Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects from FF and IE links; tabs open to random sites


  • This topic is locked This topic is locked
2 replies to this topic

#1 ru42video

ru42video

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 25 November 2010 - 12:08 PM

Greetings!

FF has been removed from computer
IE still has the redirecting errors: opens it own windows, redirects when links are clicked etc

Spybot Search and Destroy, Malwarebytes cannot find any files (ran both in regular and safe modes)(McAfee didn't find anything either)

Prep per guide has been completed (back-ups etc)
DeFogger ran

Attached are logs for DDS (X2) and GMER


RU42


DDS REPORT


DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 17:01:44.89 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.145 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SEH: {F2A0229A-C4CA-4789-B606-973D24DCDD1C} - No File

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-11-24 32008]
S2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\msssrv.exe --> c:\program files\mcafee\mcafee antispyware\Msssrv.exe [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]

=============== Created Last 30 ================

2010-11-24 22:30:17 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-11-24 21:44:54 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-11-24 21:44:53 -------- d-----w- c:\program files\Prevx
2010-11-24 21:44:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-11-24 21:18:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-24 21:18:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-24 20:49:37 -------- d-----w- c:\program files\CCleaner
2010-11-24 19:31:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-24 19:31:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-24 19:31:11 -------- d-----w- c:\docume~1\owner\applic~1\whitesmoketoolbar
2010-11-24 19:31:09 -------- d-----w- c:\program files\whitesmoketoolbar
2010-11-24 19:21:02 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2010-11-24 19:18:30 -------- d--h--w- c:\documents and settings\owner\InstallAnywhere
2010-11-24 17:17:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\mBcCe02095
2010-11-24 17:17:11 47482 ----a-w- c:\windows\system32\lsp55(2).dll
2010-11-24 17:17:11 0 ----a-w- c:\windows\system32\lsp55.tmp
2010-11-23 23:17:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-23 23:17:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-23 18:19:44 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-11-23 18:19:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-23 18:19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 03:32:52 -------- d-----w- c:\windows\system32\LogFiles
2010-11-22 05:06:58 -------- d-----w- c:\program files\common files\McAfee(2)
2010-11-22 05:06:51 -------- d-----w- c:\program files\McAfee(2).com
2010-11-22 05:06:20 -------- d-----w- c:\program files\McAfee
2010-11-22 05:01:25 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-11-21 23:53:06 -------- d-----w- c:\windows\system32\%APPDATA%
2010-11-18 21:56:12 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-11-18 21:56:12 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-11-18 21:56:12 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-11-18 21:56:12 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-11-18 21:56:12 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-11-18 21:56:11 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-11-18 21:56:08 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-11-18 21:56:08 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-11-16 22:53:37 -------- d-----w- c:\documents and settings\owner\ZipForm
2010-11-16 22:52:21 -------- d--h--w- c:\program files\Zero G Registry
2010-11-16 22:52:21 -------- d-----w- c:\program files\ZipLogix
2010-11-15 20:58:46 -------- d-----w- C:\C21 Award
2010-11-15 20:15:46 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-15 20:15:46 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-11-01 14:50:53 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-01 14:50:53 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-01 14:50:13 -------- d-----w- c:\program files\iPod
2010-11-01 14:50:09 -------- d-----w- c:\program files\iTunes
2010-11-01 14:50:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-01 14:49:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-01 14:49:43 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-11-01 14:49:43 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-11-01 14:49:43 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-11-01 14:49:43 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-11-01 14:49:43 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-11-01 14:49:43 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-11-01 14:49:43 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-11-01 14:48:57 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple
2010-11-01 14:48:39 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-11-01 14:48:39 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-11-01 14:48:20 -------- d-----w- c:\program files\Bonjour
2010-11-01 14:47:30 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple Computer

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9AT00 rev.MBZOA60A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8256A446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82570504]; MOV EAX, [0x82570580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\Harddisk0\DR0[0x82546030]
3 CLASSPNP[0xF872705B] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\00000091[0x825A6828]
5 ACPI[0xF853D620] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> [0x82560940]
\Driver\atapi[0x824CF030] -> IRP_MJ_CREATE -> 0x8256A446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskHTS541010G9AT00_________________________MBZOA60A#5&201e05b1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8256A292
user != kernel MBR !!!
sectors 195371566 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 17:03:22.81 ===============



DDS ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/2/2009 4:04:32 PM
System Uptime: 11/24/2010 4:07:48 PM (1 hours ago)

Motherboard: Gateway | |
Processor: Intel® Pentium® M processor 2.00GHz | uFCPGA2 | 1994/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 62.624 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 3.804 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1654&SUBSYS_0604107B&REV_03\4&AD1B67F&0&00F0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1654&SUBSYS_0604107B&REV_03\4&AD1B67F&0&00F0
Service: b57w2k

==== System Restore Points ===================

RP74: 8/29/2010 8:09:35 PM - System Checkpoint
RP75: 9/2/2010 10:11:05 AM - Software Distribution Service 3.0
RP76: 9/5/2010 8:45:53 PM - Software Distribution Service 3.0
RP77: 9/15/2010 10:10:22 AM - Software Distribution Service 3.0
RP78: 9/20/2010 4:52:12 PM - System Checkpoint
RP79: 9/22/2010 7:37:57 PM - System Checkpoint
RP80: 9/29/2010 10:03:48 AM - Software Distribution Service 3.0
RP81: 9/29/2010 10:06:57 AM - Software Distribution Service 3.0
RP82: 10/15/2010 10:41:31 AM - Software Distribution Service 3.0
RP83: 10/21/2010 1:26:18 PM - System Checkpoint
RP84: 10/23/2010 1:14:14 AM - System Checkpoint
RP85: 11/1/2010 7:50:04 AM - Installed iTunes
RP86: 11/4/2010 9:05:57 PM - System Checkpoint
RP87: 11/7/2010 2:23:44 PM - System Checkpoint
RP88: 11/11/2010 3:52:28 PM - Software Distribution Service 3.0
RP89: 11/15/2010 12:06:18 PM - System Checkpoint
RP90: 11/16/2010 1:32:09 PM - System Checkpoint
RP91: 1/7/2004 1:57:47 PM - Installed Adobe Photoshop
RP92: 11/18/2010 2:31:03 PM - System Checkpoint
RP93: 11/24/2010 11:26:50 AM - Restore Operation
RP94: 11/24/2010 11:29:17 AM - Restore Operation
RP95: 11/24/2010 11:35:13 AM - post restore restore point

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Bonjour
CCleaner
Computrainer
Conexant AC-Link Audio
Glo Bible Software
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InCD EasyWrite Reader
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java™ 6 Update 22
Learn2 Player (Uninstall Only)
McAfee AntiSpyware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero BurnRights
Nero OEM
Olympus DSS Player
PowerDVD
QuickTime
QuickVerse 7.0
RealPlayer Basic
Recovery Software Suite Gateway
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SoftV92 Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10

==== Event Viewer Messages From Past Week ========

11/24/2010 9:58:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
11/24/2010 9:57:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
11/24/2010 9:57:41 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2010 9:57:41 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2010 9:57:41 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2010 9:57:41 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2010 9:57:41 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2010 9:57:41 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2010 9:57:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/24/2010 9:57:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/24/2010 9:54:44 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0013CE31FACC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/24/2010 9:47:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/24/2010 9:47:20 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2010 9:32:49 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 9 time(s).
11/24/2010 9:32:18 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 8 time(s).
11/24/2010 9:31:47 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 7 time(s).
11/24/2010 9:31:17 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 6 time(s).
11/24/2010 9:30:47 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 5 time(s).
11/24/2010 9:30:16 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 4 time(s).
11/24/2010 9:29:46 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 3 time(s).
11/24/2010 9:29:16 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s).
11/24/2010 9:29:02 AM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: Access is denied.
11/24/2010 9:29:02 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2010 9:29:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
11/24/2010 9:29:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.
11/24/2010 9:29:01 AM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2010 9:29:01 AM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2010 9:29:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Network Agent service to connect.
11/24/2010 9:29:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
11/24/2010 9:29:00 AM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: Access is denied.
11/24/2010 9:29:00 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2010 9:28:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SiteAdvisor Service service to connect.
11/24/2010 9:28:13 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2010 9:28:12 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\McAfee\SiteAdvisor\McSACore.exe. Reference error message: The operation completed successfully. .
11/24/2010 9:28:12 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" on line 0.
11/24/2010 9:28:12 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
11/24/2010 9:28:12 AM, error: DCOM [10005] - DCOM got error "%14001" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
11/24/2010 9:28:12 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
11/24/2010 9:28:08 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
11/24/2010 9:28:08 AM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
11/24/2010 9:28:08 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
11/24/2010 9:28:08 AM, error: Service Control Manager [7034] - The DM1Service service terminated unexpectedly. It has done this 1 time(s).
11/24/2010 9:28:08 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/24/2010 9:28:08 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: Access is denied.
11/24/2010 9:28:08 AM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2010 9:28:08 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2010 9:28:08 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2010 9:28:08 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2010 9:28:08 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
11/24/2010 9:28:08 AM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2010 9:28:08 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2010 9:00:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/24/2010 9:00:09 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2010 9:00:08 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/24/2010 3:03:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/24/2010 2:36:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/24/2010 2:36:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/24/2010 2:34:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/24/2010 2:20:40 PM, error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/23/2010 8:49:40 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/23/2010 2:27:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
11/23/2010 2:23:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/23/2010 11:22:34 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/22/2010 8:37:38 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/22/2010 3:56:32 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0013CE31FACC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/21/2010 4:31:18 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/19/2010 7:19:26 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80543e9d, parameter3 b82a8b88, parameter4 00000000.

==== End Of File ===========================


GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-24 17:19:07
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 HTS541010G9AT00 rev.MBZOA60A
Running: 4pcj8w7r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugriapow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7DF3ABF]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A4000A
.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A5000A
.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 0159000A
.text C:\WINDOWS\System32\svchost.exe[968] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00BB000A
.text C:\WINDOWS\Explorer.EXE[1552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\Explorer.EXE[1552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C
.text C:\WINDOWS\system32\wuauclt.exe[3564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\wuauclt.exe[3564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\wuauclt.exe[3564] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BB000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3976] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4088] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8256A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8256A292
Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskHTS541010G9AT00_________________________MBZOA60A#5&201e05b1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 195371312 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Edited by ru42video, 25 November 2010 - 12:11 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:44 PM

Posted 25 November 2010 - 04:42 PM

Hi ru42video,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

  • Please download TDSSKiller.exe and save it to your desktop.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Run TDSSKiller.exe once more and post the log please.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:44 PM

Posted 05 December 2010 - 03:30 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users