Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pesistent Rootkit, locked registry key


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mooseby

Mooseby

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 31 October 2010 - 03:25 PM

Hi,
First off , I will be honest and say that I have already run combofix.exe, which is against the forum guidelines. I apologise and can certainly do another reinstall of my system. I have had a persistent rootkit infection on my computer. I have reimaged tehs ystem even doing a full format one time, but the rootkit keeps coming back. It could be that it is a false positive by combofix.exe as well.
I have attached the conbofix.exe file to this post post as well.
I have a dell Dimension 1100b, starting with Windows XP SP2, updated instaleld for SP2 and then service pack 3. The last occuence of the rootkit was 'Rogue:Win32/FakeScanti'according to the Event Log in teh Systems folder, so I ran combofix and it showed teh five locked registry keys just as it does now. I thin did a quick format and reinstalled the system. This am I ran combofix.exe, and it detected rootkit activity. If you bounce me for having used combofix.exe, I undetsand, I just have used it a lot a work to repair machines so I can reimage them.

Follwing is the DDStxt log and teh GMER log, I have also attached teh requested log and the combofixtxt log. Thanks you for your consideration. (I know enough to get in trouble, I am a lab aide is a school district, I knwo alittle about teh registry and getting sick machine to work enough to reimage them.)


DDS (Ver_10-10-31.01) - NTFSx86
Run by Boss Logon at 10:47:30.07 on Sun 10/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.181 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Boss Logon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288388298953
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288388349906
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {0FF8F695-3E30-4315-9FC8-0ECC2D4144D3} = 68.87.72.134,68.87.77.134
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 25240]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2010-10-29 87712]

=============== Created Last 30 ================

2010-10-31 14:01:23 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{e919463a-8d19-4c15-842d-c01e8ab20741}\mpengine.dll
2010-10-31 13:58:27 -------- d-----w- c:\program files\COMODO
2010-10-31 13:22:15 -------- d-sha-r- C:\cmdcons
2010-10-31 13:19:04 98816 ----a-w- c:\windows\sed.exe
2010-10-31 13:19:04 85504 ----a-w- c:\windows\MBR.exe
2010-10-31 13:19:04 256512 ----a-w- c:\windows\PEV.exe
2010-10-31 13:19:04 161792 ----a-w- c:\windows\SWREG.exe
2010-10-31 02:50:10 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 02:49:31 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 02:49:14 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-31 02:49:14 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-31 02:49:14 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-31 02:49:14 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-31 02:49:13 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-31 02:49:13 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-31 02:49:13 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-31 02:49:13 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-31 02:49:12 -------- d-----w- C:\28be9f75297fba0707
2010-10-30 16:17:14 -------- d-----w- c:\program files\Flip Video
2010-10-30 16:17:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Flip Video
2010-10-30 15:01:20 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2010-10-30 15:01:20 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-10-30 15:01:20 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2010-10-30 15:01:20 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-10-30 15:01:18 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2010-10-30 15:01:18 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-10-30 15:01:18 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-10-30 14:56:46 -------- d-----w- c:\program files\MSXML 4.0
2010-10-30 13:53:32 -------- d-----w- c:\docume~1\bosslo~1\applic~1\Skinux
2010-10-30 13:45:53 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-30 13:45:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-30 13:45:50 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-30 13:45:50 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-30 13:44:03 -------- d-----w- c:\program files\common files\Kodak
2010-10-30 13:36:23 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2010-10-30 13:36:23 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-10-30 13:36:23 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-10-30 13:36:23 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-10-30 13:36:23 317952 ------w- c:\windows\system32\imapi2.dll
2010-10-30 13:36:17 -------- d-----w- c:\program files\Kodak
2010-10-30 13:34:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-10-30 13:05:38 -------- d-----w- c:\program files\BOINC
2010-10-30 13:05:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\BOINC
2010-10-30 13:05:02 -------- d-----w- c:\windows\Downloaded Installations
2010-10-30 12:58:32 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-30 12:56:57 -------- d-----w- c:\windows\system32\LogFiles
2010-10-30 03:29:05 -------- d-----w- c:\docume~1\bosslo~1\locals~1\applic~1\Adobe
2010-10-30 03:15:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-10-30 03:14:51 -------- d-----w- c:\windows\ShellNew
2010-10-30 02:29:49 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-30 02:29:49 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-30 02:29:36 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-30 02:21:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-30 02:21:07 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-30 01:13:16 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-10-30 01:13:16 79872 ------w- c:\windows\system32\msxml6r.dll
2010-10-30 01:13:16 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-10-30 01:13:15 1372672 ------w- c:\windows\system32\msxml6.dll
2010-10-30 01:07:16 294912 ------w- c:\program files\windows media player\dlimport.exe
2010-10-30 01:07:06 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-10-30 01:01:06 19569 ----a-w- c:\windows\002653_.tmp
2010-10-30 00:55:35 -------- d-----w- c:\windows\EHome
2010-10-29 23:06:50 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2010-10-29 22:19:33 -------- d-sh--w- c:\documents and settings\boss logon\PrivacIE
2010-10-29 22:18:56 -------- d-sh--w- c:\documents and settings\boss logon\IETldCache
2010-10-29 22:08:38 -------- d-----w- c:\windows\ie8updates
2010-10-29 22:08:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-29 22:08:18 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-29 22:08:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-29 22:08:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-29 22:08:18 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-29 22:08:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-29 22:08:17 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-29 22:06:29 -------- dc-h--w- c:\windows\ie8
2010-10-29 22:03:22 -------- d-----w- c:\windows\ServicePackFiles

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 15:50:44 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-11 04:41:40 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 12:03:52 239768 ----a-w- c:\windows\system32\PRONtObj.dll
2010-09-03 14:38:50 657528 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-09-03 14:38:50 508536 ----a-w- c:\windows\system32\accesor.dll
2010-09-03 14:15:16 134264 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-09-03 13:57:42 1842296 ----a-w- c:\windows\system32\ncscolib.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 20:00:18 87712 ----a-w- c:\windows\system32\IPROSetMonitor.exe

============= FINISH: 10:49:54.78 ===============


This is the GMER log
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-31 15:06:32
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BOSSLO~1\LOCALS~1\Temp\uglcyuow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8005F80]
? C:\DOCUME~1\BOSSLO~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[576] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00719AB0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1052] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005017E0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005181B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Mooseby

Mooseby
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 04 November 2010 - 09:48 AM

Hi, I have resolved my questions, i am sorry for clogging up this forum. Thank you. I will request this thread be closed.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 04 November 2010 - 04:15 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users