megabomination
Posts: 151 +0
Hi guys. Ive pasted my results after following the 'seven step' guide for your help.
The symptoms my pc is having is a constantly redirected IE8, unable to use task manager and all of my files and some programs seem to have been erased!?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 6624
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14/06/2011 7:56:25 PM
mbam-log-2011-06-14 (19-56-25).txt
Scan type: Quick scan
Objects scanned: 166444
Time elapsed: 4 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Adam Livermore at 19:51:23 on 2011-06-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3017 [GMT 10:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Adam Livermore\Desktop\ujd3zmfq.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = ${URL_SEARCHPAGE}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-system: DisableTaskMgr = 30
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/209
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-30 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-18 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-30 61960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-10-8 101904]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-3 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-1 1684736]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-18 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-19 753504]
S4 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-11-20 47616]
.
=============== Created Last 30 ================
.
2011-05-29 20:27:30 601048 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
==================== Find3M ====================
.
2011-04-17 04:36:18 6264 ---ha-w- c:\windows\system32\ealregsnapshot1.reg
.
============= FINISH: 19:51:32.62 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29/04/2010 2:33:05 PM
System Uptime: 15/06/2011 6:28:08 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5G41T-M LX
Processor: Intel Pentium III Xeon processor | LGA775 | 2933/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 395.852 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 77 GiB total, 48.746 GiB free.
F: is FIXED (FAT32) - 64 GiB total, 63.874 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&38D2602C&0&00E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&38D2602C&0&00E1
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP186: 8/03/2011 8:19:38 PM - System Checkpoint
RP187: 10/03/2011 7:19:04 AM - Software Distribution Service 3.0
RP188: 10/03/2011 7:24:01 PM - Software Distribution Service 3.0
RP189: 12/03/2011 8:38:44 AM - System Checkpoint
RP190: 14/03/2011 7:22:01 PM - System Checkpoint
RP191: 15/03/2011 7:46:04 PM - System Checkpoint
RP192: 21/03/2011 6:23:20 AM - System Checkpoint
RP193: 22/03/2011 6:54:52 AM - System Checkpoint
RP194: 23/03/2011 9:03:00 PM - System Checkpoint
RP195: 24/03/2011 7:00:12 AM - Software Distribution Service 3.0
RP196: 3/04/2011 8:11:28 AM - System Checkpoint
RP197: 5/04/2011 7:17:22 AM - System Checkpoint
RP198: 11/04/2011 8:01:22 AM - Installed Windows Internet Explorer 8.
RP199: 11/04/2011 7:33:23 PM - Software Distribution Service 3.0
RP200: 13/04/2011 7:06:01 AM - System Checkpoint
RP201: 15/04/2011 8:45:53 AM - System Checkpoint
RP202: 15/04/2011 9:10:06 PM - Software Distribution Service 3.0
RP203: 16/04/2011 8:27:50 AM - Software Distribution Service 3.0
RP204: 16/04/2011 3:32:49 PM - Software Distribution Service 3.0
RP205: 17/04/2011 2:15:26 PM - Installed Dead Space™
RP206: 17/04/2011 2:36:19 PM - Installed EA Download Manager
RP207: 18/04/2011 5:27:00 PM - System Checkpoint
RP208: 20/04/2011 2:54:14 PM - System Checkpoint
RP209: 25/04/2011 5:39:59 PM - System Checkpoint
RP210: 28/04/2011 7:48:20 PM - System Checkpoint
RP211: 29/04/2011 7:26:10 AM - Software Distribution Service 3.0
RP212: 1/05/2011 5:13:48 PM - System Checkpoint
RP213: 3/05/2011 6:20:32 AM - System Checkpoint
RP214: 5/05/2011 9:17:59 AM - System Checkpoint
RP215: 6/05/2011 6:23:26 PM - System Checkpoint
RP216: 8/05/2011 9:14:13 AM - System Checkpoint
RP217: 10/05/2011 7:13:51 AM - System Checkpoint
RP218: 11/05/2011 7:00:12 AM - Software Distribution Service 3.0
RP219: 15/05/2011 8:25:02 AM - System Checkpoint
RP220: 17/05/2011 8:52:55 PM - System Checkpoint
RP221: 19/05/2011 7:05:51 AM - System Checkpoint
RP222: 28/05/2011 10:52:17 PM - System Checkpoint
RP223: 2/06/2011 7:11:57 PM - System Checkpoint
RP224: 2/06/2011 10:26:13 PM - Restore Operation
RP225: 3/06/2011 11:09:24 PM - System Checkpoint
RP226: 5/06/2011 6:00:42 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Apple Application Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Problem Report Wizard
Avanquest update
Avira AntiVir Personal - Free Antivirus
Battlefield 2142
Call of Duty Game of the Year Edition
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 34 Software Starter Guide
Canon Direct Print User Guide
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MP220 series
Canon My Printer
Canon PowerShot A470 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Crysis(R)
Dead Space™
DivX Setup
Far Cry
Far Cry (Patch 1.4)
Far Cry 2
GameSpy Comrade
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HydraVision
Java Auto Updater
Java(TM) 6 Update 20
LG Bluetooth Drivers
LG PC Suite IV
LG United Mobile Drivers
LG USB Modem Drivers
Malwarebytes' Anti-Malware
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Motorola Phone Tools
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PCFriendly
PIXMA Extended Survey Program
Power Tab Editor 1.7
Power Tab Librarian
PunkBuster Services
QuickTime
Raptr
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Recuva
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
Skins
SUPERAntiSpyware Free Edition
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
VC80CRTRedist - 8.0.50727.4053
VIRGIN BROADBAND
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
8/06/2011 7:50:15 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
.
==== End Of File ===========================
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 19:56:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f SAMSUNG_HD501LJ rev.CR100-13
Running: ujd3zmfq.exe; Driver: C:\DOCUME~1\ADAMLI~1\LOCALS~1\Temp\kwadrfob.sys
INITc ...
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA479F620]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
SSDT BA6DB630 ZwOpenProcess
SSDT BA6DB635 ZwOpenThread
SSDT BA6DB644 ZwCreateThread
SSDT BA6DB64E ZwCreateKey
SSDT BA6DB653 ZwDeleteKey
SSDT BA6DB658 ZwSetValueKey
SSDT BA6DB65D ZwDeleteValueKey
SSDT BA6DB662 ZwLoadKey
SSDT BA6DB667 ZwRestoreKey
SSDT BA6DB66C ZwReplaceKey
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0121000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0124000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0123000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0122000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00D2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D1000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[3272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0123000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0122000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0126000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0125000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0121000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0124000A
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB97F5000, 0x273B67, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00452230 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00452270 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 004522B0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 004522E0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 00452430 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 00452490 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00452320 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00452360 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 004523A0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 004523F0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
---- Threads - GMER 1.0.15 ----
Thread System [4:124] 8A7F8E7A
Thread System [4:128] 8A7FB008
---- Kernel code sections - GMER 1.0.15 ----
INITc VolSnap.sys BA0D3BD0 4 Bytes [B0, A5, 53, 80]
INITc VolSnap.sys BA0D3BF8 4 Bytes [B8, A1, 4F, 80]
INITc VolSnap.sys BA0D3C20 4 Bytes [B6, AE, 4F, 80]
INITc VolSnap.sys BA0D3C48 4 Bytes [30, FF, 4F, 80]
INITc VolSnap.sys BA0D3C70 4 Bytes [7A, A8, 4F, 80]
---- EOF - GMER 1.0.15 ----
The symptoms my pc is having is a constantly redirected IE8, unable to use task manager and all of my files and some programs seem to have been erased!?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 6624
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14/06/2011 7:56:25 PM
mbam-log-2011-06-14 (19-56-25).txt
Scan type: Quick scan
Objects scanned: 166444
Time elapsed: 4 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Adam Livermore at 19:51:23 on 2011-06-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3017 [GMT 10:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Adam Livermore\Desktop\ujd3zmfq.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = ${URL_SEARCHPAGE}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-system: DisableTaskMgr = 30
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/209
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-30 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-18 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-30 61960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-10-8 101904]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-3 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-1 1684736]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-18 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-19 753504]
S4 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-11-20 47616]
.
=============== Created Last 30 ================
.
2011-05-29 20:27:30 601048 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
==================== Find3M ====================
.
2011-04-17 04:36:18 6264 ---ha-w- c:\windows\system32\ealregsnapshot1.reg
.
============= FINISH: 19:51:32.62 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29/04/2010 2:33:05 PM
System Uptime: 15/06/2011 6:28:08 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5G41T-M LX
Processor: Intel Pentium III Xeon processor | LGA775 | 2933/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 395.852 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 77 GiB total, 48.746 GiB free.
F: is FIXED (FAT32) - 64 GiB total, 63.874 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&38D2602C&0&00E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&38D2602C&0&00E1
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP186: 8/03/2011 8:19:38 PM - System Checkpoint
RP187: 10/03/2011 7:19:04 AM - Software Distribution Service 3.0
RP188: 10/03/2011 7:24:01 PM - Software Distribution Service 3.0
RP189: 12/03/2011 8:38:44 AM - System Checkpoint
RP190: 14/03/2011 7:22:01 PM - System Checkpoint
RP191: 15/03/2011 7:46:04 PM - System Checkpoint
RP192: 21/03/2011 6:23:20 AM - System Checkpoint
RP193: 22/03/2011 6:54:52 AM - System Checkpoint
RP194: 23/03/2011 9:03:00 PM - System Checkpoint
RP195: 24/03/2011 7:00:12 AM - Software Distribution Service 3.0
RP196: 3/04/2011 8:11:28 AM - System Checkpoint
RP197: 5/04/2011 7:17:22 AM - System Checkpoint
RP198: 11/04/2011 8:01:22 AM - Installed Windows Internet Explorer 8.
RP199: 11/04/2011 7:33:23 PM - Software Distribution Service 3.0
RP200: 13/04/2011 7:06:01 AM - System Checkpoint
RP201: 15/04/2011 8:45:53 AM - System Checkpoint
RP202: 15/04/2011 9:10:06 PM - Software Distribution Service 3.0
RP203: 16/04/2011 8:27:50 AM - Software Distribution Service 3.0
RP204: 16/04/2011 3:32:49 PM - Software Distribution Service 3.0
RP205: 17/04/2011 2:15:26 PM - Installed Dead Space™
RP206: 17/04/2011 2:36:19 PM - Installed EA Download Manager
RP207: 18/04/2011 5:27:00 PM - System Checkpoint
RP208: 20/04/2011 2:54:14 PM - System Checkpoint
RP209: 25/04/2011 5:39:59 PM - System Checkpoint
RP210: 28/04/2011 7:48:20 PM - System Checkpoint
RP211: 29/04/2011 7:26:10 AM - Software Distribution Service 3.0
RP212: 1/05/2011 5:13:48 PM - System Checkpoint
RP213: 3/05/2011 6:20:32 AM - System Checkpoint
RP214: 5/05/2011 9:17:59 AM - System Checkpoint
RP215: 6/05/2011 6:23:26 PM - System Checkpoint
RP216: 8/05/2011 9:14:13 AM - System Checkpoint
RP217: 10/05/2011 7:13:51 AM - System Checkpoint
RP218: 11/05/2011 7:00:12 AM - Software Distribution Service 3.0
RP219: 15/05/2011 8:25:02 AM - System Checkpoint
RP220: 17/05/2011 8:52:55 PM - System Checkpoint
RP221: 19/05/2011 7:05:51 AM - System Checkpoint
RP222: 28/05/2011 10:52:17 PM - System Checkpoint
RP223: 2/06/2011 7:11:57 PM - System Checkpoint
RP224: 2/06/2011 10:26:13 PM - Restore Operation
RP225: 3/06/2011 11:09:24 PM - System Checkpoint
RP226: 5/06/2011 6:00:42 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Apple Application Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Problem Report Wizard
Avanquest update
Avira AntiVir Personal - Free Antivirus
Battlefield 2142
Call of Duty Game of the Year Edition
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 34 Software Starter Guide
Canon Direct Print User Guide
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MP220 series
Canon My Printer
Canon PowerShot A470 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Crysis(R)
Dead Space™
DivX Setup
Far Cry
Far Cry (Patch 1.4)
Far Cry 2
GameSpy Comrade
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HydraVision
Java Auto Updater
Java(TM) 6 Update 20
LG Bluetooth Drivers
LG PC Suite IV
LG United Mobile Drivers
LG USB Modem Drivers
Malwarebytes' Anti-Malware
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Motorola Phone Tools
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PCFriendly
PIXMA Extended Survey Program
Power Tab Editor 1.7
Power Tab Librarian
PunkBuster Services
QuickTime
Raptr
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Recuva
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
Skins
SUPERAntiSpyware Free Edition
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
VC80CRTRedist - 8.0.50727.4053
VIRGIN BROADBAND
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
8/06/2011 7:50:15 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
.
==== End Of File ===========================
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 19:56:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f SAMSUNG_HD501LJ rev.CR100-13
Running: ujd3zmfq.exe; Driver: C:\DOCUME~1\ADAMLI~1\LOCALS~1\Temp\kwadrfob.sys
INITc ...
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA479F620]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
SSDT BA6DB630 ZwOpenProcess
SSDT BA6DB635 ZwOpenThread
SSDT BA6DB644 ZwCreateThread
SSDT BA6DB64E ZwCreateKey
SSDT BA6DB653 ZwDeleteKey
SSDT BA6DB658 ZwSetValueKey
SSDT BA6DB65D ZwDeleteValueKey
SSDT BA6DB662 ZwLoadKey
SSDT BA6DB667 ZwRestoreKey
SSDT BA6DB66C ZwReplaceKey
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0121000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0124000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0123000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0122000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00D2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D1000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[3272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B06B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B06D70
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0123000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0122000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0126000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0125000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0121000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0124000A
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB97F5000, 0x273B67, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00452230 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00452270 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 004522B0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 004522E0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 00452430 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 00452490 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00452320 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00452360 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 004523A0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text E:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe[2260] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 004523F0 E:\Program Files\VIRGIN BROADBAND\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
---- Threads - GMER 1.0.15 ----
Thread System [4:124] 8A7F8E7A
Thread System [4:128] 8A7FB008
---- Kernel code sections - GMER 1.0.15 ----
INITc VolSnap.sys BA0D3BD0 4 Bytes [B0, A5, 53, 80]
INITc VolSnap.sys BA0D3BF8 4 Bytes [B8, A1, 4F, 80]
INITc VolSnap.sys BA0D3C20 4 Bytes [B6, AE, 4F, 80]
INITc VolSnap.sys BA0D3C48 4 Bytes [30, FF, 4F, 80]
INITc VolSnap.sys BA0D3C70 4 Bytes [7A, A8, 4F, 80]
---- EOF - GMER 1.0.15 ----