TheCoach

Members

View Profile See their activity

Posts
4
Joined
June 4, 2010
Last visited
June 7, 2010

Reputation

0 Neutral

possible rootkit

TheCoach replied to TheCoach's topic in Resolved Malware Removal Logs

Hello, I have followed all instructions. Combofix is running now. It has been running for about 1 hour. It advised that it might take 10. The last thing I see on the screen is : "However scan times for badly infected machines can easily double." I noticed that the time on the computer has not incremented from when I started the scan.....doesn't seem right. The hard disk light on the PC is flicking, so I'm not sure if it has locked up or not. Should I see some kind of status or progress display after the banner line above? How long would you expect Combofix to run?
- June 7, 2010
- 5 replies
possible rootkit

TheCoach posted a topic in Resolved Malware Removal Logs

Most recent MBAM log file : 08:53:23 lee MESSAGE Protection started successfully 08:53:27 lee MESSAGE IP Protection started successfully 08:53:38 lee IP-BLOCK 91.212.226.7 08:53:41 lee IP-BLOCK 91.212.226.7 08:53:47 lee IP-BLOCK 91.212.226.7 09:00:17 lee MESSAGE Protection started successfully 09:00:21 lee MESSAGE IP Protection started successfully 09:00:26 lee IP-BLOCK 91.212.226.7 09:00:29 lee IP-BLOCK 91.212.226.7 09:00:35 lee IP-BLOCK 91.212.226.7 09:02:33 lee IP-BLOCK 61.61.20.135 09:02:36 lee IP-BLOCK 61.61.20.135 09:02:42 lee IP-BLOCK 61.61.20.135 09:02:54 lee IP-BLOCK 61.61.20.135 09:02:57 lee IP-BLOCK 61.61.20.135 09:03:03 lee IP-BLOCK 61.61.20.135 09:03:47 lee IP-BLOCK 61.61.20.135 09:03:50 lee IP-BLOCK 61.61.20.135 09:03:56 lee IP-BLOCK 61.61.20.135 09:03:56 lee IP-BLOCK 61.61.20.135 09:03:59 lee IP-BLOCK 61.61.20.135 09:04:05 lee IP-BLOCK 61.61.20.135 09:04:08 lee IP-BLOCK 61.61.20.135 09:04:11 lee IP-BLOCK 61.61.20.135 09:04:17 lee IP-BLOCK 61.61.20.135 09:04:20 lee IP-BLOCK 61.61.20.135 09:04:26 lee IP-BLOCK 61.61.20.135 09:04:29 lee IP-BLOCK 61.61.20.135 09:04:32 lee IP-BLOCK 61.61.20.135 09:04:38 lee IP-BLOCK 61.61.20.135 09:04:41 lee IP-BLOCK 61.61.20.135 09:04:47 lee IP-BLOCK 61.61.20.135 09:04:50 lee IP-BLOCK 61.61.20.135 09:04:53 lee IP-BLOCK 61.61.20.135 09:04:59 lee IP-BLOCK 61.61.20.135 09:05:02 lee IP-BLOCK 61.61.20.135 09:05:08 lee IP-BLOCK 61.61.20.135 09:05:21 lee IP-BLOCK 61.61.20.135 09:05:24 lee IP-BLOCK 61.61.20.135 09:05:30 lee IP-BLOCK 61.61.20.135 09:05:42 lee IP-BLOCK 61.61.20.135 09:05:45 lee IP-BLOCK 61.61.20.135 09:05:51 lee IP-BLOCK 61.61.20.135 09:06:03 lee IP-BLOCK 61.61.20.135 09:06:06 lee IP-BLOCK 61.61.20.135 09:06:12 lee IP-BLOCK 61.61.20.135 09:06:24 lee IP-BLOCK 61.61.20.135 09:06:27 lee IP-BLOCK 61.61.20.135 09:06:33 lee IP-BLOCK 61.61.20.135 09:06:45 lee IP-BLOCK 61.61.20.135 09:06:48 lee IP-BLOCK 61.61.20.135 09:06:54 lee IP-BLOCK 61.61.20.135 09:07:06 lee IP-BLOCK 61.61.20.135 09:07:09 lee IP-BLOCK 61.61.20.135 09:07:15 lee IP-BLOCK 61.61.20.135 09:07:28 lee IP-BLOCK 61.61.20.135 09:07:31 lee IP-BLOCK 61.61.20.135 09:07:31 lee IP-BLOCK 213.163.89.104 09:07:34 lee IP-BLOCK 213.163.89.104 09:07:37 lee IP-BLOCK 61.61.20.135 09:07:40 lee IP-BLOCK 213.163.89.104 09:07:49 lee IP-BLOCK 61.61.20.135 09:07:52 lee IP-BLOCK 61.61.20.135 09:07:58 lee IP-BLOCK 61.61.20.135 09:08:10 lee IP-BLOCK 61.61.20.135 09:08:13 lee IP-BLOCK 61.61.20.135 09:08:19 lee IP-BLOCK 61.61.20.135 09:08:31 lee IP-BLOCK 61.61.20.135 09:08:34 lee IP-BLOCK 61.61.20.135 09:08:40 lee IP-BLOCK 61.61.20.135 09:08:52 lee IP-BLOCK 61.61.20.135 09:08:55 lee IP-BLOCK 61.61.20.135 09:09:01 lee IP-BLOCK 61.61.20.135 09:09:13 lee IP-BLOCK 61.61.20.135 09:09:16 lee IP-BLOCK 61.61.20.135 09:09:22 lee IP-BLOCK 61.61.20.135 09:09:34 lee IP-BLOCK 61.61.20.135 09:09:37 lee IP-BLOCK 61.61.20.135 09:09:43 lee IP-BLOCK 61.61.20.135 09:09:55 lee IP-BLOCK 61.61.20.135 09:09:58 lee IP-BLOCK 61.61.20.135 09:10:04 lee IP-BLOCK 61.61.20.135 09:10:16 lee IP-BLOCK 61.61.20.135 09:10:19 lee IP-BLOCK 61.61.20.135 09:10:25 lee IP-BLOCK 61.61.20.135 09:10:37 lee IP-BLOCK 61.61.20.135 09:10:40 lee IP-BLOCK 61.61.20.135 09:10:46 lee IP-BLOCK 61.61.20.135 09:10:58 lee IP-BLOCK 213.163.89.104 09:11:01 lee IP-BLOCK 213.163.89.104 09:11:08 lee IP-BLOCK 213.163.89.104 09:11:20 lee IP-BLOCK 61.61.20.135 09:11:23 lee IP-BLOCK 61.61.20.135 09:11:29 lee IP-BLOCK 61.61.20.135 09:19:29 lee IP-BLOCK 61.61.20.135 09:19:32 lee IP-BLOCK 61.61.20.135 09:19:38 lee IP-BLOCK 61.61.20.135 09:31:20 lee IP-BLOCK 213.163.89.104 09:31:23 lee IP-BLOCK 213.163.89.104 09:31:29 lee IP-BLOCK 213.163.89.104 09:32:02 lee IP-BLOCK 61.61.20.132 09:32:05 lee IP-BLOCK 61.61.20.132 09:32:11 lee IP-BLOCK 61.61.20.132 10:01:28 lee MESSAGE Protection started successfully 10:01:32 lee MESSAGE IP Protection started successfully 10:02:24 lee IP-BLOCK 91.212.226.7 10:02:27 lee IP-BLOCK 91.212.226.7 10:02:33 lee IP-BLOCK 91.212.226.7 10:09:30 lee IP-BLOCK 213.163.89.104 10:09:33 lee IP-BLOCK 213.163.89.104 10:09:39 lee IP-BLOCK 213.163.89.104 10:10:30 lee IP-BLOCK 213.163.89.104 10:10:33 lee IP-BLOCK 213.163.89.104 10:10:39 lee IP-BLOCK 213.163.89.104 10:12:52 lee IP-BLOCK 61.61.20.135 10:12:55 lee IP-BLOCK 61.61.20.135 10:13:01 lee IP-BLOCK 61.61.20.135 10:17:14 lee IP-BLOCK 61.61.20.135 10:17:17 lee IP-BLOCK 61.61.20.135 10:17:23 lee IP-BLOCK 61.61.20.135 10:17:35 lee IP-BLOCK 61.61.20.135 10:17:38 lee IP-BLOCK 61.61.20.135 10:17:44 lee IP-BLOCK 61.61.20.135 10:17:56 lee IP-BLOCK 61.61.20.135 10:17:59 lee IP-BLOCK 61.61.20.135 10:18:05 lee IP-BLOCK 61.61.20.135 10:18:16 lee IP-BLOCK 61.61.20.135 10:18:19 lee IP-BLOCK 61.61.20.135 10:18:25 lee IP-BLOCK 61.61.20.135 10:18:39 lee IP-BLOCK 61.61.20.135 10:18:40 lee IP-BLOCK 61.61.20.135 10:18:42 lee IP-BLOCK 61.61.20.135 10:18:43 lee IP-BLOCK 61.61.20.135 10:18:48 lee IP-BLOCK 61.61.20.135 10:18:49 lee IP-BLOCK 61.61.20.135 10:19:00 lee IP-BLOCK 61.61.20.135 10:19:01 lee IP-BLOCK 61.61.20.135 10:19:03 lee IP-BLOCK 61.61.20.135 10:19:04 lee IP-BLOCK 61.61.20.135 10:19:09 lee IP-BLOCK 61.61.20.135 10:19:10 lee IP-BLOCK 61.61.20.135 10:19:21 lee IP-BLOCK 61.61.20.135 10:19:22 lee IP-BLOCK 61.61.20.135 10:19:24 lee IP-BLOCK 61.61.20.135 10:19:25 lee IP-BLOCK 61.61.20.135 10:19:30 lee IP-BLOCK 61.61.20.135 10:19:31 lee IP-BLOCK 61.61.20.135 10:19:42 lee IP-BLOCK 61.61.20.135 10:19:43 lee IP-BLOCK 61.61.20.135 10:19:45 lee IP-BLOCK 61.61.20.135 10:19:46 lee IP-BLOCK 61.61.20.135 10:19:51 lee IP-BLOCK 61.61.20.135 10:19:52 lee IP-BLOCK 61.61.20.135 10:20:03 lee IP-BLOCK 61.61.20.135 10:20:04 lee IP-BLOCK 61.61.20.135 10:20:06 lee IP-BLOCK 61.61.20.135 10:20:07 lee IP-BLOCK 61.61.20.135 10:20:12 lee IP-BLOCK 61.61.20.135 10:20:13 lee IP-BLOCK 61.61.20.135 10:20:24 lee IP-BLOCK 61.61.20.135 10:20:25 lee IP-BLOCK 61.61.20.135 10:20:27 lee IP-BLOCK 61.61.20.135 10:20:28 lee IP-BLOCK 61.61.20.135 10:20:33 lee IP-BLOCK 61.61.20.135 10:20:34 lee IP-BLOCK 61.61.20.135 10:20:45 lee IP-BLOCK 61.61.20.135 10:20:46 lee IP-BLOCK 61.61.20.135 10:20:48 lee IP-BLOCK 61.61.20.135 10:20:49 lee IP-BLOCK 61.61.20.135 10:20:54 lee IP-BLOCK 61.61.20.135 10:20:55 lee IP-BLOCK 61.61.20.135 10:21:06 lee IP-BLOCK 61.61.20.135 10:21:07 lee IP-BLOCK 61.61.20.135 10:21:09 lee IP-BLOCK 61.61.20.135 10:21:10 lee IP-BLOCK 61.61.20.135 10:21:15 lee IP-BLOCK 61.61.20.135 10:21:16 lee IP-BLOCK 61.61.20.135 10:21:27 lee IP-BLOCK 61.61.20.135 10:21:28 lee IP-BLOCK 61.61.20.135 10:21:30 lee IP-BLOCK 61.61.20.135 10:21:31 lee IP-BLOCK 61.61.20.135 10:21:36 lee IP-BLOCK 61.61.20.135 10:21:37 lee IP-BLOCK 61.61.20.135 10:21:48 lee IP-BLOCK 61.61.20.135 10:21:49 lee IP-BLOCK 61.61.20.135 10:21:51 lee IP-BLOCK 61.61.20.135 10:21:52 lee IP-BLOCK 61.61.20.135 10:21:57 lee IP-BLOCK 61.61.20.135 10:21:58 lee IP-BLOCK 61.61.20.135 10:22:09 lee IP-BLOCK 61.61.20.135 10:22:10 lee IP-BLOCK 61.61.20.135 10:22:12 lee IP-BLOCK 61.61.20.135 10:22:13 lee IP-BLOCK 61.61.20.135 10:22:18 lee IP-BLOCK 61.61.20.135 10:22:19 lee IP-BLOCK 61.61.20.135 10:22:30 lee IP-BLOCK 61.61.20.135 10:22:33 lee IP-BLOCK 61.61.20.135 10:22:39 lee IP-BLOCK 61.61.20.135 10:22:51 lee IP-BLOCK 61.61.20.135 10:22:54 lee IP-BLOCK 61.61.20.135 10:23:00 lee IP-BLOCK 61.61.20.135 10:24:49 lee IP-BLOCK 61.61.20.135 10:24:52 lee IP-BLOCK 61.61.20.135 10:24:58 lee IP-BLOCK 61.61.20.135 10:25:10 lee IP-BLOCK 61.61.20.135 10:25:13 lee IP-BLOCK 61.61.20.135 10:25:19 lee IP-BLOCK 61.61.20.135 10:25:31 lee IP-BLOCK 61.61.20.135 10:25:34 lee IP-BLOCK 61.61.20.135 10:25:40 lee IP-BLOCK 61.61.20.135 10:25:52 lee IP-BLOCK 61.61.20.135 10:25:55 lee IP-BLOCK 61.61.20.135 10:26:01 lee IP-BLOCK 61.61.20.135 10:26:13 lee IP-BLOCK 61.61.20.135 10:26:16 lee IP-BLOCK 61.61.20.135 10:26:22 lee IP-BLOCK 61.61.20.135 10:26:34 lee IP-BLOCK 61.61.20.135 10:26:37 lee IP-BLOCK 61.61.20.135 10:26:43 lee IP-BLOCK 61.61.20.135 10:26:55 lee IP-BLOCK 61.61.20.135 10:26:58 lee IP-BLOCK 61.61.20.135 10:27:04 lee IP-BLOCK 61.61.20.135 10:27:16 lee IP-BLOCK 61.61.20.135 10:27:19 lee IP-BLOCK 61.61.20.135 10:27:25 lee IP-BLOCK 61.61.20.135 10:27:37 lee IP-BLOCK 61.61.20.135 10:27:40 lee IP-BLOCK 61.61.20.135 10:27:46 lee IP-BLOCK 61.61.20.135 10:27:58 lee IP-BLOCK 61.61.20.135 10:28:01 lee IP-BLOCK 61.61.20.135 10:28:07 lee IP-BLOCK 61.61.20.135 10:28:19 lee IP-BLOCK 61.61.20.135 10:28:22 lee IP-BLOCK 61.61.20.135 10:28:28 lee IP-BLOCK 61.61.20.135 10:28:40 lee IP-BLOCK 61.61.20.135 10:28:43 lee IP-BLOCK 61.61.20.135 10:28:49 lee IP-BLOCK 61.61.20.135 10:29:01 lee IP-BLOCK 61.61.20.135 10:29:04 lee IP-BLOCK 61.61.20.135 10:29:10 lee IP-BLOCK 61.61.20.135 10:29:22 lee IP-BLOCK 61.61.20.135 10:29:25 lee IP-BLOCK 61.61.20.135 10:29:31 lee IP-BLOCK 61.61.20.135 10:29:43 lee IP-BLOCK 61.61.20.135 10:29:46 lee IP-BLOCK 61.61.20.135 10:29:52 lee IP-BLOCK 61.61.20.135 10:30:04 lee IP-BLOCK 61.61.20.135 10:30:07 lee IP-BLOCK 61.61.20.135 10:30:13 lee IP-BLOCK 61.61.20.135 10:30:25 lee IP-BLOCK 61.61.20.135 10:30:28 lee IP-BLOCK 61.61.20.135 10:30:34 lee IP-BLOCK 61.61.20.135 10:30:46 lee IP-BLOCK 61.61.20.135 10:30:49 lee IP-BLOCK 61.61.20.135 10:30:55 lee IP-BLOCK 61.61.20.135 10:31:07 lee IP-BLOCK 61.61.20.135 10:31:10 lee IP-BLOCK 61.61.20.135 10:31:16 lee IP-BLOCK 61.61.20.135 10:31:28 lee IP-BLOCK 61.61.20.135 10:31:31 lee IP-BLOCK 61.61.20.135 10:31:37 lee IP-BLOCK 61.61.20.135 10:31:49 lee IP-BLOCK 61.61.20.135 10:31:52 lee IP-BLOCK 61.61.20.135 10:31:58 lee IP-BLOCK 61.61.20.135 10:32:10 lee IP-BLOCK 61.61.20.135 10:32:13 lee IP-BLOCK 61.61.20.135 10:32:19 lee IP-BLOCK 61.61.20.135 10:32:31 lee IP-BLOCK 61.61.20.135 10:32:34 lee IP-BLOCK 61.61.20.135 10:32:40 lee IP-BLOCK 61.61.20.135 10:32:52 lee IP-BLOCK 213.163.89.104 10:32:52 lee IP-BLOCK 61.61.20.135 10:32:55 lee IP-BLOCK 213.163.89.104 10:32:55 lee IP-BLOCK 61.61.20.135 10:33:01 lee IP-BLOCK 213.163.89.104 10:33:01 lee IP-BLOCK 61.61.20.135 10:33:13 lee IP-BLOCK 61.61.20.135 10:33:16 lee IP-BLOCK 61.61.20.135 10:33:22 lee IP-BLOCK 61.61.20.135 10:33:34 lee IP-BLOCK 61.61.20.132 10:33:34 lee IP-BLOCK 61.61.20.135 10:33:37 lee IP-BLOCK 61.61.20.132 10:33:37 lee IP-BLOCK 61.61.20.135 10:33:43 lee IP-BLOCK 61.61.20.132 10:33:43 lee IP-BLOCK 61.61.20.135 10:33:55 lee IP-BLOCK 61.61.20.135 10:33:58 lee IP-BLOCK 61.61.20.135 10:34:04 lee IP-BLOCK 61.61.20.135 10:34:16 lee IP-BLOCK 61.61.20.135 10:34:19 lee IP-BLOCK 61.61.20.135 10:34:25 lee IP-BLOCK 61.61.20.135 10:34:37 lee IP-BLOCK 61.61.20.135 10:34:40 lee IP-BLOCK 61.61.20.135 10:34:46 lee IP-BLOCK 61.61.20.135 10:34:58 lee IP-BLOCK 61.61.20.135 10:35:01 lee IP-BLOCK 61.61.20.135 10:35:07 lee IP-BLOCK 61.61.20.135 10:35:19 lee IP-BLOCK 61.61.20.135 10:35:22 lee IP-BLOCK 61.61.20.135 10:35:28 lee IP-BLOCK 61.61.20.135 10:35:40 lee IP-BLOCK 61.61.20.135 10:35:43 lee IP-BLOCK 61.61.20.135 10:35:49 lee IP-BLOCK 61.61.20.135 10:36:01 lee IP-BLOCK 61.61.20.135 10:36:04 lee IP-BLOCK 61.61.20.135 10:36:10 lee IP-BLOCK 61.61.20.135 10:36:22 lee IP-BLOCK 61.61.20.135 10:36:25 lee IP-BLOCK 61.61.20.135 10:36:31 lee IP-BLOCK 61.61.20.135 10:36:43 lee IP-BLOCK 61.61.20.135 10:36:46 lee IP-BLOCK 61.61.20.135 10:36:52 lee IP-BLOCK 61.61.20.135 10:37:04 lee IP-BLOCK 61.61.20.135 10:37:07 lee IP-BLOCK 61.61.20.135 10:37:13 lee IP-BLOCK 61.61.20.135 10:37:25 lee IP-BLOCK 61.61.20.135 10:37:28 lee IP-BLOCK 61.61.20.135 10:37:34 lee IP-BLOCK 61.61.20.135 10:37:46 lee IP-BLOCK 61.61.20.135 10:37:49 lee IP-BLOCK 61.61.20.135 10:37:55 lee IP-BLOCK 61.61.20.135 10:38:07 lee IP-BLOCK 61.61.20.135 10:38:10 lee IP-BLOCK 61.61.20.135 10:38:16 lee IP-BLOCK 61.61.20.135 10:43:55 lee IP-BLOCK 61.61.20.132 10:43:58 lee IP-BLOCK 61.61.20.132 10:44:04 lee IP-BLOCK 61.61.20.132 10:53:45 lee IP-BLOCK 61.61.20.135 10:53:48 lee IP-BLOCK 61.61.20.135 10:53:54 lee IP-BLOCK 61.61.20.135 10:54:06 lee IP-BLOCK 61.61.20.135 10:54:09 lee IP-BLOCK 61.61.20.135 10:54:15 lee IP-BLOCK 61.61.20.135 10:54:16 lee IP-BLOCK 91.212.226.6 10:54:19 lee IP-BLOCK 91.212.226.6 10:54:25 lee IP-BLOCK 91.212.226.6 10:59:14 lee IP-BLOCK 213.163.89.104 10:59:17 lee IP-BLOCK 213.163.89.104 10:59:23 lee IP-BLOCK 213.163.89.104 11:04:39 lee IP-BLOCK 91.212.226.7 11:04:42 lee IP-BLOCK 91.212.226.7 11:04:48 lee IP-BLOCK 91.212.226.7 11:38:47 lee MESSAGE Protection started successfully 11:38:51 lee MESSAGE IP Protection started successfully 11:40:03 lee IP-BLOCK 91.212.226.7 11:40:06 lee IP-BLOCK 91.212.226.7 11:40:13 lee IP-BLOCK 91.212.226.7 11:47:09 lee IP-BLOCK 213.163.89.104 11:47:12 lee IP-BLOCK 213.163.89.104 11:47:18 lee IP-BLOCK 213.163.89.104 11:48:09 lee IP-BLOCK 213.163.89.104 11:48:12 lee IP-BLOCK 213.163.89.104 11:48:18 lee IP-BLOCK 213.163.89.104 11:50:31 lee IP-BLOCK 61.61.20.135 11:50:34 lee IP-BLOCK 61.61.20.135 11:50:40 lee IP-BLOCK 61.61.20.135 11:58:31 lee IP-BLOCK 213.163.89.104 11:58:34 lee IP-BLOCK 213.163.89.104 11:58:40 lee IP-BLOCK 213.163.89.104 12:07:53 lee IP-BLOCK 213.163.89.104 12:07:55 lee IP-BLOCK 213.163.89.104 12:08:02 lee IP-BLOCK 213.163.89.104 12:11:14 lee IP-BLOCK 61.61.20.132 12:11:17 lee IP-BLOCK 61.61.20.132 12:11:23 lee IP-BLOCK 61.61.20.132 12:11:43 lee IP-BLOCK 61.61.20.135 12:11:46 lee IP-BLOCK 61.61.20.135 12:11:52 lee IP-BLOCK 61.61.20.135 12:12:04 lee IP-BLOCK 61.61.20.135 12:12:07 lee IP-BLOCK 61.61.20.135 12:12:13 lee IP-BLOCK 61.61.20.135 12:12:28 lee IP-BLOCK 61.61.20.135 12:12:31 lee IP-BLOCK 61.61.20.135 12:12:37 lee IP-BLOCK 61.61.20.135 12:12:49 lee IP-BLOCK 61.61.20.135 12:12:52 lee IP-BLOCK 61.61.20.135 12:12:58 lee IP-BLOCK 61.61.20.135 12:13:10 lee IP-BLOCK 61.61.20.135 12:13:13 lee IP-BLOCK 61.61.20.135 12:13:19 lee IP-BLOCK 61.61.20.135 12:13:31 lee IP-BLOCK 61.61.20.135 12:13:34 lee IP-BLOCK 61.61.20.135 12:13:40 lee IP-BLOCK 61.61.20.135 12:13:52 lee IP-BLOCK 61.61.20.135 12:13:55 lee IP-BLOCK 61.61.20.135 12:14:01 lee IP-BLOCK 61.61.20.135 12:14:13 lee IP-BLOCK 61.61.20.135 12:14:16 lee IP-BLOCK 61.61.20.135 12:14:22 lee IP-BLOCK 61.61.20.135 12:14:34 lee IP-BLOCK 61.61.20.135 12:14:37 lee IP-BLOCK 61.61.20.135 12:14:43 lee IP-BLOCK 61.61.20.135 12:14:55 lee IP-BLOCK 61.61.20.135 12:14:58 lee IP-BLOCK 61.61.20.135 12:15:04 lee IP-BLOCK 61.61.20.135 12:15:16 lee IP-BLOCK 61.61.20.135 12:15:19 lee IP-BLOCK 61.61.20.135 12:15:25 lee IP-BLOCK 61.61.20.135 12:15:37 lee IP-BLOCK 61.61.20.135 12:15:40 lee IP-BLOCK 61.61.20.135 12:15:46 lee IP-BLOCK 61.61.20.135 12:15:58 lee IP-BLOCK 61.61.20.135 12:16:01 lee IP-BLOCK 61.61.20.135 12:16:07 lee IP-BLOCK 61.61.20.135 12:16:19 lee IP-BLOCK 61.61.20.135 12:16:22 lee IP-BLOCK 61.61.20.135 12:16:28 lee IP-BLOCK 61.61.20.135 12:16:40 lee IP-BLOCK 61.61.20.135 12:16:43 lee IP-BLOCK 61.61.20.135 12:16:49 lee IP-BLOCK 61.61.20.135 12:17:01 lee IP-BLOCK 61.61.20.135 12:17:04 lee IP-BLOCK 61.61.20.135 12:17:10 lee IP-BLOCK 61.61.20.135 12:17:22 lee IP-BLOCK 61.61.20.135 12:17:25 lee IP-BLOCK 61.61.20.135 12:17:31 lee IP-BLOCK 61.61.20.135 12:17:43 lee IP-BLOCK 61.61.20.135 12:17:46 lee IP-BLOCK 61.61.20.135 12:17:52 lee IP-BLOCK 61.61.20.135 12:18:04 lee IP-BLOCK 61.61.20.135 12:18:07 lee IP-BLOCK 61.61.20.135 12:18:13 lee IP-BLOCK 61.61.20.135 12:18:25 lee IP-BLOCK 61.61.20.135 12:18:28 lee IP-BLOCK 61.61.20.135 12:18:34 lee IP-BLOCK 61.61.20.135 12:19:07 lee IP-BLOCK 61.61.20.135 12:19:10 lee IP-BLOCK 61.61.20.135 12:19:16 lee IP-BLOCK 61.61.20.135 12:19:28 lee IP-BLOCK 61.61.20.135 12:19:31 lee IP-BLOCK 61.61.20.135 12:19:37 lee IP-BLOCK 61.61.20.135 12:19:49 lee IP-BLOCK 61.61.20.135 12:19:52 lee IP-BLOCK 61.61.20.135 12:19:58 lee IP-BLOCK 61.61.20.135 12:20:10 lee IP-BLOCK 61.61.20.135 12:20:13 lee IP-BLOCK 61.61.20.135 12:20:19 lee IP-BLOCK 61.61.20.135 12:20:31 lee IP-BLOCK 61.61.20.135 12:20:34 lee IP-BLOCK 61.61.20.135 12:20:40 lee IP-BLOCK 61.61.20.135 12:20:52 lee IP-BLOCK 61.61.20.135 12:20:55 lee IP-BLOCK 61.61.20.135 12:21:01 lee IP-BLOCK 61.61.20.135 12:21:13 lee IP-BLOCK 61.61.20.135 12:21:16 lee IP-BLOCK 61.61.20.135 12:21:22 lee IP-BLOCK 61.61.20.135 12:21:35 lee IP-BLOCK 61.61.20.132 12:21:38 lee IP-BLOCK 61.61.20.132 12:21:44 lee IP-BLOCK 61.61.20.132 12:31:56 lee IP-BLOCK 91.212.226.6 12:31:59 lee IP-BLOCK 91.212.226.6 12:32:05 lee IP-BLOCK 91.212.226.6 12:38:16 lee IP-BLOCK 61.61.20.135 12:38:19 lee IP-BLOCK 61.61.20.135 12:38:25 lee IP-BLOCK 61.61.20.135 12:38:37 lee IP-BLOCK 61.61.20.135 12:38:40 lee IP-BLOCK 61.61.20.135 12:38:46 lee IP-BLOCK 61.61.20.135 12:38:58 lee IP-BLOCK 61.61.20.135 12:39:01 lee IP-BLOCK 61.61.20.135 12:39:07 lee IP-BLOCK 61.61.20.135 12:40:14 lee IP-BLOCK 213.163.89.104 12:40:17 lee IP-BLOCK 213.163.89.104 12:40:23 lee IP-BLOCK 213.163.89.104 12:42:17 lee IP-BLOCK 91.212.226.7 12:42:20 lee IP-BLOCK 91.212.226.7 12:42:26 lee IP-BLOCK 91.212.226.7 12:46:35 lee IP-BLOCK 213.163.89.104 12:46:38 lee IP-BLOCK 213.163.89.104 12:46:44 lee IP-BLOCK 213.163.89.104 12:58:29 lee IP-BLOCK 61.61.20.135 12:58:32 lee IP-BLOCK 61.61.20.135 12:58:38 lee IP-BLOCK 61.61.20.135 12:58:50 lee IP-BLOCK 61.61.20.135 12:58:53 lee IP-BLOCK 61.61.20.135 12:58:59 lee IP-BLOCK 61.61.20.135 12:59:11 lee IP-BLOCK 61.61.20.135 12:59:14 lee IP-BLOCK 61.61.20.135 12:59:20 lee IP-BLOCK 61.61.20.135 13:03:56 lee IP-BLOCK 213.163.89.104 13:03:58 lee IP-BLOCK 213.163.89.104 13:04:05 lee IP-BLOCK 213.163.89.104 14:25:56 lee MESSAGE Protection started successfully 14:26:00 lee MESSAGE IP Protection started successfully 14:26:38 lee IP-BLOCK 91.212.226.7 14:26:41 lee IP-BLOCK 91.212.226.7 14:26:47 lee IP-BLOCK 91.212.226.7 14:31:22 lee MESSAGE IP Protection stopped 14:31:28 lee MESSAGE Database updated successfully 14:31:29 lee MESSAGE IP Protection started successfully 14:33:44 lee IP-BLOCK 213.163.89.104 14:33:47 lee IP-BLOCK 213.163.89.104 14:33:53 lee IP-BLOCK 213.163.89.104 14:34:43 lee IP-BLOCK 213.163.89.104 14:34:46 lee IP-BLOCK 213.163.89.104 14:34:52 lee IP-BLOCK 213.163.89.104 14:37:05 lee IP-BLOCK 61.61.20.135 ******************** DDS log file DDS (Ver_10-03-17.01) - NTFSx86 Run by lee at 14:41:30.52 on Fri 06/04/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1383 [GMT -7:00] AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Timeslips\TSTimer.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\lee.lawtonlaw\Desktop\dds.scr ============== Pseudo HJT Report =============== uWindow Title = Microsoft Internet Explorer provided by PROVIDED BY: THE LAWTON LAW FIRM uInternet Settings,ProxyServer = http=127.0.0.1:5555 mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: moigh Object: {98b13e11-79dd-4410-bb59-0a4578ab28c7} - c:\windows\system32\lnejpzjn.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: voguecash browser enhancer: {a74ce7f0-d7f5-6397-f35e-c6a9e34b6b68} - c:\windows\system32\gpbadcxedrxwjgvd.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [TSTimer] "c:\program files\timeslips\TSTimer.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe uPolicies-explorer: DisablePersonalDirChange = 1 (0x1) uPolicies-explorer: EditLevel = 0 (0x0) uPolicies-explorer: NoCommonGroups = 0 (0x0) mPolicies-explorer: NoWelcomeScreen = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-2 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-2 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-2 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-2 308064] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-15 47640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-10 20952] S2 gupdate1c9d40ef72d6655;Google Update Service (gupdate1c9d40ef72d6655);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-10 304464] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-2 430152] S4 ejuhk;ejuhk;c:\windows\system32\drivers\rliqqsy.sys [2010-5-10 54016] S4 esvwccax;esvwccax;\??\c:\windows\system32\drivers\esvwccax.sys --> c:\windows\system32\drivers\esvwccax.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-06-04 21:38:35 0 ----a-w- c:\documents and settings\lee.lawtonlaw\defogger_reenable 2010-06-02 21:13:49 0 d--h--w- C:\$AVG 2010-06-02 21:09:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-02 21:09:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-02 21:09:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-02 21:09:20 0 d-----w- c:\windows\system32\drivers\Avg 2010-06-02 21:09:17 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2010-06-02 21:06:39 0 d-----w- c:\program files\AVG 2010-06-02 21:06:22 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-06-01 20:39:01 7106 ----a-w- c:\windows\system32\thqvmk 2010-06-01 20:39:01 64512 ----a-w- c:\windows\system32\klgd.bmp 2010-06-01 19:47:42 23972 ----a-w- c:\windows\XSUMLT08.ini 2010-05-28 19:38:06 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-05-28 19:38:06 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-05-28 19:36:55 0 d-----w- c:\docume~1\lee~1.law\applic~1\Street-Ads 2010-05-28 19:36:37 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-05-28 19:36:37 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-05-28 19:36:34 0 d-----w- c:\docume~1\lee~1.law\applic~1\Sky-Banners 2010-05-28 19:36:31 50981 ----a-w- c:\windows\system32\xgytstysaf.exe 2010-05-24 16:31:20 40633 ----a-w- c:\windows\system32\tccxdndo.exe 2010-05-10 19:48:31 54016 ----a-w- c:\windows\system32\drivers\rliqqsy.sys 2010-05-10 19:40:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-10 19:40:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-10 19:40:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2010-06-02 00:20:05 85880 ----a-w- c:\windows\fonts\AdobeFnt07.lst 2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2009-04-14 16:49:29 848 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 14:42:23.02 =============== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-04 15:43:37 Windows 5.1.2600 Service Pack 2 Running: qqz8pk7i.exe; Driver: C:\DOCUME~1\LEE~1.LAW\LOCALS~1\Temp\kwdyqkod.sys ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\DRIVERS\cdrom.sys entry point in ".rsrc" section [0xBA153194] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009C000A .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009D000A .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009B000C .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0221000A .text C:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00DC000A .text C:\Program Files\Timeslips\TSTimer.exe[2200] kernel32.dll!GetDiskFreeSpaceA 7C830309 5 Bytes JMP 01319F24 C:\Program Files\Timeslips\TSDBAP32.dll (Timeslips API/Best Software SB, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F5000A .text C:\Program Files\Internet Explorer\iexplore.exe[3424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F6000A .text C:\Program Files\Internet Explorer\iexplore.exe[3424] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F4000C .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3424] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A .text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A .text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \FileSystem\Fastfat \Fat A73E0C8A AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio) Device -> \Driver\atapi \Device\Harddisk0\DR0 89C73EC5 ---- Processes - GMER 1.0.15 ---- Library C:\PROGRA~1\WINDOW~4\MpShHook.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3976] 0x5F800000 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious modification File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- ark.zip
- June 4, 2010
- 5 replies
IP blocking

TheCoach posted a topic in Malwarebytes for Windows Support Forum

I had a problem with a computer getting a rogue antivirus infection. Malwarebytes Free was able to clean it, however it would keep coming back. I now have the paid version, and every time I bring up IE8, IP addresses get blocked. So far, no more virus. I know that MB is doing it's job, but I want to find out what process or program is trying to go to these IP addresses. I had started up IE with no addons and still get the IP blocking messages. Thanks for any ideas.
- June 4, 2010
- 2 replies
IP blocking

TheCoach posted a topic in Malwarebytes for Windows Support Forum

I had a problem with a computer getting a rogue antivirus infection. Malwarebytes Free was able to clean it, however it would keep coming back. I now have the paid version, and every time I bring up IE8, IP addresses get blocked. So far, no more virus. I know that MB is doing it's job, but I want to find out what process or program is trying to go to these IP addresses. I had started up IE with no addons and still get the IP blocking messages. Thanks for any ideas.
- June 4, 2010
- 7 replies

Sign In

TheCoach

Posts

Joined

Last visited

Reputation

possible rootkit

possible rootkit

IP blocking

IP blocking

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information