] fsksnt.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE_NAMED_PIPE [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CLOSE [F404B4A0] fsksnt.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_READ [F404B4A0] fsksnt.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_WRITE [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_INFORMATION [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_INFORMATION [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_EA [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_EA [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_FLUSH_BUFFERS [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_VOLUME_INFORMATION [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_VOLUME_INFORMATION [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DIRECTORY_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_FILE_SYSTEM_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DEVICE_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_INTERNAL_DEVICE_CONTROL [804F2529] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SHUTDOWN [804F2529] ntoskrnl.exe
Device \Driver\Fsks
  • 0

#27
Wizard
Posted 26 October 2006 - 05:17 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I need you to email that gmer log to me please.

I will send you a private message with the email address.


Next,I need you to use gmer again,click the >>> to expand the gmer menu.

Click the Autostart tab and place a check in the box for "Show All"

Click Scan and copy the results to notepad and post them back here please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP