[IN PROGRESS]trojans.sbi by Spyboot
CastleCops
-> Rootkit Revelations
Author: fia6, Location: Sweden
Posted: Wed Jun 18, 2008 3:06 am Post subject: trojans.sbi by Spyboot
Hi
Spyboot report's problem with trojan and there is a log-file "include errors.log".
this is it,what am I supposed to do?
bot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
D:\Program\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
D:\Program\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
Author: negster22,
Posted: Thu Jun 19, 2008 4:04 am Post subject:
Hello,
I am not so sure those are true detections, especially the Delf - ntdoss04.sys one, because I read a topic on the Spybot forum about a ruleset problem causing that detection.
Please click Here to download HijackThis to your desktop.
Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.
It will be installed by default here: C:\Program Files\Trend Micro\HijackThis
A shortcut to the application will also be placed on your Desktop.
The program will open automatically after installation.
You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.
Close all other windows except HijackThis.
Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.
Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
Close HJT.
Please download ATF Cleaner by Atribune.
This program is for Windows 2K, XP, and Vista
- Double-clickATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Uncheck any items that you do not want removed such as stored cookies
- Click the Empty Selected button.
If you use Firefox browser - Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click
-
- No at the prompt.
If you use Opera browser - Click Opera at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please download Malwarebytes' Anti-Malware (MBAM) to your desktop or a convenient location of your choosing from one of the following websites:
MBAM provides support for Windows 2000, XP, and Vista.
BestTechie.net
http://www.besttechie.net/tools/mbam-setup.exe
or
MajorGeeks.com:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
Double-click mbam-setup.exe and follow the prompts to install the program. At the end of the install, verify that a checkmark is placed next to the following two options:- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' anti-Malware
- Click Finish.
- MBAM will automatically update, if the above options are checked.
- Once the program launches, select Perform quick scan, then click Scan.
- When the scan is complete, click OK -> Show Results to view the scan results.
- Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
- When the scan is finished, a log will open in Notepad with the scan results. Please post the results in your next reply, along with a new HJT log.
You may be prompted to restart your computer (see Note), in which case you can retrieve the log afterwards by reopening MBAM and selecting the Logs tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with a prompt. Please respond by clicking OK, and this will allow MBAM to continue with removal process. If MBAM asks to restart the computer, you should immediately comply with that request, so all malware traces are satisfactorily removed
Please post your HJT log and the MBAM Log.
Author: fia6, Location: Sweden
Posted: Thu Jun 26, 2008 4:06 am Post subject: Here is the result from htj
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:45:46, on 2008-06-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
L:\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
G:\Program\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\TECOM\Bluetooth-programvara\bin\btwdins.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
c:\program\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
L:\Program\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
G:\Program\ScreenMark.exe
G:\Program\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\Program\uTorrent\uTorrent.exe
L:\Program\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\HP_Ägaren\Skrivbord\ATF-Cleaner.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dinstartsida.se/almanacka.asp?datum=2008-08-01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "L:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [SMKRun] G:\Program\ScreenMark.exe -i
O4 - HKLM\..\Run: [basicsmssmenu] "G:\Program\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\TECOM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\TECOM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\TECOM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157142504953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197889644593
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: aawservice - Lavasoft - L:\Program\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - L:\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - G:\Program\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\TECOM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - (no file)
O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
--
End of file - 10991 bytes
Malwarebyte reported no infections (in swedish)
Author: negster22,
Posted: Sat Jun 28, 2008 1:44 am Post subject:
Hi fia6,
I'm not seeing anything malicious in your log at all.
Open HJT. Click the ' 'Do a system scan only'' option to perform a HijackThis scan and place a checkmark next to the following items. Close ALL other windows and browsers except HijackThis. Click "Fix Checked".
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - (no file)
Close HJT
Your Java (JRE) is out of date.
Please follow these steps to remove older version Java components and update.
Download the latest version of the Java Runtime Environment - (JRE) 6 Update 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6 -
The Java SE Runtime Environment (JRE) allows end-users to run Java applications."- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement", and the page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
Please perform a scan with the ESET online virus scanner:
http://www.eset.com/onlinescan/index.php
- ESET recommends disabling your resident antivirus's (Panda) auto-protection feature before beginning the scan to avoid conflicts and system hangs:
- This can be accomplished by right-clicking your antivirus's system tray icon and choosing "Close automatic protection."
- Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
- Check the "Yes, I accept the terms of use" box.
- Click "Start"
- Check the box that enables removal of all threats found
When the scan is done, please post the scan report in your next reply. It can be found in this location:
C:\Program Files\EsetOnlineScanner\log.txt
Please post one more HJT log and the ESET online scanner report.
CastleCops
-> Rootkit Revelations
All times are GMT
Page 1 of 1
Powered by phpBB © 2001 phpBB Group