Jump to content

Malware log, dds log and GMer


Recommended Posts

Malware Log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6842

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/12/2011 5:30:02 PM

mbam-log-2011-06-12 (17-30-00).txt

Scan type: Full scan (C:\|)

Objects scanned: 260375

Time elapsed: 2 hour(s), 20 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS LOG:

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Cash at 23:45:49 on 2011-06-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.54 [GMT -4:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\TEMP\xybv\setup.exe

C:\program files\flip video\flipshareserver\ssleay32toolkit.exe

C:\program files\installshield installation information\{363435f2-7426-11d8-9966-00a0c9663221}\setupsetup631.exe

C:\program files\msn\msncorefiles\sqdllmicrosoftr.exe

C:\program files\hp\digital imaging\{18e0918e-1060-48f3-925c-56c82e88551b}\common\drivers\com_os\previewerpreviewer.exe

C:\program files\microsoft office\office11\1033\dataservices\connectsource16335.exe

C:\program files\quicktime\propertypanels\proppanelhelpers.resources\de.lproj\quicktimequicktimeresources.exe

C:\program files\flip video\flipshareserver\ssleay32toolkit.exe

C:\program files\microsoft office\office11\1033\dataservices\connectsource16335.exe

C:\program files\installshield installation information\{363435f2-7426-11d8-9966-00a0c9663221}\setupsetup631.exe

C:\program files\msn\msncorefiles\sqdllmicrosoftr.exe

C:\program files\hp\digital imaging\{18e0918e-1060-48f3-925c-56c82e88551b}\common\drivers\com_os\previewerpreviewer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Documents and Settings\Cash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Cash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Cash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Gvinur] rundll32.exe "c:\windows\dr4kefx.dll",Startup

uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

uRun: [Google Update] "c:\documents and settings\cash\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [setup] c:\windows\temp\xybv\setup.exe

mRun: [ssleay32libeay32] c:\program files\flip video\flipshareserver\ssleay32toolkit.exe

mRun: [installShieldSetup631] c:\program files\installshield installation information\{363435f2-7426-11d8-9966-00a0c9663221}\setupsetup631.exe

mRun: [MSNSPELLMSDBX10.0.3005] c:\program files\msn\msncorefiles\sqdllmicrosoftr.exe

mRun: [jobuiHPDJVIP] c:\program files\hp\digital imaging\{18e0918e-1060-48f3-925c-56c82e88551b}\common\drivers\com_os\previewerpreviewer.exe

mRun: [connectsource16335] c:\program files\microsoft office\office11\1033\dataservices\connectsource16335.exe

mRun: [quicktimequicktimeresources] c:\program files\quicktime\propertypanels\proppanelhelpers.resources\de.lproj\quicktimequicktimeresources.exe

mRun: [ssleay32OpenSSL0.1.10102259] c:\program files\flip video\flipshareserver\ssleay32toolkit.exe

mRun: [ConnectSource] c:\program files\microsoft office\office11\1033\dataservices\connectsource16335.exe

mRun: [installShieldSetup] c:\program files\installshield installation information\{363435f2-7426-11d8-9966-00a0c9663221}\setupsetup631.exe

mRun: [MicrosoftRCSAPI7.02.0005.2202] c:\program files\msn\msncorefiles\sqdllmicrosoftr.exe

mRun: [vipfilterHPDJ] c:\program files\hp\digital imaging\{18e0918e-1060-48f3-925c-56c82e88551b}\common\drivers\com_os\previewerpreviewer.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [cleanhdm] %APPDATA%\cleanhdm.exe

mRun: [cleanddm] %APPDATA%\cleanddm.exe

mRunServices: [setup] c:\windows\temp\xybv\setup.exe

mRunServices: [libeay32ssleay320.9.8] c:\program files\flip video\flipshareserver\ssleay32toolkit.exe

mRunServices: [sourceConnect] c:\program files\microsoft office\office11\1033\dataservices\connectsource16335.exe

mRunServices: [installShieldSetup] c:\program files\installshield installation information\{363435f2-7426-11d8-9966-00a0c9663221}\setupsetup631.exe

mRunServices: [ErrorSystem] c:\program files\msn\msncorefiles\sqdllmicrosoftr.exe

mRunServices: [HPDJSLKHPDJ] c:\program files\hp\digital imaging\{18e0918e-1060-48f3-925c-56c82e88551b}\common\drivers\com_os\previewerpreviewer.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\pci f5d7000\wireless utility\Belkinwcui.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 167.206.251.130 167.206.251.129

TCP: Interfaces\{05218A4E-632D-49D5-9165-6715206F7244} : DhcpNameServer = 167.206.251.130 167.206.251.129

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxsrvc.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Authentication Packages = msv1_0 nwprovau

Hosts: 67.205.118.182 search.yahoo.com

Hosts: 67.205.118.182 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-06-14 03:11:27 -------- d--h--w- c:\windows\PIF

2011-06-11 12:23:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-10 20:09:59 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2011-06-10 03:00:31 138752 ----a-w- c:\program files\msn\msncorefiles\sqdllMicrosoftR.exe

2011-06-10 00:36:02 7071056 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{3142addf-32ad-4b44-b3f5-1d25833cb8a0}\mpengine.dll

2011-06-10 00:32:12 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-10 00:32:12 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-10 00:29:22 -------- d-----w- c:\program files\GameHouse

2011-06-10 00:29:22 -------- d-----w- c:\documents and settings\cash\Saved Games

2011-06-10 00:29:22 -------- d-----w- c:\documents and settings\cash\.limewire

2011-06-10 00:29:18 -------- d-----w- c:\program files\ReflexiveArcade

2011-06-10 00:29:18 -------- d-----w- c:\program files\AVS4YOU

2011-06-10 00:29:15 -------- d-----w- c:\program files\RealArcade

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6Y160P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x833224D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x833287f0]; MOV EAX, [0x8332886c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x833A0AB8]

3 CLASSPNP[0xF88B8FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x833CD9D8]

\Driver\atapi[0x83360030] -> IRP_MJ_CREATE -> 0x833224D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8332231B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 23:52:24.73 ===============

This is a copy of my malware protection log with all the sites that it blocked:

21:31:41 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:31:43 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:31:44 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:31:50 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:31:55 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

21:31:57 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:31:58 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

21:32:00 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:32:04 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

21:32:06 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:33:25 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:33:28 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:33:34 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:33:46 Cash IP-BLOCK 95.143.193.138 (Type: incoming)

21:33:54 Cash IP-BLOCK 95.143.193.138 (Type: incoming)

21:34:01 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:34:04 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:34:06 Cash IP-BLOCK 95.143.193.138 (Type: incoming)

21:34:10 Cash IP-BLOCK 95.143.193.138 (Type: incoming)

21:34:10 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:34:24 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:34:26 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:34:27 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:34:29 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:34:33 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:34:35 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:34:47 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:34:50 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:34:56 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:35:08 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:35:11 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:35:14 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:35:17 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:35:23 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:35:38 Cash DETECTION C:\WINDOWS\TEMP\explorer.exe Trojan.Agent QUARANTINE

21:35:38 Cash DETECTION C:\WINDOWS\TEMP\explorer.exe Trojan.Agent DENY

21:36:48 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:36:50 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:36:57 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:38:06 Cash IP-BLOCK 91.213.29.63 (Type: incoming)

21:40:09 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:40:12 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:40:18 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:43:31 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:43:34 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:43:40 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:44:59 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:02 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:08 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:08 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:11 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:13 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:16 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:17 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:19 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:45:21 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:22 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:22 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:45:24 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:28 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:45:29 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:30 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:32 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:33 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:45:35 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:36 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:45:38 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:38 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:40 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:45:40 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:45:42 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:45:43 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:45:43 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:45:44 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:49 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:52 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:45:58 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:46:01 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:46:04 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:46:10 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:46:16 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:46:19 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:46:23 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:46:25 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

21:46:26 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:46:30 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:46:32 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:46:33 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:46:39 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

21:46:53 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:46:56 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:47:02 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:50:16 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:50:18 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:50:24 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:53:37 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:53:40 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:53:46 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:56:24 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:56:27 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:56:33 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

21:56:45 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:56:45 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:56:48 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:56:48 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:56:54 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:56:54 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

21:56:59 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:57:02 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:57:06 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:57:08 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

21:57:09 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:57:15 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

21:57:27 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:57:30 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

21:57:36 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:00:21 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:00:24 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:00:29 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:03:44 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:03:45 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:03:51 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:07:04 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:07:07 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:07:13 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:07:27 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

22:07:30 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

22:07:36 Cash IP-BLOCK 83.133.121.222 (Type: outgoing)

22:07:48 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:07:51 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:07:57 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:08:09 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:08:12 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:08:18 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:08:30 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:08:33 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:08:39 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:10:27 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:10:30 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:10:36 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:13:49 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:13:52 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:13:58 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:14:08 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:14:11 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:14:16 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:14:17 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:14:19 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:14:25 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:14:30 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:14:33 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:14:39 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:14:43 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:14:46 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:14:52 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:15:33 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:15:36 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:15:42 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:17:12 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:17:15 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:17:21 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:18:23 Cash IP-BLOCK 67.215.241.139 (Type: outgoing)

22:18:26 Cash IP-BLOCK 67.215.241.139 (Type: outgoing)

22:18:30 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:18:32 Cash IP-BLOCK 67.215.241.139 (Type: outgoing)

22:18:33 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:18:39 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:18:51 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:18:54 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:19:00 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:19:12 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:19:15 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:19:21 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:20:34 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:20:36 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:20:42 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:23:55 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:23:58 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:24:04 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:27:18 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:27:21 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:27:26 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:29:12 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:29:15 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:29:21 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:29:33 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:29:36 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:29:42 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:29:54 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:29:57 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:30:03 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:30:39 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:30:42 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:30:48 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:34:01 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:34:04 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:34:10 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:35:24 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:35:27 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:35:33 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:35:39 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:35:42 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:35:48 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:35:49 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:35:52 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:35:52 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:35:55 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:35:58 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:01 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:36:01 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:04 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:04 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:07 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:10 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:13 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:16 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:36:19 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:36:21 Cash IP-BLOCK 78.140.152.61 (Type: outgoing)

22:36:23 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:24 Cash IP-BLOCK 78.140.152.61 (Type: outgoing)

22:36:25 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

22:36:26 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:36:30 Cash IP-BLOCK 78.140.152.61 (Type: outgoing)

22:36:32 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

22:37:00 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:37:03 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:37:09 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

22:37:24 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:37:26 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:37:33 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:39:58 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:40:06 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:40:18 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:40:21 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:40:27 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:40:40 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:40:43 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:40:48 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:40:49 Cash IP-BLOCK 95.143.193.138 (Type: outgoing)

22:40:51 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:40:57 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:41:24 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:41:25 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:41:27 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:41:44 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:41:44 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:41:47 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:41:47 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:41:53 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:41:53 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:42:05 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:42:08 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:42:14 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:45:06 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:45:09 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:45:15 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:51:54 (null) MESSAGE Protection started successfully

22:53:41 Cash MESSAGE IP Protection started successfully

22:54:00 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:54:03 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:54:04 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:54:09 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

22:54:10 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:54:21 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:54:24 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:54:30 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

22:57:23 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:57:26 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

22:57:32 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:00:45 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:00:48 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:00:54 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:01:34 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:01:37 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:02:48 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:02:51 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:02:57 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:03:11 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:03:14 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:03:20 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:03:42 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:03:44 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:03:50 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:04:29 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:04:32 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:04:38 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:04:44 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:04:47 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:04:53 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:05:05 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:05:08 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:05:14 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:05:38 Cash IP-BLOCK 216.150.159.109 (Type: outgoing)

23:05:41 Cash IP-BLOCK 216.150.159.109 (Type: outgoing)

23:05:47 Cash IP-BLOCK 216.150.159.109 (Type: outgoing)

23:07:52 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:08:01 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:11:14 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:11:17 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:11:23 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:13:10 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:13:13 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:13:19 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:13:40 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:13:43 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:13:49 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:14:02 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:14:05 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:14:11 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:14:11 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:14:12 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:14:14 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:14:15 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:14:20 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:14:21 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:14:36 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:14:39 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:14:45 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:15:17 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:15:20 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:15:26 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:16:50 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:16:53 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:16:59 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:17:58 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:18:01 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:18:07 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:20:01 Cash IP-BLOCK 195.3.145.105 (Type: outgoing)

23:20:10 Cash IP-BLOCK 195.3.145.105 (Type: outgoing)

23:21:16 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:19 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:19 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:23 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:21:25 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:25 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:26 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:21:32 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:21:41 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:44 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:44 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:21:50 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:24:45 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:24:48 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:24:54 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:25:23 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:25:26 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:25:31 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:25:38 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:25:38 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:25:41 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:25:41 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:25:43 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:25:46 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:25:47 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:25:47 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:25:53 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:26:06 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:26:06 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:26:09 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:26:09 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:26:15 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:26:15 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:27:12 Cash IP-BLOCK 195.3.145.105 (Type: outgoing)

23:27:15 Cash IP-BLOCK 195.3.145.105 (Type: outgoing)

23:27:21 Cash IP-BLOCK 195.3.145.105 (Type: outgoing)

23:28:03 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:28:06 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:28:07 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:28:10 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:28:12 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:28:16 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:28:24 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:28:27 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:28:33 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:28:53 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:28:56 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:00 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:02 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:03 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:09 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:25 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:28 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:31 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:33 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:34 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:29:40 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:31:33 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:32:04 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:32:13 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:32:13 Cash IP-BLOCK 78.140.143.83 (Type: outgoing)

23:34:59 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:36:08 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:36:11 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:36:17 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:37:11 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:37:14 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:37:20 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:38:21 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:38:24 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:38:30 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:41:18 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:41:20 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:41:21 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:41:23 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:41:27 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:41:29 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:41:42 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:41:45 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:41:51 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:42:41 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:42:43 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:42:50 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:44:09 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:44:12 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:44:18 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:45:03 Cash IP-BLOCK 78.140.152.61 (Type: outgoing)

23:45:05 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:45:06 Cash IP-BLOCK 78.140.152.61 (Type: outgoing)

23:45:07 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:45:12 Cash IP-BLOCK 78.140.152.61 (Type: outgoing)

23:45:13 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:46:33 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:46:36 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:46:42 Cash IP-BLOCK 91.213.29.63 (Type: outgoing)

23:46:54 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:46:57 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:47:03 Cash IP-BLOCK 188.95.52.161 (Type: outgoing)

23:48:27 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:48:30 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:48:36 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:49:48 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:49:51 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:49:57 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:50:10 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:50:13 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:50:19 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:51:48 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:51:51 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:51:54 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:51:57 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:52:03 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:52:32 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:52:35 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:52:41 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:53:20 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:53:23 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:53:29 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:53:41 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:53:44 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:53:46 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:53:49 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:53:50 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:53:55 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:54:02 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:54:05 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:54:11 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:54:16 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:54:19 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:54:25 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:55:10 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:55:19 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:55:35 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:55:38 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:55:44 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:55:48 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:55:50 Cash IP-BLOCK 216.150.159.109 (Type: outgoing)

23:55:51 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:55:53 Cash IP-BLOCK 216.150.159.109 (Type: outgoing)

23:55:57 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:55:57 Cash IP-BLOCK 67.29.139.153 (Type: outgoing)

23:56:00 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:56:06 Cash IP-BLOCK 208.73.210.29 (Type: outgoing)

23:56:14 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

23:56:17 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

23:56:23 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

23:56:36 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

23:56:38 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

23:56:44 Cash IP-BLOCK 208.87.32.68 (Type: outgoing)

23:57:16 Cash IP-BLOCK 188.95.52.162 (Type: outgoing)

23:57:18 Cash IP-BLOCK 188.95.52.162 (Type: outgoing)

23:57:25 Cash IP-BLOCK 188.95.52.162 (Type: outgoing)

23:58:35 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:58:38 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

23:58:44 Cash IP-BLOCK 83.133.127.85 (Type: outgoing)

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

2011/06/16 22:35:39.0437 3968 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/16 22:35:40.0359 3968 ================================================================================

2011/06/16 22:35:40.0359 3968 SystemInfo:

2011/06/16 22:35:40.0359 3968

2011/06/16 22:35:40.0359 3968 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/16 22:35:40.0359 3968 Product type: Workstation

2011/06/16 22:35:40.0359 3968 ComputerName: FEDERICO-0R10EG

2011/06/16 22:35:40.0359 3968 UserName: Cash

2011/06/16 22:35:40.0359 3968 Windows directory: C:\WINDOWS

2011/06/16 22:35:40.0359 3968 System windows directory: C:\WINDOWS

2011/06/16 22:35:40.0359 3968 Processor architecture: Intel x86

2011/06/16 22:35:40.0359 3968 Number of processors: 1

2011/06/16 22:35:40.0359 3968 Page size: 0x1000

2011/06/16 22:35:40.0359 3968 Boot type: Normal boot

2011/06/16 22:35:40.0359 3968 ================================================================================

2011/06/16 22:35:45.0750 3968 Initialize success

2011/06/16 22:36:07.0140 3316 ================================================================================

2011/06/16 22:36:07.0140 3316 Scan started

2011/06/16 22:36:07.0140 3316 Mode: Manual;

2011/06/16 22:36:07.0140 3316 ================================================================================

2011/06/16 22:36:08.0109 3316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/16 22:36:08.0218 3316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/16 22:36:08.0375 3316 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/06/16 22:36:08.0515 3316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/16 22:36:08.0609 3316 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/06/16 22:36:08.0687 3316 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/06/16 22:36:09.0328 3316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/16 22:36:09.0406 3316 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/16 22:36:09.0406 3316 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: cdfe4411a69c224bd1d11b2da92dac51

2011/06/16 22:36:09.0421 3316 atapi - detected LockedFile.Multi.Generic (1)

2011/06/16 22:36:09.0640 3316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/16 22:36:09.0765 3316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/16 22:36:09.0953 3316 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/06/16 22:36:10.0109 3316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/16 22:36:10.0359 3316 BLKWGD (c2e8c62ed66ec1a9d4b03d6ab0fc851c) C:\WINDOWS\system32\DRIVERS\BLKWGD.sys

2011/06/16 22:36:10.0531 3316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/16 22:36:10.0640 3316 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/06/16 22:36:10.0843 3316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/16 22:36:10.0906 3316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/16 22:36:10.0953 3316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/16 22:36:11.0562 3316 d346bus (99159e3ef20a4792aefe4115e8ad0957) C:\WINDOWS\system32\DRIVERS\d346bus.sys

2011/06/16 22:36:11.0625 3316 d346prt (fb228cd598b7686e98fbf7bfb55666eb) C:\WINDOWS\System32\Drivers\d346prt.sys

2011/06/16 22:36:11.0843 3316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/16 22:36:11.0984 3316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/16 22:36:12.0250 3316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/16 22:36:12.0343 3316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/16 22:36:12.0421 3316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/16 22:36:12.0515 3316 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2011/06/16 22:36:12.0671 3316 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2011/06/16 22:36:12.0781 3316 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

2011/06/16 22:36:12.0906 3316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/16 22:36:13.0093 3316 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/06/16 22:36:13.0218 3316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/16 22:36:13.0296 3316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/16 22:36:13.0359 3316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/16 22:36:13.0500 3316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/16 22:36:13.0609 3316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/16 22:36:13.0718 3316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/16 22:36:13.0765 3316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/16 22:36:13.0906 3316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/06/16 22:36:14.0062 3316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/16 22:36:14.0187 3316 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/16 22:36:14.0359 3316 HMFAxCore56d706f6725c732df006697fd5ec3381 (76651801028888d3232a4feef34b5d87) C:\WINDOWS\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys

2011/06/16 22:36:14.0546 3316 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/06/16 22:36:14.0609 3316 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/06/16 22:36:14.0687 3316 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/06/16 22:36:14.0812 3316 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/06/16 22:36:15.0046 3316 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/06/16 22:36:15.0343 3316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/16 22:36:15.0656 3316 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/16 22:36:15.0796 3316 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/06/16 22:36:15.0937 3316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/16 22:36:16.0109 3316 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/16 22:36:16.0218 3316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/16 22:36:16.0296 3316 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/16 22:36:16.0406 3316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/16 22:36:16.0468 3316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/16 22:36:16.0531 3316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/16 22:36:16.0593 3316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/16 22:36:16.0656 3316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/16 22:36:16.0734 3316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/16 22:36:17.0343 3316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/16 22:36:17.0578 3316 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/16 22:36:17.0656 3316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/16 22:36:17.0750 3316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/16 22:36:17.0921 3316 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/06/16 22:36:18.0093 3316 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/06/16 22:36:18.0250 3316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/16 22:36:18.0421 3316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/16 22:36:18.0546 3316 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/06/16 22:36:18.0609 3316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/16 22:36:18.0703 3316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/16 22:36:18.0781 3316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/16 22:36:18.0890 3316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/16 22:36:19.0046 3316 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/16 22:36:19.0156 3316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/16 22:36:19.0265 3316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/16 22:36:19.0375 3316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/16 22:36:19.0468 3316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/16 22:36:19.0593 3316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/16 22:36:19.0687 3316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/06/16 22:36:19.0765 3316 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/16 22:36:19.0843 3316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/06/16 22:36:20.0125 3316 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110615.002\naveng.sys

2011/06/16 22:36:20.0218 3316 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110615.002\navex15.sys

2011/06/16 22:36:20.0453 3316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/16 22:36:20.0671 3316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/06/16 22:36:20.0734 3316 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/16 22:36:20.0812 3316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/16 22:36:20.0906 3316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/16 22:36:21.0125 3316 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/16 22:36:21.0171 3316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/16 22:36:21.0234 3316 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/16 22:36:21.0375 3316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/16 22:36:21.0437 3316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/16 22:36:21.0609 3316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/16 22:36:21.0703 3316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/16 22:36:21.0765 3316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/16 22:36:21.0921 3316 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/06/16 22:36:22.0031 3316 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/06/16 22:36:22.0203 3316 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/06/16 22:36:22.0312 3316 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

2011/06/16 22:36:22.0421 3316 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

2011/06/16 22:36:22.0546 3316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/16 22:36:22.0609 3316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/16 22:36:22.0718 3316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/16 22:36:22.0781 3316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/16 22:36:22.0921 3316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/16 22:36:23.0000 3316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/16 22:36:23.0125 3316 PD0620VID (00a4197ab139819fea9f65faf8320a75) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys

2011/06/16 22:36:23.0921 3316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/16 22:36:23.0984 3316 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/06/16 22:36:24.0046 3316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/16 22:36:24.0125 3316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/16 22:36:24.0250 3316 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/16 22:36:24.0562 3316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/16 22:36:24.0671 3316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/16 22:36:24.0781 3316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/16 22:36:24.0843 3316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/16 22:36:24.0921 3316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/16 22:36:25.0015 3316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/16 22:36:25.0203 3316 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/16 22:36:25.0343 3316 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/16 22:36:25.0421 3316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/16 22:36:25.0687 3316 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys

2011/06/16 22:36:25.0750 3316 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2011/06/16 22:36:25.0890 3316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/16 22:36:26.0062 3316 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/16 22:36:26.0125 3316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/16 22:36:26.0234 3316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/16 22:36:26.0390 3316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/06/16 22:36:26.0531 3316 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys

2011/06/16 22:36:26.0875 3316 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2011/06/16 22:36:27.0062 3316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/16 22:36:27.0234 3316 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/16 22:36:27.0406 3316 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/16 22:36:27.0562 3316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/06/16 22:36:27.0734 3316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/16 22:36:27.0937 3316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/16 22:36:28.0343 3316 SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS

2011/06/16 22:36:28.0453 3316 SYMREDRV (8d668fe83a439e2166b7defff995cddc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2011/06/16 22:36:28.0562 3316 SYMTDI (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2011/06/16 22:36:28.0781 3316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/16 22:36:28.0937 3316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/16 22:36:29.0109 3316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/16 22:36:29.0187 3316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/16 22:36:29.0281 3316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/16 22:36:29.0500 3316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/16 22:36:29.0703 3316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/16 22:36:29.0921 3316 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/16 22:36:30.0109 3316 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/06/16 22:36:30.0328 3316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/16 22:36:30.0687 3316 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/06/16 22:36:30.0890 3316 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/16 22:36:30.0984 3316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/16 22:36:31.0203 3316 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/06/16 22:36:31.0406 3316 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/16 22:36:31.0468 3316 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/16 22:36:31.0593 3316 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/16 22:36:31.0687 3316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/16 22:36:31.0796 3316 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/06/16 22:36:31.0859 3316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/16 22:36:32.0000 3316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/16 22:36:32.0109 3316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/16 22:36:32.0203 3316 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/06/16 22:36:32.0375 3316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/16 22:36:32.0500 3316 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/06/16 22:36:32.0671 3316 wlanndi5 (224d5a22893cee9dca7b984433549735) C:\WINDOWS\system32\wlanndi5.SYS

2011/06/16 22:36:32.0812 3316 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys

2011/06/16 22:36:32.0906 3316 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys

2011/06/16 22:36:33.0015 3316 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys

2011/06/16 22:36:33.0062 3316 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys

2011/06/16 22:36:33.0140 3316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/06/16 22:36:33.0250 3316 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/06/16 22:36:33.0375 3316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/16 22:36:33.0421 3316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/16 22:36:33.0593 3316 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys

2011/06/16 22:36:33.0687 3316 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys

2011/06/16 22:36:33.0781 3316 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys

2011/06/16 22:36:33.0812 3316 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/06/16 22:36:33.0828 3316 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/16 22:36:33.0828 3316 ================================================================================

2011/06/16 22:36:33.0828 3316 Scan finished

2011/06/16 22:36:33.0828 3316 ================================================================================

2011/06/16 22:36:33.0859 0864 Detected object count: 2

2011/06/16 22:36:33.0859 0864 Actual detected object count: 2

2011/06/16 22:38:20.0562 0864 LockedFile.Multi.Generic(atapi) - User select action: Skip

2011/06/16 22:38:20.0593 0864 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/16 22:38:20.0609 0864 \Device\Harddisk0\DR0 - ok

2011/06/16 22:38:20.0609 0864 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

Link to post
Share on other sites

  • Staff

Hi,

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

EST log.txt

checkup.txt

Those are the two logs you requested. The Eset scan found three items and cleaned them.

All in all the computer is running MUCH MUCH better. Its no longer redirecting me to any sites. Should i uninstall the Defogger now? or are there still some scans and other steps to run? I really appreciate your time.

Thank you

Rich

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Go ahead and enable Defogger.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java 6 Update 5

Java 6 Update 7

Adobe Flash Player 10.0.45.2

ESET Online Scanner v3

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.