BleepingComputer.com: Fake Windows Security Alerts and Google Redirect

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Fake Windows Security Alerts and Google Redirect help!

#1 User is offline   prez610 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 13-June 11

Posted 14 June 2011 - 06:52 AM

First of all, thanks for the amazing website here. I am having some major problems, most probably malware with my computer. About a week ago, I got the fake Windows Security Alerts on my toolbar and then a day or 2 later began getting Google redirects to Scoura.com, etc...In the past, I've been able to fix the computer using recommended fixes from this website, including Malware Bytes, SPyware SD, but this time I havent been able to get rid of anything. I've tried a handful of programs, all recommended for people with the same problems as I but to no avail. Also, I downloaded TDSS Killer, renamed it multiple time but can't get it to run. I probably need ComboFix but the numerous warnings have scared me into waiting for further advice. So here I sit...please see the attached and below logs, and thanks in advance for your help.

DDS Report:
.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Rachel Secunda at 22:05:58 on 2011-06-13
.
============== Running Processes ===============
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Rachel Secunda\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3bf8aee0-0b2e-4656-b607-37b5e801401f} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-VGUOO.exe" /REG /REGSVRMODE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155318971718
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{0746839E-9425-4147-9AEA-E9FE44D2B4A0} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rachel secunda\application data\mozilla\firefox\profiles\5xz9iocl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R? a2acc;a2acc
R? a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service
R? a2injectiondriver;a2injectiondriver
R? a2util;a-squared Malware-IDS utility driver
R? nosGetPlusHelper;getPlus® Helper 3004
R? PSI;PSI
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
R? Secunia PSI Agent;Secunia PSI Agent
R? Secunia Update Agent;Secunia Update Agent
R? Viewpoint Manager Service;Viewpoint Manager Service
.
=============== Created Last 30 ================
.
2011-06-13 00:56:40 -------- d-----w- c:\documents and settings\rachel secunda\application data\EurekaLog
2011-06-13 00:38:52 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-06-12 18:31:33 -------- d-----w- c:\documents and settings\rachel secunda\application data\SUPERAntiSpyware.com
2011-06-12 18:31:33 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-12 18:19:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-12 04:21:26 -------- d--h--w- c:\windows\PIF
2011-06-12 03:31:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-07 13:14:56 -------- d-----w- c:\documents and settings\rachel secunda\local settings\application data\Secunia PSI
2011-06-07 13:12:57 -------- d-----w- c:\program files\Secunia
2011-06-07 00:54:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-07 00:54:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 00:39:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-12 03:27:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2007-11-26 17:11:21 5688438 -c--a-w- c:\program files\HKCU.reg
2007-11-26 17:11:18 19004418 -c--a-w- c:\program files\HKLM.reg
.
============= FINISH: 22:08:35.98 ===============

GMER Report:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-14 07:45:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS424030M9AT00 rev.MAAOA71A
Running: gmer.exe; Driver: C:\DOCUME~1\RACHEL~1\LOCALS~1\Temp\uwldapog.sys


---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys F9553BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F9553BF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}
INITc VolSnap.sys F9553C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F9553C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F9553C70 4 Bytes [09, BF, 4D, 80]
INITc ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[140] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 006C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[140] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0069000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[140] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0068000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[140] WS2_32.dll!send 71AB4C27 5 Bytes JMP 006A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[140] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 006B000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00B5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0058000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0057000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[208] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[860] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat F8273D20

---- Threads - GMER 1.0.15 ----

Thread System [4:112] 81A6DE7A
Thread System [4:116] 81A70008

---- EOF - GMER 1.0.15 ----

Attached File(s)


#2 User is offline   prez610 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 13-June 11

Posted 20 June 2011 - 01:12 PM

Please disregard/delete the above post.

Thanks

#3 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 20 June 2011 - 01:22 PM

Thanks for letting us know.

As it seems you no longer require our assistance, I'll go ahead and close this thread for you.

Thread Closed.

Please take care.

Kindest Regards,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users