Web Browser Redirecting Page.

Inactive
By southampton
Oct 28, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,433   +252

  2. southampton

    southampton Newcomer, in training Topic Starter

    [HJT log removed - Broni]
  3. southampton

    southampton Newcomer, in training Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/08/2007 20:19:03
    System Uptime: 28/10/2010 22:13:07 (0 hours ago)

    Motherboard: Dell Inc. | | 0CU409
    Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | Socket 775 | 2128/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 230 GiB total, 63.591 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 231.42 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 5800 XpressMusic
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP1: 28/10/2010 02:18:11 - System Checkpoint
    RP2: 28/10/2010 03:14:07 - Removed AVG Free 8.5
    RP3: 28/10/2010 03:15:48 - Installed AVG Free 8.5
    RP4: 28/10/2010 11:46:01 - Software Distribution Service 3.0
    RP5: 28/10/2010 12:20:39 - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    µTorrent
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.1
    Adobe Shockwave Player 11.5
    Adobe® Photoshop® Album Starter Edition 3.0
    AirPlus XtremeG
    ANIO Service
    ANIWZCS2 Service
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    avast! Free Antivirus
    Bonjour
    BT Broadband Desktop Help
    BT Broadband Support Tools
    BTHomeHub
    CCleaner
    Command & Conquer 3
    Critical Update for Windows Media Player 11 (KB959772)
    Defraggler (remove only)
    Dell Driver Download Manager
    Dell Driver Reset Tool
    Dell Resource CD
    Dell Support Center
    Dell System Restore
    DellSupport
    DivxToDVD 0.5.2b
    EA Download Manager
    EA Download Manager UI
    Football Manager 2010
    Free Audio CD Burner version 1.4
    Free Studio version 4.1
    Free YouTube Download 2.2
    Free YouTube to MP3 Converter version 3.8
    Google Chrome
    Google Desktop
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToAssist Corporate
    Hamachi 1.0.3.0
    High Definition Audio Driver Package - KB835221
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 3840
    HP Deskjet 3840 Series
    HP Driver Diagnostics
    HP Update
    Intel(R) PRO Network Connections 12.1.8.0
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Last.fm 1.5.4.24567
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft XML Parser
    Mozilla Firefox (3.5.11)
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    neroxml
    Nokia Connectivity Cable Driver
    Nokia Multimedia Common Components 2.4
    Nokia Music
    Nokia Ovi Application Installer
    Nokia Ovi Application Installer 6.85.3011
    Nokia Ovi Content Copier
    Nokia Ovi Content Copier 6.85.3011
    Nokia Ovi One Touch Access
    Nokia Ovi One Touch Access 6.85.3019
    Nokia Ovi Suite
    Nokia Ovi System Utilities
    Nokia Ovi System Utilities 6.85.3018
    Nokia PC Suite
    Nokia Photos
    Nokia Software Updater
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PC Connectivity Solution
    PKR
    QuickTime
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Safari
    Search Settings
    SearchAssist
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Smart Menus (Windows Live Toolbar)
    Sonic Activation Module
    Steam
    Tiscali Internet
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    VCRedistSetup
    VideoLAN VLC media player 0.8.6c
    Virtual Earth 3D (Beta)
    VNC Free Edition 4.1.2
    Vuze
    Vuze Remote Toolbar
    WebFldrs XP
    Windows Driver Package - Nokia Modem (06/01/2009 4.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Xvid 1.1.2 final uninstall

    ==== Event Viewer Messages From Past Week ========

    28/10/2010 22:14:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
    28/10/2010 18:53:53, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    28/10/2010 14:26:15, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.
    28/10/2010 14:19:26, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.
    28/10/2010 12:12:09, error: Service Control Manager [7003] - The McAfee Proxy Service service depends on the following nonexistent service: mfefire
    28/10/2010 12:12:09, error: Service Control Manager [7003] - The McAfee Network Agent service depends on the following nonexistent service: mfefire
    28/10/2010 11:49:21, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool - October 2010 (KB890830).
    28/10/2010 04:32:03, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
    28/10/2010 04:25:42, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
    28/10/2010 04:24:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
    28/10/2010 03:19:05, error: Service Control Manager [7023] - The Logical Disk Manager service terminated with the following error: The specified module could not be found.
    28/10/2010 03:08:15, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6010.
    28/10/2010 01:48:47, information: Windows File Protection [64005] - The protected system file wmplayer.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Lewis. The file version of the bad file is unknown.
    28/10/2010 01:48:47, information: Windows File Protection [64005] - The protected system file mpvis.dll was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Lewis. The file version of the bad file is unknown.

    ==== End Of File ===========================
  4. southampton

    southampton Newcomer, in training Topic Starter

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-09 17:54:19
    Windows 6.1.7600
    Running: gmer.exe; Driver: C:\Users\Dodge\AppData\Local\Temp\ufldypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 87838758 ZwAlertResumeThread
    SSDT 87832350 ZwAlertThread
    SSDT 879AC408 ZwAllocateVirtualMemory
    SSDT 866970B0 ZwAlpcConnectPort
    SSDT 87872208 ZwAssignProcessToJobObject
    SSDT 879AD7F0 ZwCreateMutant
    SSDT 879ABA10 ZwCreateSymbolicLinkObject
    SSDT 879AC818 ZwCreateThread
    SSDT 879ABAE0 ZwCreateThreadEx
    SSDT 87872B50 ZwDebugActiveProcess
    SSDT 879AC560 ZwDuplicateObject
    SSDT 879ADF38 ZwFreeVirtualMemory
    SSDT 8783DBB8 ZwImpersonateAnonymousToken
    SSDT 87838B40 ZwImpersonateThread
    SSDT 87049478 ZwLoadDriver
    SSDT 879ADE58 ZwMapViewOfSection
    SSDT 87837310 ZwOpenEvent
    SSDT 879AC700 ZwOpenProcess
    SSDT 877A4170 ZwOpenProcessToken
    SSDT 8786CBA0 ZwOpenSection
    SSDT 879AC630 ZwOpenThread
    SSDT 879ABBC0 ZwProtectVirtualMemory
    SSDT 878320D8 ZwResumeThread
    SSDT 877F40F0 ZwSetContextThread
    SSDT 879ADD00 ZwSetInformationProcess
    SSDT 878720D0 ZwSetSystemInformation
    SSDT 87856750 ZwSuspendProcess
    SSDT 8782D4D0 ZwSuspendThread
    SSDT 870C7D98 ZwTerminateProcess
    SSDT 877ACF10 ZwTerminateThread
    SSDT 877AD150 ZwUnmapViewOfSection
    SSDT 879AC338 ZwWriteVirtualMemory

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83029AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83029104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830293F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83011634
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83011898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830291DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83029958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830296F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83029F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302A1A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83089599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830ADF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 224 830B5734 8 Bytes [58, 87, 83, 87, 50, 23, 83, ...]
    .text ntkrnlpa.exe!RtlSidHashLookup + 23C 830B574C 4 Bytes [08, C4, 9A, 87]
    .text ntkrnlpa.exe!RtlSidHashLookup + 248 830B5758 4 Bytes [B0, 70, 69, 86]
    .text ntkrnlpa.exe!RtlSidHashLookup + 29C 830B57AC 4 Bytes [08, 22, 87, 87]
    .text ntkrnlpa.exe!RtlSidHashLookup + 318 830B5828 4 Bytes [F0, D7, 9A, 87]
    .text ...
    ? System32\drivers\tbnxplfo.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9960F000, 0x2D5378, 0xE8000020]
    .text peauth.sys A380CC9D 28 Bytes [4F, 2E, DE, B5, 2A, 56, 42, ...]
    .text peauth.sys A380CCC1 28 Bytes [4F, 2E, DE, B5, 2A, 56, 42, ...]
    PAGE peauth.sys A3812B9B 72 Bytes [E7, F5, B9, DF, 4B, A2, B5, ...]
    PAGE peauth.sys A3812BEC 111 Bytes [D0, 7F, BE, 8C, EE, FB, 04, ...]
    PAGE peauth.sys A3812E20 101 Bytes CALL 50BAB702
    PAGE ...

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74502494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744E5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744E56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7450250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744F8573] .windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744F4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744F50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744F51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744F66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744F82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744F8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744F907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744FE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744F4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[1924] @ C:\Windows\system32\SECUR32.DLL [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2444] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2444] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2444] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2444] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756D5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:4688] B2652F2E

    ---- EOF - GMER 1.0.15 ----
  5. southampton

    southampton Newcomer, in training Topic Starter

    [HJT log removed - Broni]
  6. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Malwarebytes log is missing.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.