Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with the Google webhp Redirect Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 anayi89

anayi89

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 11 August 2012 - 03:13 PM

I Googled solutions to removing this virus and found one on this board that suggested a GMER scan. Below is my log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-10 20:14:51
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9120823AS rev.3.ADB
Running: c7j6kdds.exe; Driver: C:\Users\Lyana\AppData\Local\Temp\uglorpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A7A3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9921CC9D 28 Bytes [4F, 08, 7A, EA, 94, 3D, 94, ...]
.text peauth.sys 9921CCC1 28 Bytes [4F, 08, 7A, EA, 94, 3D, 94, ...]
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2392] ntdll.dll!LdrGetProcedureAddress + 26 77332239 7 Bytes JMP 5E1FB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2392] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 771693D6 7 Bytes JMP 5E4AB6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2392] kernel32.dll!QueryPerformanceCounter + 13 7716C435 7 Bytes JMP 5E4AB6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2392] GDI32.dll!GetViewportOrgEx + 26C 75CF884B 7 Bytes JMP 5E4AB653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateFile + 6 773155CE 4 Bytes [28, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateFile + B 773155D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateKey + 6 7731560E 4 Bytes [68, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateKey + B 77315613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateMutant + 6 7731564E 4 Bytes [68, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateMutant + B 77315653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateSection + 6 773156EE 4 Bytes [A8, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtCreateSection + B 773156F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtMapViewOfSection + 6 77315C2E 4 Bytes CALL 76317337 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtMapViewOfSection + B 77315C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenFile + 6 77315CDE 4 Bytes [68, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenFile + B 77315CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenKey + 6 77315D0E 4 Bytes [A8, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenKey + B 77315D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenKeyEx + 6 77315D1E 4 Bytes CALL 76317424 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenKeyEx + B 77315D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenMutant + 6 77315D5E 4 Bytes [28, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenMutant + B 77315D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcess + 6 77315D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcess + 6 77315D8E 4 Bytes [68, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcess + B 77315D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcessToken + 6 77315D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcessToken + 6 77315D9E 4 Bytes [A8, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcessToken + B 77315DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcessTokenEx + 6 77315DAE 4 Bytes [68, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenProcessTokenEx + B 77315DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenSection + 6 77315DCE 4 Bytes CALL 763174D5 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenSection + B 77315DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenThread + 6 77315E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenThread + 6 77315E0E 4 Bytes [28, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenThread + B 77315E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenThreadToken + 6 77315E1E 4 Bytes [28, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenThreadToken + B 77315E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenThreadTokenEx + 6 77315E2E 4 Bytes [A8, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtOpenThreadTokenEx + B 77315E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtQueryAttributesFile + 6 77315F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtQueryAttributesFile + B 77315F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtQueryFullAttributesFile + 6 77315FEE 4 Bytes CALL 763176F3 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtQueryFullAttributesFile + B 77315FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtSetInformationFile + 6 7731663E 4 Bytes [28, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtSetInformationFile + B 77316643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtSetInformationThread + 6 7731669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtSetInformationThread + 6 7731669E 4 Bytes CALL 76317DA6 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtSetInformationThread + B 773166A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtUnmapViewOfSection + 6 773169BE 4 Bytes [28, 05, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ntdll.dll!NtUnmapViewOfSection + B 773169C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] kernel32.dll!CreateProcessW 7712204D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] kernel32.dll!CreateProcessA 77122082 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!DeleteObject 75CF5F14 5 Bytes JMP 004901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SelectObject 75CF6640 5 Bytes JMP 004905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetTextColor 75CF6906 5 Bytes JMP 004909F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetBkMode 75CF69B1 5 Bytes JMP 004908B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!DeleteDC 75CF6EAA 5 Bytes JMP 00490170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetDeviceCaps 75CF6F7F 5 Bytes JMP 004903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!ExtSelectClipRgn 75CF7114 5 Bytes JMP 004902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SelectClipRgn 75CF7242 5 Bytes JMP 004905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetStretchBltMode 75CF7705 5 Bytes JMP 00490670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetCurrentObject 75CF7917 5 Bytes JMP 00490370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetTextMetricsW 75CF7B8F 5 Bytes JMP 00490DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetTextAlign 75CF7DAF 5 Bytes JMP 00490D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!IntersectClipRect 75CF7DFE 5 Bytes JMP 004903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!ExtTextOutW 75CF8192 5 Bytes JMP 00490930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetTextAlign 75CF828E 5 Bytes JMP 004909B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetClipBox 75CF8525 5 Bytes JMP 00490330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!MoveToEx 75CF8C21 5 Bytes JMP 00490470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!StretchDIBits 75CFA53E 5 Bytes JMP 00490730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!RestoreDC 75CFA67B 5 Bytes JMP 00490530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SaveDC 75CFA74B 5 Bytes JMP 00490570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetTextExtentPoint32W 75CFB4B5 5 Bytes JMP 00490630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetTextFaceW 75CFB73A 2 Bytes JMP 00490CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetTextFaceW + 3 75CFB73D 2 Bytes [79, 8A] {JNS 0xffffffffffffff8c}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetFontData 75CFBCC4 5 Bytes JMP 00490C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetWorldTransform 75CFC90A 5 Bytes JMP 004906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!CreateDCA 75CFCCA9 5 Bytes JMP 004900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!CreateDCW 75CFCF79 5 Bytes JMP 004900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!CreateICW 75CFCFD0 5 Bytes JMP 00490130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetTextMetricsA 75CFD0F2 5 Bytes JMP 00490DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!Rectangle 75CFF1FF 5 Bytes JMP 00490970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!LineTo 75CFF59B 5 Bytes JMP 00490430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetICMMode 75CFFAA4 5 Bytes JMP 00490D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!ExtTextOutA 75D003F9 5 Bytes JMP 004908F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!ExtEscape 75D02949 5 Bytes JMP 004902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!Escape 75D03939 5 Bytes JMP 00490270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetTextFaceA 75D03E6A 5 Bytes JMP 00490CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetPolyFillMode 75D0D851 5 Bytes JMP 00490AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SetMiterLimit 75D0DA0D 5 Bytes JMP 00490B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!EndPage 75D100D7 5 Bytes JMP 00490230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!ResetDCW 75D1050D 5 Bytes JMP 00490A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!GetGlyphOutlineW 75D1C1BA 5 Bytes JMP 00490C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!CreateScalableFontResourceW 75D1E817 5 Bytes JMP 00490B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!AddFontResourceW 75D1EC13 5 Bytes JMP 00490BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!RemoveFontResourceW 75D1F109 5 Bytes JMP 00490BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!AbortDoc 75D24C63 5 Bytes JMP 00490030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!EndDoc 75D250AA 5 Bytes JMP 004901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!StartPage 75D25195 5 Bytes JMP 004906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!StartDocW 75D25BB0 5 Bytes JMP 004907B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!BeginPath 75D2635D 5 Bytes JMP 004907F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!SelectClipPath 75D263B4 5 Bytes JMP 00490AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!CloseFigure 75D2640F 5 Bytes JMP 00490070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!EndPath 75D26466 5 Bytes JMP 00490A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!StrokePath 75D26699 5 Bytes JMP 00490770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!FillPath 75D26726 5 Bytes JMP 00490830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!PolylineTo 75D26B94 5 Bytes JMP 004904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!PolyBezierTo 75D26C25 5 Bytes JMP 004904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] GDI32.dll!PolyDraw 75D26CD7 5 Bytes JMP 00490870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!ActivateKeyboardLayout 75768203 5 Bytes JMP 004A04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!ScreenToClient 7576A506 7 Bytes JMP 004A0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!RegisterClipboardFormatA 7576C091 5 Bytes JMP 004A02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!RegisterClipboardFormatW 7576DF8D 5 Bytes JMP 004A02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!SetCursor 75773075 5 Bytes JMP 004A0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!MonitorFromWindow 75773622 7 Bytes JMP 004A0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!PostMessageW 7577447B 5 Bytes JMP 004A05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!IsWindowVisible 75774D69 7 Bytes JMP 004A06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetClientRect 757754DD 7 Bytes JMP 004A05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!MapWindowPoints 75775CAA 5 Bytes JMP 004A0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetParent 75776029 7 Bytes JMP 004A06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!EmptyClipboard 7578290C 5 Bytes JMP 004A0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!SetClipboardData 75782962 5 Bytes JMP 004A0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetClipboardData 75782BA7 5 Bytes JMP 004A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetClipboardFormatNameW 75785FD2 5 Bytes JMP 004A0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!SetClipboardViewer 75786FF6 5 Bytes JMP 004A04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetClipboardFormatNameA 7578700A 5 Bytes JMP 004A0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!ChangeClipboardChain 7579147C 5 Bytes JMP 004A0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetTopWindow 757924D9 7 Bytes JMP 004A0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!CloseClipboard 7579446C 5 Bytes JMP 004A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!OpenClipboard 7579447E 5 Bytes JMP 004A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!IsClipboardFormatAvailable 757944FF 5 Bytes JMP 004A00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetClipboardSequenceNumber 75794513 5 Bytes JMP 004A0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetClipboardOwner 75794525 5 Bytes JMP 004A0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!CountClipboardFormats 7579470A 5 Bytes JMP 004A01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!EnumClipboardFormats 757947EC 5 Bytes JMP 004A01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetOpenClipboardWindow 7579480B 5 Bytes JMP 004A03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!SetCursorPos 757AC1B0 5 Bytes JMP 004A0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetClipboardViewer 757C4AF7 5 Bytes JMP 004A0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] USER32.dll!GetPriorityClipboardFormat 757C4BF9 5 Bytes JMP 004A03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ole32.dll!OleSetClipboard 75890045 5 Bytes JMP 004B0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ole32.dll!OleIsCurrentClipboard 758936B2 5 Bytes JMP 004B0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] ole32.dll!OleGetClipboard 758BFDCD 5 Bytes JMP 004B00B0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4456] USER32.dll!RegisterMessagePumpHook + 2F1 75768B9E 7 Bytes JMP 5E5BC453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4456] USER32.dll!IsDialogMessageW + 340 75774444 7 Bytes JMP 5E5BC3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4456] USER32.dll!GetWindowInfo 75774B5E 5 Bytes JMP 5E37BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4456] USER32.dll!ToUnicodeEx + 71 75782223 7 Bytes JMP 5E37C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\msiexec.exe[780] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[780] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[780] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[780] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[780] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[1996] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[1996] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[1996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[1996] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7536FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 004A0790
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 004A07D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[2744] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 16 August 2012 - 03:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464814 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 21 August 2012 - 03:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users