Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dont know what the infection is


  • This topic is locked This topic is locked
3 replies to this topic

#1 daric

daric

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 23 July 2011 - 11:33 AM

tried to download a picture from google and a box opened telling me that ""access was denied"when i tried to find out why it said missing c:\windows\system32\mshtml hlp file,so here i am, here is the log that gmer supplied.once again thank you for all your assistance.



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-23 17:20:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3320820AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pftdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF2D6F620]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6309380, 0x566445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[328] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 02BB07E0 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02BB0B40 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 02BB0A50 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 02BB0960 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 02BB0CC0 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 02BAFAC0 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 02BB0DA0 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 02BAFC20 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[2640] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2640] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 10150610 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 10150550 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 101503D0 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 10150490 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 101507E0 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10150B40 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 10150A50 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 10150960 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 10150CC0 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1014FAC0 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 10150DA0 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[3152] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 1014FC20 C:\Documents and Settings\Owner\Local Settings\Application Data\Watch_Videos\tbWat0.dll (Conduit Toolbar/Conduit Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Attached Files



BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 24 July 2011 - 06:07 PM

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic410751.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:36 PM

Posted 02 August 2011 - 06:26 PM

Please answer Budapest's question, daric
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:36 PM

Posted 08 August 2011 - 07:13 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users