Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antimalware Doctor


  • This topic is locked This topic is locked
8 replies to this topic

#1 ac209

ac209

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 15 June 2010 - 08:00 PM

I got infected today with this malware and can't get rid of it. Please help. It is exactly like I have seen in all of the websites that I looked up about it. I just keeps popping up telling me I have these viruses and I need to download the complete version to get rid of it. I knew it was bull when I couldn't go into programs-add/delete. Also since I never downloaded it. Here is the info that you guys asked for. THis computer does not get the e-mail, but my desktop one does, so I will keep checking until I hear from one of you. Until then, I am going to just shut this down until then. Thanks. ac209





DDS (Ver_10-03-17.01) - NTFSx86
Run by carrol at 18:13:26.21 on Tue 06/15/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1537 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Users\carrol\AppData\Roaming\61DBEDC4D951337BC069E1D9B71FAFE8\setupupdater0000.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\carrol\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\progra~1\iwinga~1\IWINGA~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [setupupdater0000.exe] c:\users\carrol\appdata\roaming\61dbedc4d951337bc069e1d9b71fafe8\setupupdater0000.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\carrol\appdata\roaming\micros~1\windows\startm~1\programs\startup\antima~1.lnk - c:\users\carrol\appdata\roaming\61dbedc4d951337bc069e1d9b71fafe8\setupupdater0000.exe
StartupFolder: c:\users\carrol\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\carrol\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-29 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-29 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100522.001\BHDrvx86.sys [2010-5-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-29 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100604.004\IDSvix86.sys [2010-6-8 344112]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-27 20352]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-29 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-5-29 339504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-1-21 78104]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-29 126392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-13 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-23 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-12 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-27 937984]

=============== Created Last 30 ================

2010-06-15 23:10:38 0 ----a-w- c:\users\carrol\defogger_reenable
2010-06-15 22:15:25 0 d-----w- C:\_OTL
2010-06-15 20:38:18 0 d-----w- c:\users\carrol\appdata\roaming\61DBEDC4D951337BC069E1D9B71FAFE8
2010-06-11 00:09:26 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 00:09:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 00:09:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 00:07:58 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 01:27:46 0 d-----w- c:\program files\Sherlock Holmes - The Mystery of the Persian Carpet
2010-06-07 23:47:56 0 d-----w- c:\users\carrol\appdata\roaming\Anabel
2010-06-02 23:59:46 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-05-29 02:40:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 03:59:08 0 d-----w- c:\users\carrol\Tracing
2010-05-21 03:55:25 0 d-----w- c:\program files\Microsoft
2010-05-21 03:54:56 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-21 03:33:55 0 d-----w- c:\program files\common files\Windows Live
2010-05-17 01:11:06 0 d-----w- c:\users\carrol\appdata\roaming\Frogwares

==================== Find3M ====================

2010-06-02 23:59:20 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-02 23:59:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-02 23:59:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-17 03:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-12-28 16:26:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-11 13:49:04 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-10-09 17:09:33 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2008-10-09 17:09:33 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 18:14:53.25 ===============







GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-15 19:42:25
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\carrol\AppData\Local\Temp\uwlcapow.sys


---- System - GMER 1.0.15 ----

SSDT 881D77F8 ZwAlertResumeThread
SSDT 8819EEF8 ZwAlertThread
SSDT 88AD5B10 ZwAllocateVirtualMemory
SSDT 88087238 ZwAlpcConnectPort
SSDT 888E3048 ZwAssignProcessToJobObject
SSDT 88ADF008 ZwCreateMutant
SSDT 88AE5D38 ZwCreateSymbolicLinkObject
SSDT 88AD4DF0 ZwCreateThread
SSDT 88833048 ZwDebugActiveProcess
SSDT 88AD5CE8 ZwDuplicateObject
SSDT 88AD3AE0 ZwFreeVirtualMemory
SSDT 8819EF90 ZwImpersonateAnonymousToken
SSDT 8883B068 ZwImpersonateThread
SSDT 88087658 ZwLoadDriver
SSDT 88AD3980 ZwMapViewOfSection
SSDT 8819E368 ZwOpenEvent
SSDT 88AD5EB8 ZwOpenProcess
SSDT 886EB0E0 ZwOpenProcessToken
SSDT 8819FE20 ZwOpenSection
SSDT 88AD5DB0 ZwOpenThread
SSDT 88AE4E40 ZwProtectVirtualMemory
SSDT 8819EB78 ZwResumeThread
SSDT 8881EB68 ZwSetContextThread
SSDT 88AD37A8 ZwSetInformationProcess
SSDT 881CE328 ZwSetSystemInformation
SSDT 8819F200 ZwSuspendProcess
SSDT 881D7120 ZwSuspendThread
SSDT 88361490 ZwTerminateProcess
SSDT 881983F8 ZwTerminateThread
SSDT 8825A120 ZwUnmapViewOfSection
SSDT 88AD3EB0 ZwWriteVirtualMemory
SSDT 88AE4420 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EE2880 8 Bytes [F8, 77, 1D, 88, F8, EE, 19, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81EE2894 4 Bytes [10, 5B, AD, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EE28A0 4 Bytes [38, 72, 08, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 81EE28F4 4 Bytes [48, 30, 8E, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EE2958 4 Bytes [08, F0, AD, 88]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89F55000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89F9E000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ntdll.dll!RtlEncodeSystemPointer + 873 7730938B 10 Bytes JMP 042D003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogParamW 76CD72A2 5 Bytes JMP 6DA9DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!GetAsyncKeyState 76CD863C 5 Bytes JMP 6D9B8EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetWindowsHookExW 76CD87AD 5 Bytes JMP 6DA99AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CallNextHookEx 76CD8E3B 5 Bytes JMP 6DA8D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!UnhookWindowsHookEx 76CD98DB 5 Bytes JMP 6DA0467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!EnableWindow 76CDCD8B 5 Bytes JMP 6DA9DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateWindowExW 76CE1305 5 Bytes JMP 6DA9DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!GetKeyState 76CE8CB1 5 Bytes JMP 6DA9D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!IsDialogMessageW 76CF0745 5 Bytes JMP 6D9C59D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogParamA 76CF17AA 5 Bytes JMP 6DB9547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!IsDialogMessage 76CF1847 5 Bytes JMP 6DB94D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogIndirectParamA 76CF26F1 5 Bytes JMP 6DB954B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogIndirectParamW 76CF9A62 5 Bytes JMP 6DB954E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetKeyboardState 76D00987 5 Bytes JMP 6DB95086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamW 76D010B0 5 Bytes JMP 6D9C54C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamW 76D02EF5 5 Bytes JMP 6DB9480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SendInput 76D02F75 5 Bytes JMP 6DB95C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!EndDialog 76D0326E 5 Bytes JMP 6D9C7E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetCursorPos 76D16FB2 5 Bytes JMP 6DB95C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamA 76D18152 5 Bytes JMP 6DB947AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamA 76D1847D 5 Bytes JMP 6DB94872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectA 76D2D4D9 5 Bytes JMP 6DB94741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectW 76D2D5D3 5 Bytes JMP 6DB946D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExA 76D2D639 5 Bytes JMP 6DB94674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExW 76D2D65D 5 Bytes JMP 6DB94612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!keybd_event 76D2D972 5 Bytes JMP 6DB95FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] SHELL32.dll!SHRestricted + D95 75CE8988 4 Bytes [4D, 30, 09, 6C] {DEC EBP; XOR [ECX], CL; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] SHELL32.dll!SHRestricted + D9D 75CE8990 8 Bytes [57, 2F, 09, 6C, 9C, 5B, 08, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!OleLoadFromStream 76AA1E12 5 Bytes JMP 6DB94B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!CoGetTreatAsClass + D2F 76ABFAB7 7 Bytes JMP 042D03DC
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!CoCreateInstance 76AD9EA6 5 Bytes JMP 6DA9DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!CoCreateInstance + 3E 76AD9EE4 7 Bytes JMP 042D0326
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!CreateWindowExW 76CE1305 5 Bytes JMP 6DA9DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxParamW 76D010B0 5 Bytes JMP 6D9C54C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxIndirectParamW 76D02EF5 5 Bytes JMP 6DB9480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxParamA 76D18152 5 Bytes JMP 6DB947AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!DialogBoxIndirectParamA 76D1847D 5 Bytes JMP 6DB94872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxIndirectA 76D2D4D9 5 Bytes JMP 6DB94741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxIndirectW 76D2D5D3 5 Bytes JMP 6DB946D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxExA 76D2D639 5 Bytes JMP 6DB94674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2752] USER32.dll!MessageBoxExW 76D2D65D 5 Bytes JMP 6DB94612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] ntdll.dll!RtlEncodeSystemPointer + 873 7730938B 10 Bytes JMP 040F003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogParamW 76CD72A2 5 Bytes JMP 6DA9DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!GetAsyncKeyState 76CD863C 5 Bytes JMP 6D9B8EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SetWindowsHookExW 76CD87AD 5 Bytes JMP 6DA99AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CallNextHookEx 76CD8E3B 5 Bytes JMP 6DA8D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!UnhookWindowsHookEx 76CD98DB 5 Bytes JMP 6DA0467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!EnableWindow 76CDCD8B 5 Bytes JMP 6DA9DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateWindowExW 76CE1305 5 Bytes JMP 6DA9DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!GetKeyState 76CE8CB1 5 Bytes JMP 6DA9D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!IsDialogMessageW 76CF0745 5 Bytes JMP 6D9C59D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogParamA 76CF17AA 5 Bytes JMP 6DB9547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!IsDialogMessage 76CF1847 5 Bytes JMP 6DB94D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogIndirectParamA 76CF26F1 5 Bytes JMP 6DB954B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogIndirectParamW 76CF9A62 5 Bytes JMP 6DB954E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SetKeyboardState 76D00987 5 Bytes JMP 6DB95086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxParamW 76D010B0 5 Bytes JMP 6D9C54C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxIndirectParamW 76D02EF5 5 Bytes JMP 6DB9480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SendInput 76D02F75 5 Bytes JMP 6DB95C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!EndDialog 76D0326E 5 Bytes JMP 6D9C7E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SetCursorPos 76D16FB2 5 Bytes JMP 6DB95C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxParamA 76D18152 5 Bytes JMP 6DB947AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxIndirectParamA 76D1847D 5 Bytes JMP 6DB94872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxIndirectA 76D2D4D9 5 Bytes JMP 6DB94741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxIndirectW 76D2D5D3 5 Bytes JMP 6DB946D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxExA 76D2D639 5 Bytes JMP 6DB94674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxExW 76D2D65D 5 Bytes JMP 6DB94612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!keybd_event 76D2D972 5 Bytes JMP 6DB95FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!SHRestricted + D95 75CE8988 4 Bytes [4D, 30, 09, 6C] {DEC EBP; XOR [ECX], CL; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!SHRestricted + D9D 75CE8990 8 Bytes [57, 2F, 09, 6C, 9C, 5B, 08, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] ole32.dll!OleLoadFromStream 76AA1E12 5 Bytes JMP 6DB94B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] ole32.dll!CoGetTreatAsClass + D2F 76ABFAB7 7 Bytes JMP 040F03DC
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] ole32.dll!CoCreateInstance 76AD9EA6 5 Bytes JMP 6DA9DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5084] ole32.dll!CoCreateInstance + 3E 76AD9EE4 7 Bytes JMP 040F0326
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] ntdll.dll!RtlEncodeSystemPointer + 873 7730938B 10 Bytes JMP 05DA003A
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!CreateDialogParamW 76CD72A2 5 Bytes JMP 6DA9DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!GetAsyncKeyState 76CD863C 5 Bytes JMP 6D9B8EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!SetWindowsHookExW 76CD87AD 5 Bytes JMP 6DA99AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!CallNextHookEx 76CD8E3B 5 Bytes JMP 6DA8D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!UnhookWindowsHookEx 76CD98DB 5 Bytes JMP 6DA0467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!EnableWindow 76CDCD8B 5 Bytes JMP 6DA9DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!CreateWindowExW 76CE1305 5 Bytes JMP 6DA9DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!GetKeyState 76CE8CB1 5 Bytes JMP 6DA9D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!IsDialogMessageW 76CF0745 5 Bytes JMP 6D9C59D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!CreateDialogParamA 76CF17AA 5 Bytes JMP 6DB9547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!IsDialogMessage 76CF1847 5 Bytes JMP 6DB94D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!CreateDialogIndirectParamA 76CF26F1 5 Bytes JMP 6DB954B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!CreateDialogIndirectParamW 76CF9A62 5 Bytes JMP 6DB954E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!SetKeyboardState 76D00987 5 Bytes JMP 6DB95086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!DialogBoxParamW 76D010B0 5 Bytes JMP 6D9C54C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!DialogBoxIndirectParamW 76D02EF5 5 Bytes JMP 6DB9480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!SendInput 76D02F75 5 Bytes JMP 6DB95C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!EndDialog 76D0326E 5 Bytes JMP 6D9C7E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!SetCursorPos 76D16FB2 5 Bytes JMP 6DB95C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!DialogBoxParamA 76D18152 5 Bytes JMP 6DB947AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!DialogBoxIndirectParamA 76D1847D 5 Bytes JMP 6DB94872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!MessageBoxIndirectA 76D2D4D9 5 Bytes JMP 6DB94741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!MessageBoxIndirectW 76D2D5D3 5 Bytes JMP 6DB946D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!MessageBoxExA 76D2D639 5 Bytes JMP 6DB94674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!MessageBoxExW 76D2D65D 5 Bytes JMP 6DB94612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] USER32.dll!keybd_event 76D2D972 5 Bytes JMP 6DB95FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] SHELL32.dll!SHRestricted + D95 75CE8988 4 Bytes [4D, 30, 09, 6C] {DEC EBP; XOR [ECX], CL; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] SHELL32.dll!SHRestricted + D9D 75CE8990 8 Bytes [57, 2F, 09, 6C, 9C, 5B, 08, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] ole32.dll!OleLoadFromStream 76AA1E12 5 Bytes JMP 6DB94B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] ole32.dll!CoGetTreatAsClass + D2F 76ABFAB7 7 Bytes JMP 05DA01A9
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] ole32.dll!CoCreateInstance 76AD9EA6 5 Bytes JMP 6DA9DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6004] ole32.dll!CoCreateInstance + 3E 76AD9EE4 7 Bytes JMP 05DA00F3

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\image[1].jpg 4020 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\img-resized[1].png 677 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\imgad[1].jpg 15645 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\imp[1] 1764 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\index[1].htm 26158 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\Jim-Marshall_184909[1].jpg 8312 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\JS[1].htm 0 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\k_log[1].php 1 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\k_log[2].php 1 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\k_log[4].php 1 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\lenasti16-1264651_20_20[1].jpg 690 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\expandingIframeGlobalTemplate_v2_56_03[1].js 65664 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\getkey[1].php 621 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RZS3D93C\Lisa-Edelstein-1111448[1].jpg 369449 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\II3_Rules[1].js 38917 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\info_48[1] 6993 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\ips_attach[1].js 9453 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\i[1].png 291 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\jquery.query[1].js 7844 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\jquery[1].js 0 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\jsapi[1].htm 87 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\JS[1].htm 0 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\JS[2].htm 0 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\k_log[1].php 1 bytes
File C:\Users\carrol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WU6KX7QF\lang_javascript[1].js 0 bytes

---- EOF - GMER 1.0.15 ----


Attached Files



BC AdBot (Login to Remove)

 


#2 ac209

ac209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 June 2010 - 08:10 PM

Not sure what happened, but I started my computer today to check this site and Norton caught it (I think). At any rate, the icons on my taskbar are no longer there. I went to add/delete programs and was able to delete it from that list. I could not do that the other day. If Norton caught it, did it get rid of the whole thing or just part of it? I know that I was not to do anything, but this was very much unintentional.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:25 AM

Posted 20 June 2010 - 06:46 PM

Hi ac209,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

Please run DDS and post a fresh DDS.txt to your reply. No need for the Attach.txt. Also tell me if you are currently experiencing any issues.

#4 ac209

ac209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 21 June 2010 - 05:41 PM

Hi Farbar,

Before I got ahold of you, I tried Spybot and that did not seem to clear up the mess. I did not think that the Norton would catch it as it had already let it slip through. The following day I started my computer to check my thread and during the initital start-up, Norton advised I had this virus and I clicked on it. Ever since then, I have not had the pop ups, as before, I would have the Antimalware Doctor symbol pop-up every 15-30 seconds and had to keep "X"ing out to get it off my desktop. Now it seems gone, but I am unsure of what it might had done to the registry files or worse, a hidden trojan horse. I do not do anything with credit cards or bills with this computer. Anyway, thanks in advance. Here is the new DDS file you wanted.




NEW DDS FILE>>>>>>>>>


DDS (Ver_10-03-17.01) - NTFSx86
Run by carrol at 17:25:51.26 on Mon 06/21/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1610 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\carrol\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\carrol\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\carrol\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-29 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-29 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100522.001\BHDrvx86.sys [2010-5-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-29 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100617.005\IDSvix86.sys [2010-6-21 344112]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-27 20352]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-29 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-5-29 339504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-1-21 78104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-23 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-12 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-27 937984]

=============== Created Last 30 ================

2010-06-15 23:10:38 0 ----a-w- c:\users\carrol\defogger_reenable
2010-06-15 22:15:25 0 d-----w- C:\_OTL
2010-06-15 20:38:18 0 d-----w- c:\users\carrol\appdata\roaming\61DBEDC4D951337BC069E1D9B71FAFE8
2010-06-11 00:09:26 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 00:09:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 00:09:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 00:07:58 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 01:27:46 0 d-----w- c:\program files\Sherlock Holmes - The Mystery of the Persian Carpet
2010-06-07 23:47:56 0 d-----w- c:\users\carrol\appdata\roaming\Anabel
2010-06-02 23:59:46 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-05-29 02:40:30 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-06-02 23:59:20 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-02 23:59:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-02 23:59:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-17 03:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-12-28 16:26:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-11 13:49:04 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-10-09 17:09:33 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2008-10-09 17:09:33 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 17:27:28.37 ===============


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:25 AM

Posted 21 June 2010 - 06:08 PM

The log looks clean. But we need to make sure.
  1. You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    1. First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup
      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    2. Then download ResetTeaTimer.exe to your desktop.
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.

  2. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Download JavaRa from Javara for Java update or directly from here.
    Use the tool to remove old and redundant versions of the Java Runtime Environment. The latest version is Java 6 update 20. Please uninstall any version remaining versions if the tool could not uninstall them.

  3. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

  4. Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#6 ac209

ac209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 21 June 2010 - 08:20 PM

Hi Farbar,

Here is the mbam-log that you wanted. It looks good, maybe Norton did get rid of everything.



mbam-log.......

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4223

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/21/2010 8:17:38 PM
mbam-log-2010-06-21 (20-17-38).txt

Scan type: Quick scan
Objects scanned: 127102
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\carrol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:25 AM

Posted 22 June 2010 - 02:50 AM

Yes it looks good. The logs looks clean and you don't observe any problem.thumbup2.gif

  1. To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.

  2. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    To remove the old restore points:
    • Go to Start > Run (alternatively you can press Wiindows ke+R key) then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Under "System Restore and Shadow copies" section click "Clean Up" to remove all previous restore points except the newly created one.
    • Click OK and Yes.


Happy Surfing ac209. smile.gif

Edited by farbar, 22 June 2010 - 02:55 AM.


#8 ac209

ac209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 22 June 2010 - 07:33 PM

Farbar,

I sincerely thank you for your assistance. I hope that I never have to do that again. Take care.

thumbup.gif ac209

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:25 AM

Posted 23 June 2010 - 02:32 AM

You are most welcome ac209. smile.gif

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users