Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect & Searches


  • Please log in to reply
1 reply to this topic

#1 montyjb

montyjb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 22 August 2010 - 01:52 AM

I am being reidrected to Google and some other search sites while working on the INternet. Problem has been occurring sporadically for last several days - one four other computers in my home (including 1 Mac).

I have Norton 360 and have run HitMan Pro 3.5 several times but still have the problem. I've spent most of the day researching and haven't cured it yet.
Tried to run/update MBAM, but am getting the "Mbam_error_updating (12007, 0, winhttpsendrequest) and cannot clear it after following the procedure (twice), including uninstall/reinstall with additional cleaners.

Below is the GMER log - any help would be appreciated. I hate to have to format & reload, but I'm pretty frustrated!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-22 01:33:05
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Monty\AppData\Local\Temp\fglcypow.sys


---- System - GMER 1.0.15 ----

SSDT 86E5F048 ZwAlertResumeThread
SSDT 86E5D048 ZwAlertThread
SSDT 86EB7EA8 ZwAllocateVirtualMemory
SSDT 86644128 ZwAlpcConnectPort
SSDT 86EB87C8 ZwAssignProcessToJobObject
SSDT 86EBD1F0 ZwCreateMutant
SSDT 866C2F68 ZwCreateSymbolicLinkObject
SSDT 86EB7FB0 ZwCreateThread
SSDT 866C2FB0 ZwCreateThreadEx
SSDT 86EB7068 ZwDebugActiveProcess
SSDT 86EB8950 ZwDuplicateObject
SSDT 86EB7988 ZwFreeVirtualMemory
SSDT 86E64090 ZwImpersonateAnonymousToken
SSDT 86E5FDA8 ZwImpersonateThread
SSDT 8663D3A0 ZwLoadDriver
SSDT 86EB7828 ZwMapViewOfSection
SSDT 86E8B048 ZwOpenEvent
SSDT 86EB8B70 ZwOpenProcess
SSDT 86E11280 ZwOpenProcessToken
SSDT 86EB5048 ZwOpenSection
SSDT 86EB8A60 ZwOpenThread
SSDT 8670BF40 ZwProtectVirtualMemory
SSDT 86E55048 ZwResumeThread
SSDT 86E11048 ZwSetContextThread
SSDT 86EB9B58 ZwSetInformationProcess
SSDT 86EB5308 ZwSetSystemInformation
SSDT 86EEA048 ZwSuspendProcess
SSDT 86E0D048 ZwSuspendThread
SSDT 86E0C428 ZwTerminateProcess
SSDT 86E1A048 ZwTerminateThread
SSDT 86E16048 ZwUnmapViewOfSection
SSDT 86EB7C18 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C37AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C37104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C373F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C202D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C371DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C37958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C376F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C37F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C381A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C97599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBBF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82CC3734 8 Bytes [48, F0, E5, 86, 48, D0, E5, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CC374C 4 Bytes [A8, 7E, EB, 86] {TEST AL, 0x7e; JMP 0xffffffffffffff8a}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82CC3758 4 Bytes [28, 41, 64, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CC37AC 4 Bytes [C8, 87, EB, 86] {ENTER 0xeb87, 0x86}
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82CC3828 4 Bytes [F0, D1, EB, 86]
.text ...
.text peauth.sys A6E10C9D 28 Bytes [04, 2F, C8, 99, 72, E6, 69, ...]
.text peauth.sys A6E10CC1 28 Bytes [04, 2F, C8, 99, 72, E6, 69, ...]
PAGE peauth.sys A6E16E20 101 Bytes JMP 16BA5805
PAGE peauth.sys A6E1702C 102 Bytes [90, 57, 6A, 8D, 1B, 6B, BD, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!CreateWindowExW 77650E51 5 Bytes JMP 01878157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!DialogBoxIndirectParamW 77674AA7 5 Bytes JMP 0199F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!DialogBoxParamW 7767564A 5 Bytes JMP 01794BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!DialogBoxParamA 7768CF6A 5 Bytes JMP 0199F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!DialogBoxIndirectParamA 7768D29C 5 Bytes JMP 0199F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!MessageBoxIndirectA 7769E8C9 5 Bytes JMP 0199F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!MessageBoxIndirectW 7769E9C3 5 Bytes JMP 0199F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!MessageBoxExA 7769EA29 5 Bytes JMP 0199F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4716] USER32.dll!MessageBoxExW 7769EA4D 5 Bytes JMP 0199F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ntdll.dll!wcsncmp + 33B 77D6F580 7 Bytes JMP 05A1003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!CreateDialogParamW 77649BFF 5 Bytes JMP 018FC570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!EnableWindow 7764A72E 5 Bytes JMP 018FC4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!GetAsyncKeyState 7764C09A 5 Bytes JMP 018BD6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!UnhookWindowsHookEx 7764CC7B 5 Bytes JMP 019B835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!CallNextHookEx 7764CC8F 5 Bytes JMP 01999D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!CreateWindowExW 77650E51 5 Bytes JMP 019A8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!SetWindowsHookExW 7765210A 5 Bytes JMP 01954633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!GetKeyState 77654FDA 5 Bytes JMP 018FD762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!IsDialogMessageW 77656F06 5 Bytes JMP 018C4284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!CreateDialogParamA 77663E79 5 Bytes JMP 01AD0571 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!IsDialogMessage 7766407A 5 Bytes JMP 01ACFE12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!CreateDialogIndirectParamA 77669110 5 Bytes JMP 01AD05A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!CreateDialogIndirectParamW 776708AD 5 Bytes JMP 01AD05DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!DialogBoxIndirectParamW 77674AA7 5 Bytes JMP 01ACF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!EndDialog 7767555C 5 Bytes JMP 018C5AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!DialogBoxParamW 7767564A 5 Bytes JMP 018C4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!SetKeyboardState 77676B52 5 Bytes JMP 01AD0177 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!SendInput 77677055 5 Bytes JMP 01AD0D3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!SetCursorPos 7768C1D8 5 Bytes JMP 01AD0D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!DialogBoxParamA 7768CF6A 5 Bytes JMP 01ACF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!DialogBoxIndirectParamA 7768D29C 5 Bytes JMP 01ACF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!MessageBoxIndirectA 7769E8C9 5 Bytes JMP 01ACF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!MessageBoxIndirectW 7769E9C3 5 Bytes JMP 01ACF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!MessageBoxExA 7769EA29 5 Bytes JMP 01ACF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!MessageBoxExW 7769EA4D 5 Bytes JMP 01ACF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] USER32.dll!keybd_event 7769EC9B 5 Bytes JMP 01AD10C7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] SHELL32.dll!SHChangeNotification_Lock + 45BA 761FB440 4 Bytes [11, 36, CA, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] SHELL32.dll!SHChangeNotification_Lock + 45C2 761FB448 8 Bytes [5F, 35, CA, 6E, D0, 73, C9, ...] {POP EDI; XOR EAX, 0x73d06eca; LEAVE ; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ole32.dll!OleLoadFromStream 77A15B88 5 Bytes JMP 01ACFCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ole32.dll!CoGetContextToken + 5C0 77A4A2CF 7 Bytes JMP 05A101A6
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ole32.dll!CoCreateInstance 77A657FC 5 Bytes JMP 019A8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ole32.dll!CoCreateInstance + 3E 77A6583A 7 Bytes JMP 05A100F0
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ws2_32.DLL!closesocket 770E3BED 5 Bytes JMP 67F6EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ws2_32.DLL!socket 770E3F00 5 Bytes JMP 67F6E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ws2_32.DLL!recv 770E47DF 5 Bytes JMP 67F6F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ws2_32.DLL!connect 770E48BE 5 Bytes JMP 67F6E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ws2_32.DLL!getaddrinfo 770E6737 5 Bytes JMP 67F6E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5200] ws2_32.DLL!send 770EC4C8 5 Bytes JMP 67F6E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ntdll.dll!wcsncmp + 33B 77D6F580 7 Bytes JMP 03EA003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!CreateDialogParamW 77649BFF 5 Bytes JMP 017BC570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!EnableWindow 7764A72E 5 Bytes JMP 017BC4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!GetAsyncKeyState 7764C09A 5 Bytes JMP 0177D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!UnhookWindowsHookEx 7764CC7B 5 Bytes JMP 0187835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!CallNextHookEx 7764CC8F 5 Bytes JMP 01859D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!CreateWindowExW 77650E51 5 Bytes JMP 01868157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!SetWindowsHookExW 7765210A 5 Bytes JMP 01814633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!GetKeyState 77654FDA 5 Bytes JMP 017BD762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!IsDialogMessageW 77656F06 5 Bytes JMP 01784284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!CreateDialogParamA 77663E79 5 Bytes JMP 01990571 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!IsDialogMessage 7766407A 5 Bytes JMP 0198FE12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!CreateDialogIndirectParamA 77669110 5 Bytes JMP 019905A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!CreateDialogIndirectParamW 776708AD 5 Bytes JMP 019905DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!DialogBoxIndirectParamW 77674AA7 5 Bytes JMP 0198F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!EndDialog 7767555C 5 Bytes JMP 01785AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!DialogBoxParamW 7767564A 5 Bytes JMP 01784BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!SetKeyboardState 77676B52 5 Bytes JMP 01990177 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!SendInput 77677055 5 Bytes JMP 01990D3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!SetCursorPos 7768C1D8 5 Bytes JMP 01990D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!DialogBoxParamA 7768CF6A 5 Bytes JMP 0198F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!DialogBoxIndirectParamA 7768D29C 5 Bytes JMP 0198F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!MessageBoxIndirectA 7769E8C9 5 Bytes JMP 0198F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!MessageBoxIndirectW 7769E9C3 5 Bytes JMP 0198F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!MessageBoxExA 7769EA29 5 Bytes JMP 0198F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!MessageBoxExW 7769EA4D 5 Bytes JMP 0198F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] USER32.dll!keybd_event 7769EC9B 5 Bytes JMP 019910C7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] SHELL32.dll!SHChangeNotification_Lock + 45BA 761FB440 4 Bytes [11, 36, CA, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] SHELL32.dll!SHChangeNotification_Lock + 45C2 761FB448 8 Bytes [5F, 35, CA, 6E, D0, 73, C9, ...] {POP EDI; XOR EAX, 0x73d06eca; LEAVE ; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ole32.dll!OleLoadFromStream 77A15B88 5 Bytes JMP 0198FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ole32.dll!CoGetContextToken + 5C0 77A4A2CF 7 Bytes JMP 03EA03D9
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ole32.dll!CoCreateInstance 77A657FC 5 Bytes JMP 01868C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ole32.dll!CoCreateInstance + 3E 77A6583A 7 Bytes JMP 03EA0323
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ws2_32.DLL!closesocket 770E3BED 5 Bytes JMP 67F6EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ws2_32.DLL!socket 770E3F00 5 Bytes JMP 67F6E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ws2_32.DLL!recv 770E47DF 5 Bytes JMP 67F6F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ws2_32.DLL!connect 770E48BE 5 Bytes JMP 67F6E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ws2_32.DLL!getaddrinfo 770E6737 5 Bytes JMP 67F6E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5220] ws2_32.DLL!send 770EC4C8 5 Bytes JMP 67F6E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 montyjb

montyjb
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 30 August 2010 - 06:30 PM

Well, I never got a reply from anyone on my topic.

But managed to fix my own problem by downloading mban rules.exe and installing it over a fresh copy of Malwarebytes. Did a search on mbam_rules.exe and was able to find a fairly recent update here (http://malwarebytes.gt500.org/) that installed and corrected my issue.

Good Luck!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users