Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explore Relicating Itself Multiple Times


  • This topic is locked This topic is locked
16 replies to this topic

#1 SonInHeaven

SonInHeaven

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:08:08 AM

Posted 03 February 2010 - 11:57 PM

I have read the guidelines. My computer is slow and opened thirty-six IE's with one click. I ran Dr. Web. It showed no malware. I ran Combofix before I read the guidelines crazy.gif Sorry.




DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Administrator at 23:29:20.78 on Wed 02/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.188 [GMT -5:00]

AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator.BRADLEYLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\E169YNGJ\dds[1].scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Freecause Toolbar BHO: {aaac503b-6f0f-4f48-8055-289b8a5ef5c0} - c:\program files\causes\Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Causes: {5d51b4f2-cc28-4488-9ab3-be7e40eb3293} - c:\program files\causes\Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ABBYY Community Agent] c:\program files\abbyy finereader 5.0 sprint\CAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe"
mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe"
mRun: [SpIDerGate] "c:\program files\drweb\spidergate.exe" -autorun
mRun: [SpIDerNT] c:\progra~1\drweb\spiderui.exe /agent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\icatch~1.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe
LSP: c:\program files\drweb\drwebsp.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1258087976984
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258085900859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258226727625
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-2-1 107000]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-15 360584]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-15 333192]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-15 28424]
S1 SASDIFSV;SASDIFSV;c:\progra~1\supera~1\SASDIFSV.SYS [2009-5-26 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-15 285392]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2009-9-22 869688]
S2 gupdate1ca900f42ff21ea;Google Update Service (gupdate1ca900f42ff21ea);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 133104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\drweb\spider.sys [2009-8-17 306464]
S3 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\drweb\spidernt.exe [2009-8-17 231328]

=============== Created Last 30 ================

2010-02-04 02:44:37 0 d-sha-r- C:\cmdcons
2010-02-04 02:43:04 98816 ----a-w- c:\windows\sed.exe
2010-02-04 02:43:04 77312 ----a-w- c:\windows\MBR.exe
2010-02-04 02:43:04 261632 ----a-w- c:\windows\PEV.exe
2010-02-04 02:43:04 161792 ----a-w- c:\windows\SWREG.exe
2010-02-04 01:32:57 0 d-----w- c:\documents and settings\administrator.bradleylaptop\DoctorWeb
2010-02-03 22:41:40 0 d-sh--w- c:\documents and settings\administrator.bradleylaptop\IECompatCache
2010-02-03 22:41:15 0 d-sh--w- c:\documents and settings\administrator.bradleylaptop\PrivacIE
2010-02-02 04:06:15 107000 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-02-02 04:05:50 0 d-----w- c:\program files\common files\Doctor Web
2010-02-02 04:05:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Doctor Web
2010-02-02 04:05:30 0 d-----w- c:\program files\DrWeb
2010-01-20 03:21:48 0 d-----w- c:\program files\CCleaner
2010-01-13 00:46:39 0 d-----w- c:\program files\Application Updater
2010-01-08 01:55:33 0 d-----w- C:\SDFix

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-15 21:14:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-15 21:14:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-15 21:14:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-15 03:30:02 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-15 03:29:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2007-02-06 22:04:36 651 ----a-w- c:\program files\Launcher.xml
2007-02-06 19:12:42 7542784 ----a-w- c:\program files\snapfireplus.msi
2007-02-06 19:11:58 1912 ----a-w- c:\program files\Setup.ini
2007-02-06 19:11:54 93017343 ----a-w- c:\program files\Data1.cab
2005-06-02 14:12:38 2587408 ----a-w- c:\program files\msi31.exe
2005-06-02 14:12:08 5515 ----a-w- c:\program files\0x0409.ini
2004-03-17 21:13:46 1028368 ----a-w- c:\program files\vbrun60sp6.exe
2009-09-26 05:08:15 88 --sh--r- c:\windows\system32\73F783323D.sys
2009-09-26 05:08:17 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-17 12:57:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-08-23 19:36:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat
2009-06-17 12:57:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 23:29:57.50 ===============



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/03 23:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF802C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BED000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF76DA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 125 Function Name: NtOpenSection
Status: Hooked by "dwprot.sys" at address 0xf85b84d8

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "dwprot.sys" at address 0xf85b840e

==EOF==

Edited by SonInHeaven, 04 February 2010 - 12:02 AM.

Thank you,
Very Truly Yours,

SonInHeaven

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 10 February 2010 - 07:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run Gmer, a rootkit scanner

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 16 February 2010 - 07:51 AM

Since this issue appears to be resolved ... this topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 01 March 2010 - 07:17 AM

Reopened at user's request

--------------------------------------------

Post the Gmer log when ready smile.gif
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 03 March 2010 - 08:46 PM

Hi,

We're not going to get very far through the fix if you keep disappearing. smile.gif

Post the requested logs, or contact me, or I will have to close the topic.

Thanks,

m0le
Posted Image
m0le is a proud member of UNITE

#6 SonInHeaven

SonInHeaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:08:08 AM

Posted 04 March 2010 - 08:10 AM

I ran Gmer about a week ago, and it showed no threats. Please see my PM. I'll try to contact you through this thread. Thank you for your help.
Thank you,
Very Truly Yours,

SonInHeaven

#7 SonInHeaven

SonInHeaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:08:08 AM

Posted 04 March 2010 - 07:09 PM

Everything seems to be working now with regard to the error "...search flood control... I think the problem resoved itself. It occurred when I clicked the assistant and clicked "My topics". I recieved the message before it went to any posts or threads.
By the way, do you need a current log of Gmer?

Thank you,
Very Truly Yours,

SonInHeaven

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 05 March 2010 - 03:22 PM

Yes, a new Gmer and also an MBAM log please.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks smile.gif
Posted Image
m0le is a proud member of UNITE

#9 SonInHeaven

SonInHeaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:08:08 AM

Posted 05 March 2010 - 10:02 PM

Here are the Gmer and MBNA logs that you requested:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-05 18:03:16
Windows 5.1.2600 Service Pack 3
Running: ci6eqdjd_Gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awlirkod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-05 21:31:21
Windows 5.1.2600 Service Pack 3
Running: ci6eqdjd_Gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awlirkod.sys


---- System - GMER 1.0.15 ----

SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xF85B84D8]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xF85B840E]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2992] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)

---- EOF - GMER 1.0.15 ----




Malwarebytes' Anti-Malware 1.44
Database version: 3827
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/5/2010 5:55:24 PM
mbam-log-2010-03-05 (17-55-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 240288
Time elapsed: 57 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you,
Very Truly Yours,

SonInHeaven

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 06 March 2010 - 07:50 AM

That's clean. Let's check the Iexplore.exe processes are legitimate.

Please download and run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and post here

Copy and paste the log into your next reply
Posted Image
m0le is a proud member of UNITE

#11 SonInHeaven

SonInHeaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:08:08 AM

Posted 06 March 2010 - 04:12 PM

Process PID CPU Description Company Name
System Idle Process 0 95.45
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 720 Windows NT Session Manager Microsoft Corporation
csrss.exe 792 Client Server Runtime Process Microsoft Corporation
winlogon.exe 820 Windows NT Logon Application Microsoft Corporation
services.exe 864 1.52 Services and Controller app Microsoft Corporation
svchost.exe 1020 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1140 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2524 Windows Update Microsoft Corporation
svchost.exe 1192 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1292 Generic Host Process for Win32 Services Microsoft Corporation
WLTRYSVC.EXE 1576
BCMWLTRY.EXE 1588 1.52 Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
spoolsv.exe 1648 Spooler SubSystem App Microsoft Corporation
svchost.exe 1728 Generic Host Process for Win32 Services Microsoft Corporation
ACService.exe 1764 ArcSoft Connect Service ArcSoft Inc.
AppleMobileDeviceService.exe 1776 Apple Mobile Device Service Apple Inc.
ApplicationUpdater.exe 1788 Application Updater Spigot, Inc.
mDNSResponder.exe 1820 Bonjour Service Apple Inc.
dwengine.exe 1840 Dr.Web ® Scanning Engine Doctor Web, Ltd.
jqs.exe 1928 Java™ Quick Starter Service Sun Microsystems, Inc.
McciCMService.exe 1964 mcci+McciCMService Alcatel-Lucent
PSIService.exe 2044 nTitles PSIService
svchost.exe 220 Generic Host Process for Win32 Services Microsoft Corporation
fxssvc.exe 328 Fax Service Microsoft Corporation
alg.exe 2120 Application Layer Gateway Service Microsoft Corporation
iPodService.exe 3992 iPodService Module (32-bit) Apple Inc.
lsass.exe 876 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 2424 Windows Explorer Microsoft Corporation
McciTrayApp.exe 2832 mcci+McciTrayApp Alcatel-Lucent
iTunesHelper.exe 2840 iTunesHelper Apple Inc.
SynTPEnh.exe 2848 Synaptics TouchPad Enhancements Synaptics, Inc.
igfxpers.exe 2888 persistence Module Intel Corporation
hkcmd.exe 2896 hkcmd Module Intel Corporation
WLTRAY.EXE 2912 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
ACDaemon.exe 2948 ArcSoft Connect Daemon ArcSoft Inc.
ArcCon.ac 3312 ArcSoft Connect Notifier ArcSoft Inc.
CAgent.exe 2960 ABBYY Community Agent ABBYY (BIT Software)
jusched.exe 2988 Java™ Platform SE binary Sun Microsystems, Inc.
spideragent.exe 3052 SpIDer Agent for Windows Doctor Web, Ltd.
spiderui.exe 3204 SpIDer Guard UI Agent Doctor Web, Ltd.
Skype.exe 3284 Skype Skype Technologies S.A.
skypePM.exe 2772 Skype Extras Manager Skype Technologies
Hotsync.exe 3364 HotSync® Manager Application PalmSource, Inc
SnapDetect.exe 3416
mbam.exe 2980 Malwarebytes' Anti-Malware Malwarebytes Corporation
iexplore.exe 2940 Internet Explorer Microsoft Corporation
iexplore.exe 3324 Internet Explorer Microsoft Corporation
WinRAR.exe 620 WinRAR archiver Alexander Roshal
procexp.exe 1456 1.52 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
magicJack.exe 2560 magicJack USB Softphone magicJack L.P.


Thank you,
Very Truly Yours,

SonInHeaven

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 06 March 2010 - 06:59 PM

Two iexplorer.exe processes running. Neither of them are malicious.

What symptoms are you currently experiencing?
Posted Image
m0le is a proud member of UNITE

#13 SonInHeaven

SonInHeaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:08:08 AM

Posted 06 March 2010 - 08:20 PM

There are two windows that were popping up. ONe is Dwwin.exe. That seems to be gone when I rebooted. The other is BookQuotations.exe keeps coming up when skype opens. Right now I have not used the computer much to see any symptoms. Using the internet for this message is mostly what I have been doing and nothing appears to be acting strangly. I sure thank you for your help. Let me use it for a couple of days. I will let you know.

Edited by SonInHeaven, 06 March 2010 - 08:23 PM.

Thank you,
Very Truly Yours,

SonInHeaven

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:08 PM

Posted 06 March 2010 - 08:23 PM

Okay, give it a good test drive.

I will bump the topic in 3 days in case you forget. smile.gif
Posted Image
m0le is a proud member of UNITE

#15 SonInHeaven

SonInHeaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:08:08 AM

Posted 07 March 2010 - 09:49 PM

With regard to the two IE processes running, there is some hestitation when I open IE, and when I change windows particulary in My Yahoo and my Yahoo email it takes an unusually long time.
Thank you,
Very Truly Yours,

SonInHeaven




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users