Hello,
Never heard from anyone earlier today so I am not sure if i did something wrong when I requested help. (original post - Search results redirected from any search engine (Part1) )
Was not sure how to post logs that exceeded limit Posted balance of logs as a reply in this post.
Search results from any engine (bing, google etc) are redirected to a random website the first time. When I try again I am brought to the correct place. I have completed all the steps (8) as required with the logs attached. Text too long so last two logs on next post. I used Avira as my virus scan and it slowed down my boot up considerably. Windows XP, IE8 ,Dell Dimension 8100 (old but serves my current needs).
Thank You for any help on this.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5611
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/27/2011 7:50:42 AM
mbam-log-2011-01-27 (07-50-42).txt
Scan type: Quick scan
Objects scanned: 156495
Time elapsed: 12 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes InfectedNo malicious items detected)
Memory Modules InfectedNo malicious items detected)
Registry Keys InfectedNo malicious items detected)
Registry Values InfectedNo malicious items detected)
Registry Data Items InfectedNo malicious items detected)
Folders Infected: (No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-27 08:38:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC35L040AVER07-0 rev.ER4OA41A
Running: j0nczy9b.exe; Driver: C:\DOCUME~1\Louis\LOCALS~1\Temp\pxtdapob.sys
---- System - GMER 1.0.15 ----
SSDT AF92C7AE ZwCreateKey
SSDT AF92C7A4 ZwCreateThread
SSDT AF92C7B3 ZwDeleteKey
SSDT AF92C7BD ZwDeleteValueKey
SSDT AF92C7C2 ZwLoadKey
SSDT AF92C790 ZwOpenProcess
SSDT AF92C795 ZwOpenThread
SSDT AF92C7CC ZwReplaceKey
SSDT AF92C7C7 ZwRestoreKey
SSDT AF92C7B8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF762F514]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C65360, 0x24BB1D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[224] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2264] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-18 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-20 8A3C4AEA
Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskIC35L040AVER07-0________________________ER4OA41A#5&297a1a48&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Tag 4
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ImagePath System32\DRIVERS\tcpip.sys
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DisplayName TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnService IPSec?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnGroup
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Description TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@NV Hostname dell
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DataBasePath %SystemRoot%\System32\drivers\etc
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@ForwardBroadcasts 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@IPEnableRouter 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Hostname dell
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DeadGWDetectDefault 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@SearchList
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@UseDomainNameDevolution 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableICMPRedirect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DontAddDefaultGatewayDe fault 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableSecurityFilters 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpNameServer 209.18.47.61 209.18.47.62
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpDomain nc.rr.com
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLIn terface WANARP
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpCo nfig Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}?Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumI nterfaces 2
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@IpConfig Tcpip\Parameters\Interfaces\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DontAddDefaultGateway 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 78165104 (+255): rootkit-like behavior;
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat 16384 bytes
File C:\WINDOWS\system32\drivers\disk.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0158 ----
Never heard from anyone earlier today so I am not sure if i did something wrong when I requested help. (original post - Search results redirected from any search engine (Part1) )
Was not sure how to post logs that exceeded limit Posted balance of logs as a reply in this post.
Search results from any engine (bing, google etc) are redirected to a random website the first time. When I try again I am brought to the correct place. I have completed all the steps (8) as required with the logs attached. Text too long so last two logs on next post. I used Avira as my virus scan and it slowed down my boot up considerably. Windows XP, IE8 ,Dell Dimension 8100 (old but serves my current needs).
Thank You for any help on this.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5611
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/27/2011 7:50:42 AM
mbam-log-2011-01-27 (07-50-42).txt
Scan type: Quick scan
Objects scanned: 156495
Time elapsed: 12 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes InfectedNo malicious items detected)
Memory Modules InfectedNo malicious items detected)
Registry Keys InfectedNo malicious items detected)
Registry Values InfectedNo malicious items detected)
Registry Data Items InfectedNo malicious items detected)
Folders Infected: (No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-27 08:38:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC35L040AVER07-0 rev.ER4OA41A
Running: j0nczy9b.exe; Driver: C:\DOCUME~1\Louis\LOCALS~1\Temp\pxtdapob.sys
---- System - GMER 1.0.15 ----
SSDT AF92C7AE ZwCreateKey
SSDT AF92C7A4 ZwCreateThread
SSDT AF92C7B3 ZwDeleteKey
SSDT AF92C7BD ZwDeleteValueKey
SSDT AF92C7C2 ZwLoadKey
SSDT AF92C790 ZwOpenProcess
SSDT AF92C795 ZwOpenThread
SSDT AF92C7CC ZwReplaceKey
SSDT AF92C7C7 ZwRestoreKey
SSDT AF92C7B8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF762F514]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C65360, 0x24BB1D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[224] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2264] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-18 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-20 8A3C4AEA
Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskIC35L040AVER07-0________________________ER4OA41A#5&297a1a48&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Tag 4
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ImagePath System32\DRIVERS\tcpip.sys
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DisplayName TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnService IPSec?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnGroup
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Description TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@NV Hostname dell
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DataBasePath %SystemRoot%\System32\drivers\etc
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@ForwardBroadcasts 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@IPEnableRouter 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Hostname dell
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DeadGWDetectDefault 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@SearchList
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@UseDomainNameDevolution 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableICMPRedirect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DontAddDefaultGatewayDe fault 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableSecurityFilters 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpNameServer 209.18.47.61 209.18.47.62
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpDomain nc.rr.com
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLIn terface WANARP
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpCo nfig Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}?Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumI nterfaces 2
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@IpConfig Tcpip\Parameters\Interfaces\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DontAddDefaultGateway 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 78165104 (+255): rootkit-like behavior;
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat 16384 bytes
File C:\WINDOWS\system32\drivers\disk.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0158 ----