Jump to content

wingding

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. please let me know if this is not what you were looking for. I could not find a unhooker log so I ran this. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== ntkrnlpa.exe+0x0002D524, Type: Inline - RelativeJump 0x80504524-->805044B2 [ntkrnlpa.exe] ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe] [456]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll] [456]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [456]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll] [456]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [456]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [456]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll] [456]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll] [456]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll] [568]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll] [568]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll] [568]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll] [568]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll] [568]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll] [568]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll] [568]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll] [568]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [568]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll] [568]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll] [568]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll] [568]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll] [568]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll] [568]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll] [568]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [568]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll] [568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll] [568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll] [568]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll] [568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll] [568]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll] [568]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll] [568]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll] [568]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll] [568]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll] [568]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll] [568]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll] [568]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll] [568]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll] [568]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll] [568]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll] [1568]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll] [1568]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll] [1568]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll] [1568]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll] [1568]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll] [1568]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll] [1568]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll] [1568]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [1568]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll] [1568]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll] [1568]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll] [1568]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll] [1568]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll] [1568]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll] [1568]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [1568]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll] [1568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll] [1568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll] [1568]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [1568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll] [1568]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll] [1568]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll] [1568]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll] [1568]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll] [1568]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll] [1568]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll] [1568]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll] [1568]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll] [1568]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll] [1568]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll] [1568]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll] [1568]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
  2. I had windows defender infection that I removed with Malwarebytes. Everytime I search with google I am redirected to findgala.com. Below is malware bytes log. Any help would be greatly appreciated. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4649 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/18/2010 9:43:04 PM mbam-log-2010-09-18 (21-43-04).txt Scan type: Quick scan Objects scanned: 130917 Time elapsed: 6 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I ran defogger. I ran DDS, here is the log: DDS (Ver_10-03-17.01) - NTFSx86 Run by w5 at 21:48:13.76 on Sat 09/18/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2315 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\FSRremoS.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\w5\Desktop\Defogger.exe C:\Documents and Settings\w5\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL uRun: [Google Update] "c:\documents and settings\w5\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Mouse Suite 98 Daemon] ICO.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213204226060 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280966244581 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-17 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-24 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-24 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-24 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-24 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-24 297752] R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2008-6-3 5632] R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [2008-6-3 23040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-7-27 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-09-19 01:47:36 0 ----a-w- c:\documents and settings\w5\defogger_reenable 2010-09-19 01:25:18 98816 ----a-w- c:\windows\sed.exe 2010-09-19 01:25:18 77312 ----a-w- c:\windows\MBR.exe 2010-09-19 01:25:18 256512 ----a-w- c:\windows\PEV.exe 2010-09-19 01:25:18 161792 ----a-w- c:\windows\SWREG.exe 2010-09-17 18:13:23 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-09-17 16:04:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-09-17 16:04:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-17 16:02:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-17 16:01:45 0 d-----w- c:\program files\Lavasoft 2010-09-10 00:07:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MSIAS 2010-08-27 16:24:35 0 ----a-w- c:\documents and settings\w5\jagex__preferences3.dat 2010-08-27 16:24:32 99 ----a-w- c:\documents and settings\w5\jagex_runescape_preferences2.dat 2010-08-27 16:23:17 46 ----a-w- c:\documents and settings\w5\jagex_runescape_preferences.dat 2010-08-24 02:27:26 423656 ----a-w- c:\windows\system32\deployJava1.dll ==================== Find3M ==================== 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-06 00:04:17 20848 ----a-w- c:\docume~1\w5\applic~1\GDIPFONTCACHEV1.DAT 2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 21:48:41.81 =============== Ran GMER.exe, here is the log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-18 22:46:10 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\w5\LOCALS~1\Temp\pwdoykob.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA11887E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA118BFE] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[596] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3944] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3944] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB) ---- EOF - GMER 1.0.15 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.