Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Limited internet connectivity

Started by rebross , Sep 19 2010 05:38 PM

  • Please log in to reply

#1
rebross
Posted 19 September 2010 - 05:38 PM

rebross

    Member

  • Member
  • PipPipPip
  • 193 posts
I have a Sony Vaio laptop that has limited internet activity. I've been working with Broni in the Networking forum (http://www.geekstogo...o-the-internet/) and ran into some problems. He suggested I post in this forum. My computer became very sluggish and started freezing all the time. I can't access geeks to go using windows explorer, it tells me it can't display the web page. I also can't run windows update and I also get a message that says "unable to complete genuine windows validation". I ran TFC and Malwarebytes:

Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4652

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/19/2010 4:44:42 PM
mbam-log-2010-09-19 (16-44-42).txt

Scan type: Quick scan
Objects scanned: 160914
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\getuname.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Edited by rebross, 19 September 2010 - 05:46 PM.

  • 0

Advertisements

#2
RKinner
Posted 20 September 2010 - 12:34 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, otl, & extras logs into a reply. Do not attach them.


If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
rebross
Posted 20 September 2010 - 07:59 AM

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
Hi there, thank you for helping me. I'm attaching the logs I have, I wasn't able to perform all the tasks.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4652

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/20/2010 9:03:07 AM
mbam-log-2010-09-20 (09-03-07).txt

Scan type: Quick scan
Objects scanned: 162068
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-20 09:27:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe


---- Services - GMER 1.0.15 ----

Service C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe (*** hidden *** ) [AUTO] N360 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqlxmujew.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqlxmujew.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwsowvvvr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACvmpkkbib.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChrmobwut.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfujdpkos.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsfodjkwb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACivkdqxyx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACirptaxyx.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACgioylvmp.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACmiitltmo.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\N360@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 12680
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 10434
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 10438
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 10439
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 10434
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 10435
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}@NoExplorer 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}@ Symantec NCO BHO
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}@NoExplorer 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}@ Symantec Intrusion Prevention
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 423112634
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30103671
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 423893884
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30103671
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 423893884
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30103671
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 424518884
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30103671
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\82AB3363EC768CA46A774360AC483C8D\Usage@MSWM 1026752593
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BCCDB238CD9d694D91B7F570177B5BD\Usage@IntentConfig 1026756751
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2010-09-20 03:00:20
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@ScheduledInstallDate 2010-09-20 06:00:00
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2010-09-20 03:00:20
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@UnableToDetectTime 2010-09-18 12:58:59
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastError -2145107924
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{09F1B0FB-9989-4241-B53D-C3E00BF26B5C}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{446A84D9-93A5-4EBE-BDC6-17896534C11B}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{E8E253EE-14A7-46F7-88C5-EB25A3C14B23}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 10438
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 10439
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@StartTime 2010/09/19-23:51:23
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@LastTraceFailure 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeLow 414987634
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeHigh 30103671
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@RefCount 3
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeLow 306081384
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeHigh 30103671
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3970022178-3845494283-2875992790-1005@ProfileLoadTimeLow 353425134
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3970022178-3845494283-2875992790-1005@ProfileLoadTimeHigh 30103671
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@Event 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Start_ShowNetConn_ShouldShow 66
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU@MRUList hcrxgbfyewandviutoqljskmp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@MRUList dcabjihgfe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@e C:\Documents and Settings\Sorber\My Documents\My Music\iTunes\Rihanna - Rude Boy (OFFICIAL NEW SINGLE 2010).mp3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@f C:\Documents and Settings\Sorber\My Documents\My Music\iTunes\08 Something Like A Party.mp3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt@MRUList hgfedcba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList@MRUList bdca
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Count 278
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\iexplore@Count 380
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\iexplore@Blocked 380
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\iexplore@Count 278
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CachePath %USERPROFILE%\Local Settings\History\History.IE5\MSHist012010091820100919
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CachePrefix :2010091820100919:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CacheLimit 8192
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CachePath %USERPROFILE%\Local Settings\History\History.IE5\MSHist012010091920100920
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CachePrefix :2010091920100920:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CacheLimit 8192
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@MinPos1280x800(1).x -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@MinPos1280x800(1).y -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1280x800(1).top 219
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1280x800(1).bottom 819
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\20\Shell@Rev 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\20\Shell@Vid {0057D0E0-3573-11CF-AE69-08002B2E1262}
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\20\Shell@Mode 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\20\Shell@ScrollPos1280x800(1).y 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\334\Shell@WinPos1280x800(1).left 168
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\334\Shell@WinPos1280x800(1).top 166
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\334\Shell@WinPos1280x800(1).right 968
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\334\Shell@WinPos1280x800(1).bottom 766
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\344\Shell@WinPos1280x800(1).left 168
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\344\Shell@WinPos1280x800(1).right 968
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).left 44
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).top 58
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).right 844
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).bottom 658
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@Rev 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@FFlags 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\86\Shell@ScrollPos1280x800(1).y 0

---- EOF - GMER 1.0.15 ----

I ran erunt and got the following error:
Error saving file c:\windows\ERDNT\9-20-2010\Security!
Continue to the next file? [RegSaveKey: 1016_An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, write out, or flush, one of the files that contain the systems image of the registry]

I ran OTL and got the following error:
PSAP.DLL not found! Are you sure you are running windows NT/2K/XP?
  • 0

#4
RKinner
Posted 20 September 2010 - 08:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
XP
  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Double click on TDSSKiller.exe
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

  • 0

#5
rebross
Posted 20 September 2010 - 08:48 AM

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
2010/09/20 10:28:40.0484 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/20 10:28:40.0484 ================================================================================
2010/09/20 10:28:40.0484 SystemInfo:
2010/09/20 10:28:40.0484
2010/09/20 10:28:40.0484 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/20 10:28:40.0484 Product type: Workstation
2010/09/20 10:28:40.0484 ComputerName: STACEYLAPTOP
2010/09/20 10:28:40.0484 UserName: Sorber
2010/09/20 10:28:40.0484 Windows directory: C:\WINDOWS
2010/09/20 10:28:40.0484 System windows directory: C:\WINDOWS
2010/09/20 10:28:40.0484 Processor architecture: Intel x86
2010/09/20 10:28:40.0484 Number of processors: 2
2010/09/20 10:28:40.0484 Page size: 0x1000
2010/09/20 10:28:40.0484 Boot type: Normal boot
2010/09/20 10:28:40.0484 ================================================================================
2010/09/20 10:28:40.0859 Initialize success
2010/09/20 10:28:54.0687 ================================================================================
2010/09/20 10:28:54.0687 Scan started
2010/09/20 10:28:54.0687 Mode: Manual;
2010/09/20 10:28:54.0687 ================================================================================
2010/09/20 10:28:55.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/20 10:28:55.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/20 10:28:55.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/20 10:28:55.0656 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2010/09/20 10:28:55.0765 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/20 10:28:55.0875 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/09/20 10:28:56.0375 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/09/20 10:28:56.0640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/20 10:28:56.0875 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/20 10:28:56.0953 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/20 10:28:57.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/20 10:28:57.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/20 10:28:57.0468 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/09/20 10:28:57.0593 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/20 10:28:57.0703 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/20 10:28:57.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/20 10:28:58.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/20 10:28:58.0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/20 10:28:58.0671 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/20 10:28:58.0734 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/20 10:28:58.0843 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/20 10:28:59.0156 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/20 10:28:59.0296 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/20 10:28:59.0500 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/09/20 10:28:59.0843 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/20 10:28:59.0968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/20 10:29:00.0171 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2010/09/20 10:29:00.0312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/20 10:29:00.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/20 10:29:00.0609 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/20 10:29:00.0750 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/09/20 10:29:00.0921 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/09/20 10:29:01.0000 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/09/20 10:29:01.0109 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/09/20 10:29:01.0187 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/20 10:29:01.0265 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/20 10:29:01.0359 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/09/20 10:29:01.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/20 10:29:01.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/20 10:29:01.0875 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/20 10:29:01.0921 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/20 10:29:02.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/20 10:29:02.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/20 10:29:02.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/20 10:29:02.0343 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/20 10:29:02.0390 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/20 10:29:02.0437 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/20 10:29:02.0484 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/20 10:29:02.0687 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/20 10:29:02.0828 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/20 10:29:02.0937 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/20 10:29:03.0046 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/09/20 10:29:03.0203 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/20 10:29:03.0468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/20 10:29:03.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/20 10:29:03.0812 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/09/20 10:29:04.0250 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/20 10:29:04.0468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/20 10:29:04.0531 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/20 10:29:04.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/20 10:29:04.0812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/20 10:29:04.0906 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/20 10:29:05.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/20 10:29:05.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/20 10:29:05.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/20 10:29:05.0343 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/20 10:29:05.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/20 10:29:05.0546 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/20 10:29:05.0734 litsgt (454b6c19c69ea71e83be967ab5444c55) C:\WINDOWS\system32\DRIVERS\litsgt.sys
2010/09/20 10:29:05.0984 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/09/20 10:29:06.0171 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/09/20 10:29:06.0296 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/20 10:29:06.0515 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/09/20 10:29:06.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/20 10:29:06.0703 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/20 10:29:06.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/20 10:29:06.0859 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/20 10:29:07.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/20 10:29:07.0203 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/20 10:29:07.0312 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/20 10:29:07.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/20 10:29:07.0500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/20 10:29:07.0625 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/20 10:29:07.0734 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/20 10:29:07.0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/20 10:29:07.0859 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/20 10:29:07.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/20 10:29:08.0093 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/20 10:29:08.0437 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/20 10:29:08.0578 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
2010/09/20 10:29:08.0687 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/20 10:29:08.0765 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/20 10:29:08.0875 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/20 10:29:08.0984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/20 10:29:09.0046 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/20 10:29:09.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/20 10:29:09.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/20 10:29:09.0546 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/09/20 10:29:09.0718 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/20 10:29:09.0781 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/20 10:29:09.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/20 10:29:09.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/20 10:29:10.0281 nv (4f56e52f7ce6ac737adb1bb2a1854592) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/20 10:29:10.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/20 10:29:10.0765 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/20 10:29:10.0875 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/20 10:29:10.0953 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/20 10:29:11.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/20 10:29:11.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/20 10:29:11.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/20 10:29:11.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/20 10:29:11.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/20 10:29:11.0953 pelmouse (59b3101f20056104c011e0c68aebb840) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2010/09/20 10:29:12.0046 pelusblf (f1ce775af376faf3ffefb4ff8cbdfbf3) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2010/09/20 10:29:12.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/20 10:29:12.0546 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/20 10:29:12.0703 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/09/20 10:29:12.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/20 10:29:12.0812 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/20 10:29:13.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/20 10:29:13.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/20 10:29:13.0265 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/20 10:29:13.0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/20 10:29:13.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/20 10:29:13.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/20 10:29:13.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/20 10:29:13.0640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/20 10:29:13.0734 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/20 10:29:13.0843 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/20 10:29:13.0984 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/20 10:29:14.0093 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/20 10:29:14.0296 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/20 10:29:14.0500 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/20 10:29:14.0546 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/20 10:29:14.0578 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/20 10:29:14.0703 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/20 10:29:14.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/20 10:29:14.0953 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/20 10:29:15.0109 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
2010/09/20 10:29:15.0187 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2010/09/20 10:29:15.0343 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2010/09/20 10:29:15.0500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/20 10:29:15.0812 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2010/09/20 10:29:15.0921 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
2010/09/20 10:29:16.0093 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
2010/09/20 10:29:16.0281 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
2010/09/20 10:29:16.0343 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/09/20 10:29:16.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/20 10:29:16.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/20 10:29:16.0921 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/20 10:29:17.0125 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/20 10:29:17.0296 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
2010/09/20 10:29:17.0609 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/20 10:29:17.0828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/20 10:29:17.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/20 10:29:19.0578 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/20 10:29:19.0640 tansgt (65e9377beddba680da9034da3ed44725) C:\WINDOWS\system32\DRIVERS\tansgt.sys
2010/09/20 10:29:19.0734 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/20 10:29:19.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/20 10:29:19.0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/20 10:29:19.0937 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/20 10:29:20.0046 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
2010/09/20 10:29:20.0187 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2010/09/20 10:29:20.0359 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2010/09/20 10:29:20.0515 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2010/09/20 10:29:20.0640 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2010/09/20 10:29:20.0781 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2010/09/20 10:29:20.0875 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2010/09/20 10:29:20.0937 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2010/09/20 10:29:20.0984 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2010/09/20 10:29:21.0078 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2010/09/20 10:29:21.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/20 10:29:21.0359 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/20 10:29:21.0437 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/20 10:29:21.0546 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/20 10:29:21.0609 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/09/20 10:29:21.0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/20 10:29:21.0671 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/09/20 10:29:21.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/20 10:29:21.0921 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/20 10:29:21.0984 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/09/20 10:29:22.0078 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/20 10:29:22.0187 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/20 10:29:22.0328 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/20 10:29:22.0468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/20 10:29:22.0562 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
2010/09/20 10:29:22.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/20 10:29:22.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/20 10:29:23.0093 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/09/20 10:29:23.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/20 10:29:23.0421 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/09/20 10:29:23.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/20 10:29:23.0718 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/20 10:29:24.0046 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/20 10:29:24.0234 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/20 10:29:24.0359 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/20 10:29:24.0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/20 10:29:24.0625 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/20 10:29:24.0718 ================================================================================
2010/09/20 10:29:24.0718 Scan finished
2010/09/20 10:29:24.0718 ================================================================================
2010/09/20 10:39:40.0109 Deinitialize success
  • 0

#6
RKinner
Posted 20 September 2010 - 11:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I guess your version is too old for TDSSKiller. We'll do it the hard way.

Step 1: Disable UACd.sys trojan driver.

* Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
* Click Manage.
* Click Device Manager.
* In the top menu, click View and click Show Hidden Drivers.
* Scroll down to non Plug and Play drivers.
* Click + in front of non Plug and Play.
* In the list of drivers right click UACd.sys (It may have another name or there may be several but they always start with UAC so anything that starts with UAC should be disabled).
* Click Disable.
* Click YES for confirm.
* Close all windows and reboot your computer.

Step 2.
Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop. (You may get a warning from Norton. If in doubt you can submit the downloaded file to http://virustotal.com.)
* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\windows\system32\drivers\UACqlxmujew.sys
C:\windows\system32\UACwsowvvvr.dll
C:\windows\system32\UACvmpkkbib.dat
C:\windows\system32\UAChrmobwut.dll
C:\windows\system32\UACfujdpkos.dll
C:\windows\system32\UACsfodjkwb.dll
C:\windows\system32\UACivkdqxyx.dll
C:\windows\system32\UACirptaxyx.log
C:\windows\system32\UACgioylvmp.log
C:\windows\system32\UACmiitltmo.log
C:\WINDOWS\system32\wJQs.exe

Drivers to delete:
UACd
UACc
UACsr
uaclog
uacmask
uacserf
uacbbr
UACproc
uacurls
uacerrors
******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.

If it appears that avenger was able to delete the files then try to run OTL again. If it still won't run or even if it will, try Combofix:

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#7
rebross
Posted 20 September 2010 - 11:57 AM

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
There is no UACd under non plug and play.
  • 0

#8
RKinner
Posted 20 September 2010 - 12:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Run the Avenger then.
  • 0

#9
rebross
Posted 20 September 2010 - 02:29 PM

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
I couldn't tell if avenger did anything. It went through and rebooted but I couldn't find any text file. OTL still wouldn't run. I ran Combofix but it has been stuck for an hour. It says "Scanning for infected files".
  • 0

#10
RKinner
Posted 20 September 2010 - 02:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Run GMER again as before and post its log.

Ron
  • 0

Advertisements

#11
rebross
Posted 20 September 2010 - 05:23 PM

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
When I ran GMER I got the following message: LoadDriver(C:\Docume 1\Temp\uxtyrpog.sys") error 0xC000026C: Cannot create a stable subkey under a volatile parent key. I hit ok and it went to the GMER screen. Services, Registry, and Files are checked. Anything above them are lightened so they can't be checked. Here are my results:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-20 17:29:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-20 17:29:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\tlntsvr.exe (*** hidden *** ) [DISABLED] TlntSvr <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqlxmujew.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqlxmujew.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwsowvvvr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACvmpkkbib.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChrmobwut.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfujdpkos.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsfodjkwb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACivkdqxyx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACirptaxyx.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACgioylvmp.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACmiitltmo.log
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment@Path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources WSH?WMIAdapter?WMI.NET Provider Extension?WmdmPmSN?WinMgmt?Winlogon?Windows Product Activation?Windows 3.1 Migration?WebClient?VzFw?VzCdbSvc?VSS?VBRuntime?VAIO_VEDB?VAIO Media Integrated Server?VAIO Media Gateway Server?Userinit?Userenv?UPnPFramework?Tlntsvr?System.ServiceModel.Install 3.0.0.0?System.ServiceModel 3.0.0.0?System.Runtime.Serialization 3.0.0.0?System.IO.Log 3.0.0.0?System.IdentityModel 3.0.0.0?SysmonLog?Starter?SQLNCLI?SQLCTR$VAIO_VEDB?SQLAgent$VAIO_VEDB?Spybot - Search & Destroy 2?SPTISRV?SpoolerCtrs?Software Restriction Policies?Software Installation?SNL HiveManager?ServiceModel Audit 3.0.0.0?SecurityCenter?SclgNtfy?SceSrv?SceCli?safrslv?SAFrdms?RPC?RIMDeviceFileAccess?Remote Assistance?Pure Networks Network Magic Service?Picasa3?PerfProc?PerfOS?PerfNet?Perfmon?Perflib?PerfDisk?Perfctrs?Outlook?Offline Files?Oakley?ntbackup?NDP1.1sp1-KB979906-X86?NDP1.1sp1-KB953297-X86?MSSQLServerADHelper?MSSQLSERVER/MSDE?MSSOAP?MSSHA?MsiInstaller?MSDTC Client?MSDTC?MSDMine?mnmsrvc?Microsoft.Transactions.Brid
Reg HKLM\SYSTEM\CurrentControlSet\Services\HidServ\Parameters@ServiceDll %SystemRoot%\System32\hidserv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 12680
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Start 4
Reg HKLM\SYSTEM\ControlSet003\Control\Lsa@LsaPid 940
Reg HKLM\SYSTEM\ControlSet003\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 1203
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}@LeaseObtainedTime 1285000404
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}@T1 1285043604
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}@T2 1285076004
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}@LeaseTerminatesTime 1285086804
Reg HKLM\SYSTEM\ControlSet003\Services\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}\Parameters\Tcpip@LeaseObtainedTime 1285000404
Reg HKLM\SYSTEM\ControlSet003\Services\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}\Parameters\Tcpip@T1 1285043604
Reg HKLM\SYSTEM\ControlSet003\Services\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}\Parameters\Tcpip@T2 1285076004
Reg HKLM\SYSTEM\ControlSet003\Services\{0F652739-C0B4-4FEC-A050-5E79FA82D90C}\Parameters\Tcpip@LeaseTerminatesTime 1285086804
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -1904950538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30103777
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -1904950538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30103777
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -1904950538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30103777
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -1904950538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3970022178-3845494283-2875992790-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30103777
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\82AB3363EC768CA46A774360AC483C8D\Usage@MSWM 1026818133
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BCCDB238CD9d694D91B7F570177B5BD\Usage@IntentConfig 1026822297
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony@Perf1 1346720335
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2010-09-20 14:10:36
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@ScheduledInstallDate 2010-09-20 06:00:00
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2010-09-20 14:10:36
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@UnableToDetectTime 2010-09-18 12:58:59
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastError -2145107924
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{7185F29F-FB52-44FA-BCF0-87134EDD179F}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@StartTime 2010/09/20-12:33:19
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 14
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 12
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@ExitTime 2010/09/18-10:01:01
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeLow -2002138038
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeHigh 30103777
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@RefCount 3
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeLow -2012606788
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeHigh 30103777
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3970022178-3845494283-2875992790-1005@ProfileLoadTimeLow -1997138038
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3970022178-3845494283-2875992790-1005@ProfileLoadTimeHigh 30103777
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\.com@ ComFile
Reg HKLM\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{00000541-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\telnet\shell\open\command@ "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\url.dll",TelnetProtocolHandler %l
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Count 278
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B83C99C-1EFA-4259-858F-BCB33E007A5B}\iexplore@Count 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B83C99C-1EFA-4259-858F-BCB33E007A5B}\iexplore@Blocked 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore@Count 39
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore@LoadTime 94
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3369AF0D-62E9-4BDA-8103-B4C75499B578}\iexplore@Count 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3369AF0D-62E9-4BDA-8103-B4C75499B578}\iexplore@Blocked 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\iexplore@Count 380
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\iexplore@Blocked 380
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\iexplore@Count 278
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61539ECD-CC67-4437-A03C-9AACCBD14326}\iexplore@Count 102
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61539ECD-CC67-4437-A03C-9AACCBD14326}\iexplore@Blocked 102
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore@Count 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore@Blocked 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count 93
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Blocked 93
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE9C389F-3316-41A7-809B-AA305ED9D922}\iexplore@Count 102
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE9C389F-3316-41A7-809B-AA305ED9D922}\iexplore@Blocked 102
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore@Count 93
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore@Blocked 93
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\iexplore@Count 123
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore@Count 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore@Blocked 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CachePath %USERPROFILE%\Local Settings\History\History.IE5\MSHist012010091820100919
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CachePrefix :2010091820100919:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CacheLimit 8192
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091820100919@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CachePath %USERPROFILE%\Local Settings\History\History.IE5\MSHist012010091920100920
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CachePrefix :2010091920100920:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CacheLimit 8192
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091920100920@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer@NoDriveTypeAutoRun 36
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@SYMNRT C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec....000033.000001f9
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1280x800(1).top 219
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1280x800(1).bottom 819
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\144\Shell@WinPos1280x800(1).left 88
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\144\Shell@WinPos1280x800(1).top 116
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\144\Shell@WinPos1280x800(1).right 888
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\144\Shell@WinPos1280x800(1).bottom 716
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\144\Shell@Rev 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\144\Shell@FFlags 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\159\Shell@WinPos1280x800(1).left 177
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\159\Shell@WinPos1280x800(1).top 166
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\159\Shell@WinPos1280x800(1).right 977
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\159\Shell@WinPos1280x800(1).bottom 766
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\28\Shell@WinPos1280x800(1).left 5
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\28\Shell@WinPos1280x800(1).top -20
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\28\Shell@WinPos1280x800(1).right 805
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\28\Shell@WinPos1280x800(1).bottom 580
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\28\Shell@ScrollPos1280x800(1).y 962
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\334\Shell@WinPos1280x800(1).left 168
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\334\Shell@WinPos1280x800(1).right 968
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\344\Shell@WinPos1280x800(1).left 168
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\344\Shell@WinPos1280x800(1).right 968
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).left 44
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).top 58
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).right 844
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@WinPos1280x800(1).bottom 658
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@Rev 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\358\Shell@FFlags 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).left -2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).top 60
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).right 798
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\69\Shell@WinPos1280x800(1).bottom 660
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x800(1).left 5
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x800(1).top -20
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x800(1).right 805
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x800(1).bottom 580
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@ScrollPos1280x800(1).y 962

---- EOF - GMER 1.0.15 ----
  • 0

#12
RKinner
Posted 20 September 2010 - 07:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
See if you can you go into Device Manger, View Hidden then find TlntSvr and disable it.

I'm no expert on using GMER but it seems to me it has an option when it is running to right click on something and delete or remove.

See if you can get it to do something about these:

Service C:\WINDOWS\system32\tlntsvr.exe (*** hidden *** ) [DISABLED] TlntSvr <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqlxmujew.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqlxmujew.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwsowvvvr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACvmpkkbib.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChrmobwut.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfujdpkos.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsfodjkwb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACivkdqxyx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACirptaxyx.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACgioylvmp.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACmiitltmo.log

Ron
  • 0

#13
rebross
Posted 20 September 2010 - 08:00 PM

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
GMER does have an option to delete file but it won't let me select it.
  • 0

#14
RKinner
Posted 20 September 2010 - 08:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
See if you can get RegSeeker to work..
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.

Select Find in Registry then have it look for UACd. You can then select all and then right click and delete selected. It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it. Repeat for tlntsvr and
UACc
UACsr
uaclog
uacmask
uacserf
uacbbr
UACproc
uacurls
uacerrors

then manually delete:
C:\windows\system32\drivers\UACqlxmujew.sys
C:\windows\system32\UACwsowvvvr.dll
C:\windows\system32\UACvmpkkbib.dat
C:\windows\system32\UAChrmobwut.dll
C:\windows\system32\UACfujdpkos.dll
C:\windows\system32\UACsfodjkwb.dll
C:\windows\system32\UACivkdqxyx.dll
C:\windows\system32\UACirptaxyx.log
C:\windows\system32\UACgioylvmp.log
C:\windows\system32\UACmiitltmo.log
C:\WINDOWS\system32\wJQs.exe
C:\WINDOWS\system32\tlntsvr.exe

Ron
  • 0

#15
rebross
Posted 20 September 2010 - 10:04 PM

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
Not all of the items were there to delete. I deleted what was found. What do I do now?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP