Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Anti Spyware 2011


  • This topic is locked This topic is locked
2 replies to this topic

#1 qvsroofing

qvsroofing

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 14 May 2011 - 09:18 AM

Don't even get me started on how this came to be on my computer. All I can say is too old husband + too much time on the internet = Vista Anti Spyware 2011. Constant pop-ups, inability to get on the internet through one of the users.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-14 10:05:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-75M0A0 rev.02.03E02
Running: gmer.exe; Driver: C:\Users\John\AppData\Local\Temp\pxldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\John\AppData\Local\Temp\cpuz134\cpuz134_x32.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ntdll.dll!LdrLoadDll 778093A8 10 Bytes JMP 00043726
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ntdll.dll!NtResumeThread 77845004 10 Bytes JMP 00043793
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!CreateDialogParamW 775B72A2 5 Bytes JMP 6D44DEE8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!GetAsyncKeyState 775B863C 5 Bytes JMP 6D368EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!SetWindowsHookExW 775B87AD 5 Bytes JMP 6D449B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!CallNextHookEx 775B8E3B 5 Bytes JMP 6D43D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!UnhookWindowsHookEx 775B98DB 5 Bytes JMP 6D3B4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!EnableWindow 775BCD8B 5 Bytes JMP 6D44DD75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!CreateWindowExW 775C1305 5 Bytes JMP 6D44DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!GetKeyState 775C8CB1 5 Bytes JMP 6D44D323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!IsDialogMessageW 775D0745 5 Bytes JMP 6D3759CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!CreateDialogParamA 775D17AA 5 Bytes JMP 6D545D83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!IsDialogMessage 775D1847 5 Bytes JMP 6D54561F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!CreateDialogIndirectParamA 775D26F1 5 Bytes JMP 6D545DBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!CreateDialogIndirectParamW 775D9A62 5 Bytes JMP 6D545DF1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!SetKeyboardState 775E0987 5 Bytes JMP 6D54598E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxParamW 775E10B0 5 Bytes JMP 6D3754BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxIndirectParamW 775E2EF5 5 Bytes JMP 6D545117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!SendInput 775E2F75 5 Bytes JMP 6D54654B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!EndDialog 775E326E 5 Bytes JMP 6D377E76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!SetCursorPos 775F6FB2 5 Bytes JMP 6D54659F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxParamA 775F8152 5 Bytes JMP 6D5450B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxIndirectParamA 775F847D 5 Bytes JMP 6D54517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxIndirectA 7760D4D9 5 Bytes JMP 6D545049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxIndirectW 7760D5D3 5 Bytes JMP 6D544FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxExA 7760D639 5 Bytes JMP 6D544F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxExW 7760D65D 5 Bytes JMP 6D544F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!keybd_event 7760D972 5 Bytes JMP 6D5468CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] SHELL32.dll!SHRestricted + D95 769B89A8 4 Bytes [4D, 30, 6B, 6C] {DEC EBP; XOR [EBX+0x6c], CH}
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] SHELL32.dll!SHRestricted + D9D 769B89B0 8 Bytes [57, 2F, 6B, 6C, 9C, 5B, 6A, ...] {PUSH EDI; DAS ; IMUL EBP, [ESP+EBX*4+0x5b], 0x6a; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ole32.dll!OleLoadFromStream 75EA1E80 5 Bytes JMP 6D54547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ole32.dll!CoCreateInstance 75ED9F3E 5 Bytes JMP 6D44DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] Secur32.dll!EncryptMessage 75D13745 6 Bytes JMP 00043D6B
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] Secur32.dll!DecryptMessage 75D13813 6 Bytes JMP 00043E0A
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] Secur32.dll!InitializeSecurityContextW 75D1427E 7 Bytes JMP 00043CF5
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] Secur32.dll!InitializeSecurityContextA 75D187DF 7 Bytes JMP 00043C5B
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!closesocket 7792330C 6 Bytes JMP 00043C0D
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!recv 7792343A 8 Bytes JMP 00043A6E
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!connect 779240D9 8 Bytes JMP 0004386B
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!getaddrinfo 7792418A 6 Bytes JMP 00043F47
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!WSASend 77924496 6 Bytes JMP 000439F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!send 7792659B 8 Bytes JMP 0004398D
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!WSARecv 77928400 6 Bytes JMP 00043B27
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!gethostbyname 779362D4 11 Bytes JMP 00043FD3
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ntdll.dll!LdrLoadDll 778093A8 10 Bytes JMP 00043726
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ntdll.dll!NtResumeThread 77845004 10 Bytes JMP 00043793
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogParamW 775B72A2 5 Bytes JMP 6D44DEE8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!GetAsyncKeyState 775B863C 5 Bytes JMP 6D368EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SetWindowsHookExW 775B87AD 5 Bytes JMP 6D449B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CallNextHookEx 775B8E3B 5 Bytes JMP 6D43D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!UnhookWindowsHookEx 775B98DB 5 Bytes JMP 6D3B4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!EnableWindow 775BCD8B 5 Bytes JMP 6D44DD75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateWindowExW 775C1305 5 Bytes JMP 6D44DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!GetKeyState 775C8CB1 5 Bytes JMP 6D44D323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!IsDialogMessageW 775D0745 5 Bytes JMP 6D3759CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogParamA 775D17AA 5 Bytes JMP 6D545D83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!IsDialogMessage 775D1847 5 Bytes JMP 6D54561F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogIndirectParamA 775D26F1 5 Bytes JMP 6D545DBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogIndirectParamW 775D9A62 5 Bytes JMP 6D545DF1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SetKeyboardState 775E0987 5 Bytes JMP 6D54598E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxParamW 775E10B0 5 Bytes JMP 6D3754BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxIndirectParamW 775E2EF5 5 Bytes JMP 6D545117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SendInput 775E2F75 5 Bytes JMP 6D54654B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!EndDialog 775E326E 5 Bytes JMP 6D377E76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SetCursorPos 775F6FB2 5 Bytes JMP 6D54659F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxParamA 775F8152 5 Bytes JMP 6D5450B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxIndirectParamA 775F847D 5 Bytes JMP 6D54517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxIndirectA 7760D4D9 5 Bytes JMP 6D545049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxIndirectW 7760D5D3 5 Bytes JMP 6D544FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxExA 7760D639 5 Bytes JMP 6D544F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxExW 7760D65D 5 Bytes JMP 6D544F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!keybd_event 7760D972 5 Bytes JMP 6D5468CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] SHELL32.dll!SHRestricted + D95 769B89A8 4 Bytes [4D, 30, 6B, 6C] {DEC EBP; XOR [EBX+0x6c], CH}
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] SHELL32.dll!SHRestricted + D9D 769B89B0 8 Bytes [57, 2F, 6B, 6C, 9C, 5B, 6A, ...] {PUSH EDI; DAS ; IMUL EBP, [ESP+EBX*4+0x5b], 0x6a; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ole32.dll!OleLoadFromStream 75EA1E80 5 Bytes JMP 6D54547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ole32.dll!CoCreateInstance 75ED9F3E 5 Bytes JMP 6D44DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] Secur32.dll!EncryptMessage 75D13745 6 Bytes JMP 00043D6B
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] Secur32.dll!DecryptMessage 75D13813 6 Bytes JMP 00043E0A
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] Secur32.dll!InitializeSecurityContextW 75D1427E 7 Bytes JMP 00043CF5
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] Secur32.dll!InitializeSecurityContextA 75D187DF 7 Bytes JMP 00043C5B
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!closesocket 7792330C 6 Bytes JMP 00043C0D
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!recv 7792343A 8 Bytes JMP 00043A6E
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!connect 779240D9 8 Bytes JMP 0004386B
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!getaddrinfo 7792418A 6 Bytes JMP 00043F47
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!WSASend 77924496 6 Bytes JMP 000439F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!send 7792659B 8 Bytes JMP 0004398D
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!WSARecv 77928400 6 Bytes JMP 00043B27
.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ws2_32.dll!gethostbyname 779362D4 11 Bytes JMP 00043FD3
.text C:\Windows\Explorer.EXE[3016] ntdll.dll!LdrLoadDll 778093A8 10 Bytes JMP 02693726
.text C:\Windows\Explorer.EXE[3016] ntdll.dll!NtResumeThread 77845004 10 Bytes JMP 02693793
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ntdll.dll!LdrLoadDll 778093A8 10 Bytes JMP 00153726
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ntdll.dll!NtResumeThread 77845004 10 Bytes JMP 00153793
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!CreateDialogParamW 775B72A2 5 Bytes JMP 6D44DEE8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!GetAsyncKeyState 775B863C 5 Bytes JMP 6D368EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!SetWindowsHookExW 775B87AD 5 Bytes JMP 6D449B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!CallNextHookEx 775B8E3B 5 Bytes JMP 6D43D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!UnhookWindowsHookEx 775B98DB 5 Bytes JMP 6D3B4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!EnableWindow 775BCD8B 5 Bytes JMP 6D44DD75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!CreateWindowExW 775C1305 5 Bytes JMP 6D44DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!GetKeyState 775C8CB1 5 Bytes JMP 6D44D323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!IsDialogMessageW 775D0745 5 Bytes JMP 6D3759CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!CreateDialogParamA 775D17AA 5 Bytes JMP 6D545D83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!IsDialogMessage 775D1847 5 Bytes JMP 6D54561F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!CreateDialogIndirectParamA 775D26F1 5 Bytes JMP 6D545DBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!CreateDialogIndirectParamW 775D9A62 5 Bytes JMP 6D545DF1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!SetKeyboardState 775E0987 5 Bytes JMP 6D54598E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!DialogBoxParamW 775E10B0 5 Bytes JMP 6D3754BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!DialogBoxIndirectParamW 775E2EF5 5 Bytes JMP 6D545117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!SendInput 775E2F75 5 Bytes JMP 6D54654B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!EndDialog 775E326E 5 Bytes JMP 6D377E76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!SetCursorPos 775F6FB2 5 Bytes JMP 6D54659F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!DialogBoxParamA 775F8152 5 Bytes JMP 6D5450B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!DialogBoxIndirectParamA 775F847D 5 Bytes JMP 6D54517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!MessageBoxIndirectA 7760D4D9 5 Bytes JMP 6D545049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!MessageBoxIndirectW 7760D5D3 5 Bytes JMP 6D544FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!MessageBoxExA 7760D639 5 Bytes JMP 6D544F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!MessageBoxExW 7760D65D 5 Bytes JMP 6D544F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] USER32.dll!keybd_event 7760D972 5 Bytes JMP 6D5468CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] SHELL32.dll!SHRestricted + D95 769B89A8 4 Bytes [4D, 30, 6B, 6C] {DEC EBP; XOR [EBX+0x6c], CH}
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] SHELL32.dll!SHRestricted + D9D 769B89B0 8 Bytes [57, 2F, 6B, 6C, 9C, 5B, 6A, ...] {PUSH EDI; DAS ; IMUL EBP, [ESP+EBX*4+0x5b], 0x6a; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ole32.dll!OleLoadFromStream 75EA1E80 5 Bytes JMP 6D54547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ole32.dll!CoCreateInstance 75ED9F3E 5 Bytes JMP 6D44DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] Secur32.dll!EncryptMessage 75D13745 6 Bytes JMP 00153D6B
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] Secur32.dll!DecryptMessage 75D13813 6 Bytes JMP 00153E0A
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] Secur32.dll!InitializeSecurityContextW 75D1427E 7 Bytes JMP 00153CF5
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] Secur32.dll!InitializeSecurityContextA 75D187DF 7 Bytes JMP 00153C5B
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!closesocket 7792330C 6 Bytes JMP 00153C0D
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!recv 7792343A 8 Bytes JMP 00153A6E
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!connect 779240D9 8 Bytes JMP 0015386B
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!getaddrinfo 7792418A 6 Bytes JMP 00153F47
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!WSASend 77924496 6 Bytes JMP 001539F7
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!send 7792659B 8 Bytes JMP 0015398D
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!WSARecv 77928400 6 Bytes JMP 00153B27
.text C:\Program Files\Internet Explorer\iexplore.exe[4644] ws2_32.dll!gethostbyname 779362D4 11 Bytes JMP 00153FD3
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] ntdll.dll!LdrLoadDll 778093A8 10 Bytes JMP 01BD3726
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] ntdll.dll!NtResumeThread 77845004 10 Bytes JMP 01BD3793
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!CreateWindowExW 775C1305 5 Bytes JMP 6D44DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxParamW 775E10B0 5 Bytes JMP 6D3754BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxIndirectParamW 775E2EF5 5 Bytes JMP 6D545117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxParamA 775F8152 5 Bytes JMP 6D5450B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!DialogBoxIndirectParamA 775F847D 5 Bytes JMP 6D54517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxIndirectA 7760D4D9 5 Bytes JMP 6D545049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxIndirectW 7760D5D3 5 Bytes JMP 6D544FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxExA 7760D639 5 Bytes JMP 6D544F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] USER32.dll!MessageBoxExW 7760D65D 5 Bytes JMP 6D544F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] Secur32.dll!EncryptMessage 75D13745 6 Bytes JMP 01BD3D6B
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] Secur32.dll!DecryptMessage 75D13813 6 Bytes JMP 01BD3E0A
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] Secur32.dll!InitializeSecurityContextW 75D1427E 7 Bytes JMP 01BD3CF5
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] Secur32.dll!InitializeSecurityContextA 75D187DF 7 Bytes JMP 01BD3C5B
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!closesocket 7792330C 6 Bytes JMP 01BD3C0D
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!recv 7792343A 8 Bytes JMP 01BD3A6E
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!connect 779240D9 8 Bytes JMP 01BD386B
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!getaddrinfo 7792418A 6 Bytes JMP 01BD3F47
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!WSASend 77924496 6 Bytes JMP 01BD39F7
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!send 7792659B 8 Bytes JMP 01BD398D
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!WSARecv 77928400 6 Bytes JMP 01BD3B27
.text C:\Program Files\Internet Explorer\iexplore.exe[5448] WS2_32.dll!gethostbyname 779362D4 11 Bytes JMP 01BD3FD3
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ntdll.dll!LdrLoadDll 778093A8 10 Bytes JMP 00043726
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ntdll.dll!NtResumeThread 77845004 10 Bytes JMP 00043793
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogParamW 775B72A2 5 Bytes JMP 6D44DEE8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!GetAsyncKeyState 775B863C 5 Bytes JMP 6D368EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SetWindowsHookExW 775B87AD 5 Bytes JMP 6D449B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CallNextHookEx 775B8E3B 5 Bytes JMP 6D43D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!UnhookWindowsHookEx 775B98DB 5 Bytes JMP 6D3B4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!EnableWindow 775BCD8B 5 Bytes JMP 6D44DD75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateWindowExW 775C1305 5 Bytes JMP 6D44DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!GetKeyState 775C8CB1 5 Bytes JMP 6D44D323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!IsDialogMessageW 775D0745 5 Bytes JMP 6D3759CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogParamA 775D17AA 5 Bytes JMP 6D545D83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!IsDialogMessage 775D1847 5 Bytes JMP 6D54561F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogIndirectParamA 775D26F1 5 Bytes JMP 6D545DBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateDialogIndirectParamW 775D9A62 5 Bytes JMP 6D545DF1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SetKeyboardState 775E0987 5 Bytes JMP 6D54598E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxParamW 775E10B0 5 Bytes JMP 6D3754BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxIndirectParamW 775E2EF5 5 Bytes JMP 6D545117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SendInput 775E2F75 5 Bytes JMP 6D54654B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!EndDialog 775E326E 5 Bytes JMP 6D377E76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!SetCursorPos 775F6FB2 5 Bytes JMP 6D54659F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxParamA 775F8152 5 Bytes JMP 6D5450B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxIndirectParamA 775F847D 5 Bytes JMP 6D54517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxIndirectA 7760D4D9 5 Bytes JMP 6D545049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxIndirectW 7760D5D3 5 Bytes JMP 6D544FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxExA 7760D639 5 Bytes JMP 6D544F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxExW 7760D65D 5 Bytes JMP 6D544F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!keybd_event 7760D972 5 Bytes JMP 6D5468CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] SHELL32.dll!SHRestricted + D95 769B89A8 4 Bytes [4D, 30, 6B, 6C] {DEC EBP; XOR [EBX+0x6c], CH}
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] SHELL32.dll!SHRestricted + D9D 769B89B0 8 Bytes [57, 2F, 6B, 6C, 9C, 5B, 6A, ...] {PUSH EDI; DAS ; IMUL EBP, [ESP+EBX*4+0x5b], 0x6a; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ole32.dll!OleLoadFromStream 75EA1E80 5 Bytes JMP 6D54547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ole32.dll!CoCreateInstance 75ED9F3E 5 Bytes JMP 6D44DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] Secur32.dll!EncryptMessage 75D13745 6 Bytes JMP 00043D6B
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] Secur32.dll!DecryptMessage 75D13813 6 Bytes JMP 00043E0A
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] Secur32.dll!InitializeSecurityContextW 75D1427E 7 Bytes JMP 00043CF5
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] Secur32.dll!InitializeSecurityContextA 75D187DF 7 Bytes JMP 00043C5B
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!closesocket 7792330C 6 Bytes JMP 00043C0D
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!recv 7792343A 8 Bytes JMP 00043A6E
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!connect 779240D9 8 Bytes JMP 0004386B
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!getaddrinfo 7792418A 6 Bytes JMP 00043F47
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!WSASend 77924496 6 Bytes JMP 000439F7
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!send 7792659B 8 Bytes JMP 0004398D
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!WSARecv 77928400 6 Bytes JMP 00043B27
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] ws2_32.dll!gethostbyname 779362D4 11 Bytes JMP 00043FD3

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:31 AM

Posted 20 May 2011 - 02:31 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:31 AM

Posted 23 May 2011 - 01:41 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users