Jump to content

possible rootkit


Recommended Posts

Most recent MBAM log file :

08:53:23 lee MESSAGE Protection started successfully

08:53:27 lee MESSAGE IP Protection started successfully

08:53:38 lee IP-BLOCK 91.212.226.7

08:53:41 lee IP-BLOCK 91.212.226.7

08:53:47 lee IP-BLOCK 91.212.226.7

09:00:17 lee MESSAGE Protection started successfully

09:00:21 lee MESSAGE IP Protection started successfully

09:00:26 lee IP-BLOCK 91.212.226.7

09:00:29 lee IP-BLOCK 91.212.226.7

09:00:35 lee IP-BLOCK 91.212.226.7

09:02:33 lee IP-BLOCK 61.61.20.135

09:02:36 lee IP-BLOCK 61.61.20.135

09:02:42 lee IP-BLOCK 61.61.20.135

09:02:54 lee IP-BLOCK 61.61.20.135

09:02:57 lee IP-BLOCK 61.61.20.135

09:03:03 lee IP-BLOCK 61.61.20.135

09:03:47 lee IP-BLOCK 61.61.20.135

09:03:50 lee IP-BLOCK 61.61.20.135

09:03:56 lee IP-BLOCK 61.61.20.135

09:03:56 lee IP-BLOCK 61.61.20.135

09:03:59 lee IP-BLOCK 61.61.20.135

09:04:05 lee IP-BLOCK 61.61.20.135

09:04:08 lee IP-BLOCK 61.61.20.135

09:04:11 lee IP-BLOCK 61.61.20.135

09:04:17 lee IP-BLOCK 61.61.20.135

09:04:20 lee IP-BLOCK 61.61.20.135

09:04:26 lee IP-BLOCK 61.61.20.135

09:04:29 lee IP-BLOCK 61.61.20.135

09:04:32 lee IP-BLOCK 61.61.20.135

09:04:38 lee IP-BLOCK 61.61.20.135

09:04:41 lee IP-BLOCK 61.61.20.135

09:04:47 lee IP-BLOCK 61.61.20.135

09:04:50 lee IP-BLOCK 61.61.20.135

09:04:53 lee IP-BLOCK 61.61.20.135

09:04:59 lee IP-BLOCK 61.61.20.135

09:05:02 lee IP-BLOCK 61.61.20.135

09:05:08 lee IP-BLOCK 61.61.20.135

09:05:21 lee IP-BLOCK 61.61.20.135

09:05:24 lee IP-BLOCK 61.61.20.135

09:05:30 lee IP-BLOCK 61.61.20.135

09:05:42 lee IP-BLOCK 61.61.20.135

09:05:45 lee IP-BLOCK 61.61.20.135

09:05:51 lee IP-BLOCK 61.61.20.135

09:06:03 lee IP-BLOCK 61.61.20.135

09:06:06 lee IP-BLOCK 61.61.20.135

09:06:12 lee IP-BLOCK 61.61.20.135

09:06:24 lee IP-BLOCK 61.61.20.135

09:06:27 lee IP-BLOCK 61.61.20.135

09:06:33 lee IP-BLOCK 61.61.20.135

09:06:45 lee IP-BLOCK 61.61.20.135

09:06:48 lee IP-BLOCK 61.61.20.135

09:06:54 lee IP-BLOCK 61.61.20.135

09:07:06 lee IP-BLOCK 61.61.20.135

09:07:09 lee IP-BLOCK 61.61.20.135

09:07:15 lee IP-BLOCK 61.61.20.135

09:07:28 lee IP-BLOCK 61.61.20.135

09:07:31 lee IP-BLOCK 61.61.20.135

09:07:31 lee IP-BLOCK 213.163.89.104

09:07:34 lee IP-BLOCK 213.163.89.104

09:07:37 lee IP-BLOCK 61.61.20.135

09:07:40 lee IP-BLOCK 213.163.89.104

09:07:49 lee IP-BLOCK 61.61.20.135

09:07:52 lee IP-BLOCK 61.61.20.135

09:07:58 lee IP-BLOCK 61.61.20.135

09:08:10 lee IP-BLOCK 61.61.20.135

09:08:13 lee IP-BLOCK 61.61.20.135

09:08:19 lee IP-BLOCK 61.61.20.135

09:08:31 lee IP-BLOCK 61.61.20.135

09:08:34 lee IP-BLOCK 61.61.20.135

09:08:40 lee IP-BLOCK 61.61.20.135

09:08:52 lee IP-BLOCK 61.61.20.135

09:08:55 lee IP-BLOCK 61.61.20.135

09:09:01 lee IP-BLOCK 61.61.20.135

09:09:13 lee IP-BLOCK 61.61.20.135

09:09:16 lee IP-BLOCK 61.61.20.135

09:09:22 lee IP-BLOCK 61.61.20.135

09:09:34 lee IP-BLOCK 61.61.20.135

09:09:37 lee IP-BLOCK 61.61.20.135

09:09:43 lee IP-BLOCK 61.61.20.135

09:09:55 lee IP-BLOCK 61.61.20.135

09:09:58 lee IP-BLOCK 61.61.20.135

09:10:04 lee IP-BLOCK 61.61.20.135

09:10:16 lee IP-BLOCK 61.61.20.135

09:10:19 lee IP-BLOCK 61.61.20.135

09:10:25 lee IP-BLOCK 61.61.20.135

09:10:37 lee IP-BLOCK 61.61.20.135

09:10:40 lee IP-BLOCK 61.61.20.135

09:10:46 lee IP-BLOCK 61.61.20.135

09:10:58 lee IP-BLOCK 213.163.89.104

09:11:01 lee IP-BLOCK 213.163.89.104

09:11:08 lee IP-BLOCK 213.163.89.104

09:11:20 lee IP-BLOCK 61.61.20.135

09:11:23 lee IP-BLOCK 61.61.20.135

09:11:29 lee IP-BLOCK 61.61.20.135

09:19:29 lee IP-BLOCK 61.61.20.135

09:19:32 lee IP-BLOCK 61.61.20.135

09:19:38 lee IP-BLOCK 61.61.20.135

09:31:20 lee IP-BLOCK 213.163.89.104

09:31:23 lee IP-BLOCK 213.163.89.104

09:31:29 lee IP-BLOCK 213.163.89.104

09:32:02 lee IP-BLOCK 61.61.20.132

09:32:05 lee IP-BLOCK 61.61.20.132

09:32:11 lee IP-BLOCK 61.61.20.132

10:01:28 lee MESSAGE Protection started successfully

10:01:32 lee MESSAGE IP Protection started successfully

10:02:24 lee IP-BLOCK 91.212.226.7

10:02:27 lee IP-BLOCK 91.212.226.7

10:02:33 lee IP-BLOCK 91.212.226.7

10:09:30 lee IP-BLOCK 213.163.89.104

10:09:33 lee IP-BLOCK 213.163.89.104

10:09:39 lee IP-BLOCK 213.163.89.104

10:10:30 lee IP-BLOCK 213.163.89.104

10:10:33 lee IP-BLOCK 213.163.89.104

10:10:39 lee IP-BLOCK 213.163.89.104

10:12:52 lee IP-BLOCK 61.61.20.135

10:12:55 lee IP-BLOCK 61.61.20.135

10:13:01 lee IP-BLOCK 61.61.20.135

10:17:14 lee IP-BLOCK 61.61.20.135

10:17:17 lee IP-BLOCK 61.61.20.135

10:17:23 lee IP-BLOCK 61.61.20.135

10:17:35 lee IP-BLOCK 61.61.20.135

10:17:38 lee IP-BLOCK 61.61.20.135

10:17:44 lee IP-BLOCK 61.61.20.135

10:17:56 lee IP-BLOCK 61.61.20.135

10:17:59 lee IP-BLOCK 61.61.20.135

10:18:05 lee IP-BLOCK 61.61.20.135

10:18:16 lee IP-BLOCK 61.61.20.135

10:18:19 lee IP-BLOCK 61.61.20.135

10:18:25 lee IP-BLOCK 61.61.20.135

10:18:39 lee IP-BLOCK 61.61.20.135

10:18:40 lee IP-BLOCK 61.61.20.135

10:18:42 lee IP-BLOCK 61.61.20.135

10:18:43 lee IP-BLOCK 61.61.20.135

10:18:48 lee IP-BLOCK 61.61.20.135

10:18:49 lee IP-BLOCK 61.61.20.135

10:19:00 lee IP-BLOCK 61.61.20.135

10:19:01 lee IP-BLOCK 61.61.20.135

10:19:03 lee IP-BLOCK 61.61.20.135

10:19:04 lee IP-BLOCK 61.61.20.135

10:19:09 lee IP-BLOCK 61.61.20.135

10:19:10 lee IP-BLOCK 61.61.20.135

10:19:21 lee IP-BLOCK 61.61.20.135

10:19:22 lee IP-BLOCK 61.61.20.135

10:19:24 lee IP-BLOCK 61.61.20.135

10:19:25 lee IP-BLOCK 61.61.20.135

10:19:30 lee IP-BLOCK 61.61.20.135

10:19:31 lee IP-BLOCK 61.61.20.135

10:19:42 lee IP-BLOCK 61.61.20.135

10:19:43 lee IP-BLOCK 61.61.20.135

10:19:45 lee IP-BLOCK 61.61.20.135

10:19:46 lee IP-BLOCK 61.61.20.135

10:19:51 lee IP-BLOCK 61.61.20.135

10:19:52 lee IP-BLOCK 61.61.20.135

10:20:03 lee IP-BLOCK 61.61.20.135

10:20:04 lee IP-BLOCK 61.61.20.135

10:20:06 lee IP-BLOCK 61.61.20.135

10:20:07 lee IP-BLOCK 61.61.20.135

10:20:12 lee IP-BLOCK 61.61.20.135

10:20:13 lee IP-BLOCK 61.61.20.135

10:20:24 lee IP-BLOCK 61.61.20.135

10:20:25 lee IP-BLOCK 61.61.20.135

10:20:27 lee IP-BLOCK 61.61.20.135

10:20:28 lee IP-BLOCK 61.61.20.135

10:20:33 lee IP-BLOCK 61.61.20.135

10:20:34 lee IP-BLOCK 61.61.20.135

10:20:45 lee IP-BLOCK 61.61.20.135

10:20:46 lee IP-BLOCK 61.61.20.135

10:20:48 lee IP-BLOCK 61.61.20.135

10:20:49 lee IP-BLOCK 61.61.20.135

10:20:54 lee IP-BLOCK 61.61.20.135

10:20:55 lee IP-BLOCK 61.61.20.135

10:21:06 lee IP-BLOCK 61.61.20.135

10:21:07 lee IP-BLOCK 61.61.20.135

10:21:09 lee IP-BLOCK 61.61.20.135

10:21:10 lee IP-BLOCK 61.61.20.135

10:21:15 lee IP-BLOCK 61.61.20.135

10:21:16 lee IP-BLOCK 61.61.20.135

10:21:27 lee IP-BLOCK 61.61.20.135

10:21:28 lee IP-BLOCK 61.61.20.135

10:21:30 lee IP-BLOCK 61.61.20.135

10:21:31 lee IP-BLOCK 61.61.20.135

10:21:36 lee IP-BLOCK 61.61.20.135

10:21:37 lee IP-BLOCK 61.61.20.135

10:21:48 lee IP-BLOCK 61.61.20.135

10:21:49 lee IP-BLOCK 61.61.20.135

10:21:51 lee IP-BLOCK 61.61.20.135

10:21:52 lee IP-BLOCK 61.61.20.135

10:21:57 lee IP-BLOCK 61.61.20.135

10:21:58 lee IP-BLOCK 61.61.20.135

10:22:09 lee IP-BLOCK 61.61.20.135

10:22:10 lee IP-BLOCK 61.61.20.135

10:22:12 lee IP-BLOCK 61.61.20.135

10:22:13 lee IP-BLOCK 61.61.20.135

10:22:18 lee IP-BLOCK 61.61.20.135

10:22:19 lee IP-BLOCK 61.61.20.135

10:22:30 lee IP-BLOCK 61.61.20.135

10:22:33 lee IP-BLOCK 61.61.20.135

10:22:39 lee IP-BLOCK 61.61.20.135

10:22:51 lee IP-BLOCK 61.61.20.135

10:22:54 lee IP-BLOCK 61.61.20.135

10:23:00 lee IP-BLOCK 61.61.20.135

10:24:49 lee IP-BLOCK 61.61.20.135

10:24:52 lee IP-BLOCK 61.61.20.135

10:24:58 lee IP-BLOCK 61.61.20.135

10:25:10 lee IP-BLOCK 61.61.20.135

10:25:13 lee IP-BLOCK 61.61.20.135

10:25:19 lee IP-BLOCK 61.61.20.135

10:25:31 lee IP-BLOCK 61.61.20.135

10:25:34 lee IP-BLOCK 61.61.20.135

10:25:40 lee IP-BLOCK 61.61.20.135

10:25:52 lee IP-BLOCK 61.61.20.135

10:25:55 lee IP-BLOCK 61.61.20.135

10:26:01 lee IP-BLOCK 61.61.20.135

10:26:13 lee IP-BLOCK 61.61.20.135

10:26:16 lee IP-BLOCK 61.61.20.135

10:26:22 lee IP-BLOCK 61.61.20.135

10:26:34 lee IP-BLOCK 61.61.20.135

10:26:37 lee IP-BLOCK 61.61.20.135

10:26:43 lee IP-BLOCK 61.61.20.135

10:26:55 lee IP-BLOCK 61.61.20.135

10:26:58 lee IP-BLOCK 61.61.20.135

10:27:04 lee IP-BLOCK 61.61.20.135

10:27:16 lee IP-BLOCK 61.61.20.135

10:27:19 lee IP-BLOCK 61.61.20.135

10:27:25 lee IP-BLOCK 61.61.20.135

10:27:37 lee IP-BLOCK 61.61.20.135

10:27:40 lee IP-BLOCK 61.61.20.135

10:27:46 lee IP-BLOCK 61.61.20.135

10:27:58 lee IP-BLOCK 61.61.20.135

10:28:01 lee IP-BLOCK 61.61.20.135

10:28:07 lee IP-BLOCK 61.61.20.135

10:28:19 lee IP-BLOCK 61.61.20.135

10:28:22 lee IP-BLOCK 61.61.20.135

10:28:28 lee IP-BLOCK 61.61.20.135

10:28:40 lee IP-BLOCK 61.61.20.135

10:28:43 lee IP-BLOCK 61.61.20.135

10:28:49 lee IP-BLOCK 61.61.20.135

10:29:01 lee IP-BLOCK 61.61.20.135

10:29:04 lee IP-BLOCK 61.61.20.135

10:29:10 lee IP-BLOCK 61.61.20.135

10:29:22 lee IP-BLOCK 61.61.20.135

10:29:25 lee IP-BLOCK 61.61.20.135

10:29:31 lee IP-BLOCK 61.61.20.135

10:29:43 lee IP-BLOCK 61.61.20.135

10:29:46 lee IP-BLOCK 61.61.20.135

10:29:52 lee IP-BLOCK 61.61.20.135

10:30:04 lee IP-BLOCK 61.61.20.135

10:30:07 lee IP-BLOCK 61.61.20.135

10:30:13 lee IP-BLOCK 61.61.20.135

10:30:25 lee IP-BLOCK 61.61.20.135

10:30:28 lee IP-BLOCK 61.61.20.135

10:30:34 lee IP-BLOCK 61.61.20.135

10:30:46 lee IP-BLOCK 61.61.20.135

10:30:49 lee IP-BLOCK 61.61.20.135

10:30:55 lee IP-BLOCK 61.61.20.135

10:31:07 lee IP-BLOCK 61.61.20.135

10:31:10 lee IP-BLOCK 61.61.20.135

10:31:16 lee IP-BLOCK 61.61.20.135

10:31:28 lee IP-BLOCK 61.61.20.135

10:31:31 lee IP-BLOCK 61.61.20.135

10:31:37 lee IP-BLOCK 61.61.20.135

10:31:49 lee IP-BLOCK 61.61.20.135

10:31:52 lee IP-BLOCK 61.61.20.135

10:31:58 lee IP-BLOCK 61.61.20.135

10:32:10 lee IP-BLOCK 61.61.20.135

10:32:13 lee IP-BLOCK 61.61.20.135

10:32:19 lee IP-BLOCK 61.61.20.135

10:32:31 lee IP-BLOCK 61.61.20.135

10:32:34 lee IP-BLOCK 61.61.20.135

10:32:40 lee IP-BLOCK 61.61.20.135

10:32:52 lee IP-BLOCK 213.163.89.104

10:32:52 lee IP-BLOCK 61.61.20.135

10:32:55 lee IP-BLOCK 213.163.89.104

10:32:55 lee IP-BLOCK 61.61.20.135

10:33:01 lee IP-BLOCK 213.163.89.104

10:33:01 lee IP-BLOCK 61.61.20.135

10:33:13 lee IP-BLOCK 61.61.20.135

10:33:16 lee IP-BLOCK 61.61.20.135

10:33:22 lee IP-BLOCK 61.61.20.135

10:33:34 lee IP-BLOCK 61.61.20.132

10:33:34 lee IP-BLOCK 61.61.20.135

10:33:37 lee IP-BLOCK 61.61.20.132

10:33:37 lee IP-BLOCK 61.61.20.135

10:33:43 lee IP-BLOCK 61.61.20.132

10:33:43 lee IP-BLOCK 61.61.20.135

10:33:55 lee IP-BLOCK 61.61.20.135

10:33:58 lee IP-BLOCK 61.61.20.135

10:34:04 lee IP-BLOCK 61.61.20.135

10:34:16 lee IP-BLOCK 61.61.20.135

10:34:19 lee IP-BLOCK 61.61.20.135

10:34:25 lee IP-BLOCK 61.61.20.135

10:34:37 lee IP-BLOCK 61.61.20.135

10:34:40 lee IP-BLOCK 61.61.20.135

10:34:46 lee IP-BLOCK 61.61.20.135

10:34:58 lee IP-BLOCK 61.61.20.135

10:35:01 lee IP-BLOCK 61.61.20.135

10:35:07 lee IP-BLOCK 61.61.20.135

10:35:19 lee IP-BLOCK 61.61.20.135

10:35:22 lee IP-BLOCK 61.61.20.135

10:35:28 lee IP-BLOCK 61.61.20.135

10:35:40 lee IP-BLOCK 61.61.20.135

10:35:43 lee IP-BLOCK 61.61.20.135

10:35:49 lee IP-BLOCK 61.61.20.135

10:36:01 lee IP-BLOCK 61.61.20.135

10:36:04 lee IP-BLOCK 61.61.20.135

10:36:10 lee IP-BLOCK 61.61.20.135

10:36:22 lee IP-BLOCK 61.61.20.135

10:36:25 lee IP-BLOCK 61.61.20.135

10:36:31 lee IP-BLOCK 61.61.20.135

10:36:43 lee IP-BLOCK 61.61.20.135

10:36:46 lee IP-BLOCK 61.61.20.135

10:36:52 lee IP-BLOCK 61.61.20.135

10:37:04 lee IP-BLOCK 61.61.20.135

10:37:07 lee IP-BLOCK 61.61.20.135

10:37:13 lee IP-BLOCK 61.61.20.135

10:37:25 lee IP-BLOCK 61.61.20.135

10:37:28 lee IP-BLOCK 61.61.20.135

10:37:34 lee IP-BLOCK 61.61.20.135

10:37:46 lee IP-BLOCK 61.61.20.135

10:37:49 lee IP-BLOCK 61.61.20.135

10:37:55 lee IP-BLOCK 61.61.20.135

10:38:07 lee IP-BLOCK 61.61.20.135

10:38:10 lee IP-BLOCK 61.61.20.135

10:38:16 lee IP-BLOCK 61.61.20.135

10:43:55 lee IP-BLOCK 61.61.20.132

10:43:58 lee IP-BLOCK 61.61.20.132

10:44:04 lee IP-BLOCK 61.61.20.132

10:53:45 lee IP-BLOCK 61.61.20.135

10:53:48 lee IP-BLOCK 61.61.20.135

10:53:54 lee IP-BLOCK 61.61.20.135

10:54:06 lee IP-BLOCK 61.61.20.135

10:54:09 lee IP-BLOCK 61.61.20.135

10:54:15 lee IP-BLOCK 61.61.20.135

10:54:16 lee IP-BLOCK 91.212.226.6

10:54:19 lee IP-BLOCK 91.212.226.6

10:54:25 lee IP-BLOCK 91.212.226.6

10:59:14 lee IP-BLOCK 213.163.89.104

10:59:17 lee IP-BLOCK 213.163.89.104

10:59:23 lee IP-BLOCK 213.163.89.104

11:04:39 lee IP-BLOCK 91.212.226.7

11:04:42 lee IP-BLOCK 91.212.226.7

11:04:48 lee IP-BLOCK 91.212.226.7

11:38:47 lee MESSAGE Protection started successfully

11:38:51 lee MESSAGE IP Protection started successfully

11:40:03 lee IP-BLOCK 91.212.226.7

11:40:06 lee IP-BLOCK 91.212.226.7

11:40:13 lee IP-BLOCK 91.212.226.7

11:47:09 lee IP-BLOCK 213.163.89.104

11:47:12 lee IP-BLOCK 213.163.89.104

11:47:18 lee IP-BLOCK 213.163.89.104

11:48:09 lee IP-BLOCK 213.163.89.104

11:48:12 lee IP-BLOCK 213.163.89.104

11:48:18 lee IP-BLOCK 213.163.89.104

11:50:31 lee IP-BLOCK 61.61.20.135

11:50:34 lee IP-BLOCK 61.61.20.135

11:50:40 lee IP-BLOCK 61.61.20.135

11:58:31 lee IP-BLOCK 213.163.89.104

11:58:34 lee IP-BLOCK 213.163.89.104

11:58:40 lee IP-BLOCK 213.163.89.104

12:07:53 lee IP-BLOCK 213.163.89.104

12:07:55 lee IP-BLOCK 213.163.89.104

12:08:02 lee IP-BLOCK 213.163.89.104

12:11:14 lee IP-BLOCK 61.61.20.132

12:11:17 lee IP-BLOCK 61.61.20.132

12:11:23 lee IP-BLOCK 61.61.20.132

12:11:43 lee IP-BLOCK 61.61.20.135

12:11:46 lee IP-BLOCK 61.61.20.135

12:11:52 lee IP-BLOCK 61.61.20.135

12:12:04 lee IP-BLOCK 61.61.20.135

12:12:07 lee IP-BLOCK 61.61.20.135

12:12:13 lee IP-BLOCK 61.61.20.135

12:12:28 lee IP-BLOCK 61.61.20.135

12:12:31 lee IP-BLOCK 61.61.20.135

12:12:37 lee IP-BLOCK 61.61.20.135

12:12:49 lee IP-BLOCK 61.61.20.135

12:12:52 lee IP-BLOCK 61.61.20.135

12:12:58 lee IP-BLOCK 61.61.20.135

12:13:10 lee IP-BLOCK 61.61.20.135

12:13:13 lee IP-BLOCK 61.61.20.135

12:13:19 lee IP-BLOCK 61.61.20.135

12:13:31 lee IP-BLOCK 61.61.20.135

12:13:34 lee IP-BLOCK 61.61.20.135

12:13:40 lee IP-BLOCK 61.61.20.135

12:13:52 lee IP-BLOCK 61.61.20.135

12:13:55 lee IP-BLOCK 61.61.20.135

12:14:01 lee IP-BLOCK 61.61.20.135

12:14:13 lee IP-BLOCK 61.61.20.135

12:14:16 lee IP-BLOCK 61.61.20.135

12:14:22 lee IP-BLOCK 61.61.20.135

12:14:34 lee IP-BLOCK 61.61.20.135

12:14:37 lee IP-BLOCK 61.61.20.135

12:14:43 lee IP-BLOCK 61.61.20.135

12:14:55 lee IP-BLOCK 61.61.20.135

12:14:58 lee IP-BLOCK 61.61.20.135

12:15:04 lee IP-BLOCK 61.61.20.135

12:15:16 lee IP-BLOCK 61.61.20.135

12:15:19 lee IP-BLOCK 61.61.20.135

12:15:25 lee IP-BLOCK 61.61.20.135

12:15:37 lee IP-BLOCK 61.61.20.135

12:15:40 lee IP-BLOCK 61.61.20.135

12:15:46 lee IP-BLOCK 61.61.20.135

12:15:58 lee IP-BLOCK 61.61.20.135

12:16:01 lee IP-BLOCK 61.61.20.135

12:16:07 lee IP-BLOCK 61.61.20.135

12:16:19 lee IP-BLOCK 61.61.20.135

12:16:22 lee IP-BLOCK 61.61.20.135

12:16:28 lee IP-BLOCK 61.61.20.135

12:16:40 lee IP-BLOCK 61.61.20.135

12:16:43 lee IP-BLOCK 61.61.20.135

12:16:49 lee IP-BLOCK 61.61.20.135

12:17:01 lee IP-BLOCK 61.61.20.135

12:17:04 lee IP-BLOCK 61.61.20.135

12:17:10 lee IP-BLOCK 61.61.20.135

12:17:22 lee IP-BLOCK 61.61.20.135

12:17:25 lee IP-BLOCK 61.61.20.135

12:17:31 lee IP-BLOCK 61.61.20.135

12:17:43 lee IP-BLOCK 61.61.20.135

12:17:46 lee IP-BLOCK 61.61.20.135

12:17:52 lee IP-BLOCK 61.61.20.135

12:18:04 lee IP-BLOCK 61.61.20.135

12:18:07 lee IP-BLOCK 61.61.20.135

12:18:13 lee IP-BLOCK 61.61.20.135

12:18:25 lee IP-BLOCK 61.61.20.135

12:18:28 lee IP-BLOCK 61.61.20.135

12:18:34 lee IP-BLOCK 61.61.20.135

12:19:07 lee IP-BLOCK 61.61.20.135

12:19:10 lee IP-BLOCK 61.61.20.135

12:19:16 lee IP-BLOCK 61.61.20.135

12:19:28 lee IP-BLOCK 61.61.20.135

12:19:31 lee IP-BLOCK 61.61.20.135

12:19:37 lee IP-BLOCK 61.61.20.135

12:19:49 lee IP-BLOCK 61.61.20.135

12:19:52 lee IP-BLOCK 61.61.20.135

12:19:58 lee IP-BLOCK 61.61.20.135

12:20:10 lee IP-BLOCK 61.61.20.135

12:20:13 lee IP-BLOCK 61.61.20.135

12:20:19 lee IP-BLOCK 61.61.20.135

12:20:31 lee IP-BLOCK 61.61.20.135

12:20:34 lee IP-BLOCK 61.61.20.135

12:20:40 lee IP-BLOCK 61.61.20.135

12:20:52 lee IP-BLOCK 61.61.20.135

12:20:55 lee IP-BLOCK 61.61.20.135

12:21:01 lee IP-BLOCK 61.61.20.135

12:21:13 lee IP-BLOCK 61.61.20.135

12:21:16 lee IP-BLOCK 61.61.20.135

12:21:22 lee IP-BLOCK 61.61.20.135

12:21:35 lee IP-BLOCK 61.61.20.132

12:21:38 lee IP-BLOCK 61.61.20.132

12:21:44 lee IP-BLOCK 61.61.20.132

12:31:56 lee IP-BLOCK 91.212.226.6

12:31:59 lee IP-BLOCK 91.212.226.6

12:32:05 lee IP-BLOCK 91.212.226.6

12:38:16 lee IP-BLOCK 61.61.20.135

12:38:19 lee IP-BLOCK 61.61.20.135

12:38:25 lee IP-BLOCK 61.61.20.135

12:38:37 lee IP-BLOCK 61.61.20.135

12:38:40 lee IP-BLOCK 61.61.20.135

12:38:46 lee IP-BLOCK 61.61.20.135

12:38:58 lee IP-BLOCK 61.61.20.135

12:39:01 lee IP-BLOCK 61.61.20.135

12:39:07 lee IP-BLOCK 61.61.20.135

12:40:14 lee IP-BLOCK 213.163.89.104

12:40:17 lee IP-BLOCK 213.163.89.104

12:40:23 lee IP-BLOCK 213.163.89.104

12:42:17 lee IP-BLOCK 91.212.226.7

12:42:20 lee IP-BLOCK 91.212.226.7

12:42:26 lee IP-BLOCK 91.212.226.7

12:46:35 lee IP-BLOCK 213.163.89.104

12:46:38 lee IP-BLOCK 213.163.89.104

12:46:44 lee IP-BLOCK 213.163.89.104

12:58:29 lee IP-BLOCK 61.61.20.135

12:58:32 lee IP-BLOCK 61.61.20.135

12:58:38 lee IP-BLOCK 61.61.20.135

12:58:50 lee IP-BLOCK 61.61.20.135

12:58:53 lee IP-BLOCK 61.61.20.135

12:58:59 lee IP-BLOCK 61.61.20.135

12:59:11 lee IP-BLOCK 61.61.20.135

12:59:14 lee IP-BLOCK 61.61.20.135

12:59:20 lee IP-BLOCK 61.61.20.135

13:03:56 lee IP-BLOCK 213.163.89.104

13:03:58 lee IP-BLOCK 213.163.89.104

13:04:05 lee IP-BLOCK 213.163.89.104

14:25:56 lee MESSAGE Protection started successfully

14:26:00 lee MESSAGE IP Protection started successfully

14:26:38 lee IP-BLOCK 91.212.226.7

14:26:41 lee IP-BLOCK 91.212.226.7

14:26:47 lee IP-BLOCK 91.212.226.7

14:31:22 lee MESSAGE IP Protection stopped

14:31:28 lee MESSAGE Database updated successfully

14:31:29 lee MESSAGE IP Protection started successfully

14:33:44 lee IP-BLOCK 213.163.89.104

14:33:47 lee IP-BLOCK 213.163.89.104

14:33:53 lee IP-BLOCK 213.163.89.104

14:34:43 lee IP-BLOCK 213.163.89.104

14:34:46 lee IP-BLOCK 213.163.89.104

14:34:52 lee IP-BLOCK 213.163.89.104

14:37:05 lee IP-BLOCK 61.61.20.135

********************

DDS log file

DDS (Ver_10-03-17.01) - NTFSx86

Run by lee at 14:41:30.52 on Fri 06/04/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1383 [GMT -7:00]

AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Timeslips\TSTimer.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\lee.lawtonlaw\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by PROVIDED BY: THE LAWTON LAW FIRM

uInternet Settings,ProxyServer = http=127.0.0.1:5555

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: moigh Object: {98b13e11-79dd-4410-bb59-0a4578ab28c7} - c:\windows\system32\lnejpzjn.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: voguecash browser enhancer: {a74ce7f0-d7f5-6397-f35e-c6a9e34b6b68} - c:\windows\system32\gpbadcxedrxwjgvd.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [TSTimer] "c:\program files\timeslips\TSTimer.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

uPolicies-explorer: EditLevel = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-2 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-2 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-2 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-2 308064]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-15 47640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-10 20952]

S2 gupdate1c9d40ef72d6655;Google Update Service (gupdate1c9d40ef72d6655);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-10 304464]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-2 430152]

S4 ejuhk;ejuhk;c:\windows\system32\drivers\rliqqsy.sys [2010-5-10 54016]

S4 esvwccax;esvwccax;\??\c:\windows\system32\drivers\esvwccax.sys --> c:\windows\system32\drivers\esvwccax.sys [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-06-04 21:38:35 0 ----a-w- c:\documents and settings\lee.lawtonlaw\defogger_reenable

2010-06-02 21:13:49 0 d--h--w- C:\$AVG

2010-06-02 21:09:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-02 21:09:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-02 21:09:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-02 21:09:20 0 d-----w- c:\windows\system32\drivers\Avg

2010-06-02 21:09:17 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-06-02 21:06:39 0 d-----w- c:\program files\AVG

2010-06-02 21:06:22 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-06-01 20:39:01 7106 ----a-w- c:\windows\system32\thqvmk

2010-06-01 20:39:01 64512 ----a-w- c:\windows\system32\klgd.bmp

2010-06-01 19:47:42 23972 ----a-w- c:\windows\XSUMLT08.ini

2010-05-28 19:38:06 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-05-28 19:38:06 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-05-28 19:36:55 0 d-----w- c:\docume~1\lee~1.law\applic~1\Street-Ads

2010-05-28 19:36:37 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-05-28 19:36:37 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2010-05-28 19:36:34 0 d-----w- c:\docume~1\lee~1.law\applic~1\Sky-Banners

2010-05-28 19:36:31 50981 ----a-w- c:\windows\system32\xgytstysaf.exe

2010-05-24 16:31:20 40633 ----a-w- c:\windows\system32\tccxdndo.exe

2010-05-10 19:48:31 54016 ----a-w- c:\windows\system32\drivers\rliqqsy.sys

2010-05-10 19:40:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-10 19:40:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-10 19:40:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-02 00:20:05 85880 ----a-w- c:\windows\fonts\AdobeFnt07.lst

2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll

2009-04-14 16:49:29 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:42:23.02 ===============

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-04 15:43:37

Windows 5.1.2600 Service Pack 2

Running: qqz8pk7i.exe; Driver: C:\DOCUME~1\LEE~1.LAW\LOCALS~1\Temp\kwdyqkod.sys

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\cdrom.sys entry point in ".rsrc" section [0xBA153194]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009C000A

.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009D000A

.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009B000C

.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0221000A

.text C:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00DC000A

.text C:\Program Files\Timeslips\TSTimer.exe[2200] kernel32.dll!GetDiskFreeSpaceA 7C830309 5 Bytes JMP 01319F24 C:\Program Files\Timeslips\TSDBAP32.dll (Timeslips API/Best Software SB, Inc.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F5000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F6000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F4000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3424] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A

.text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A

.text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat A73E0C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

Device -> \Driver\atapi \Device\Harddisk0\DR0 89C73EC5

---- Processes - GMER 1.0.15 ----

Library C:\PROGRA~1\WINDOW~4\MpShHook.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3976] 0x5F800000

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious modification

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

ark.zip

Link to post
Share on other sites

Hello TheCoach.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not TheCoach and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

Do not do any websurfing. For the duration, only go to this forum and sites I guide you to for tools & scans, etc.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Take out the trash (temporary files & temporary internet files)

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

Step 5

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Step 6

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt

Link to post
Share on other sites

Hello,

I have followed all instructions.

Combofix is running now.

It has been running for about 1 hour. It advised that it might take 10.

The last thing I see on the screen is :

"However scan times for badly infected machines can easily double."

I noticed that the time on the computer has not incremented from when I started the scan.....doesn't seem right.

The hard disk light on the PC is flicking, so I'm not sure if it has locked up or not.

Should I see some kind of status or progress display after the banner line above?

How long would you expect Combofix to run?

Link to post
Share on other sites

If the Combofix screen has not changed by now, or if it has not completed, it should.

Very carefully do the following.

Bring up Task Manager press & hold CTRL-key, then press ALT, then press DEL key (CTRL+ALT+DEL)

Once Task Manager starts

Click the Processes Tab.

look for all processes (one by one) that start with CF

one at a time, if found, press that line to select it and then press End process

You will want to restart the system, if your Task Manager allows, select Restart.

You will want to be in Normal mode.

DO these steps in any event:

Disable the options "Automatically detect settings" and "Use automatic configuration script."

To do this:

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Apply changes.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.