Jump to content

Issues with Google Link after Malwarebytes found some issues


Recommended Posts

Here is the latest GMER

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-15 15:39:49

Windows 5.1.2600 Service Pack 3

Running: 9yhey3sg.exe; Driver: C:\DOCUME~1\Phil\LOCALS~1\Temp\pgloapod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwClose [0xA8971A1C]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwCreateDirectoryObject [0xA8971A48]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwCreateFile [0xA8971A7C]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwCreateKey [0xA8971AD0]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwDeleteKey [0xA8971B14]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwEnumerateKey [0xA8971B40]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwEnumerateValueKey [0xA8971B80]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwFlushKey [0xA8971BC0]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwMakeTemporaryObject [0xA8971BEC]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwMapViewOfSection [0xA8971C18]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwOpenKey [0xA8971C68]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwOpenSection [0xA8971C9C]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwQueryInformationFile [0xA8971CD0]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwQueryKey [0xA8971D0C]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwQueryValueKey [0xA8971D48]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwReadFile [0xA8971D88]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwSetInformationFile [0xA8971DD4]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwSetInformationThread [0xA8971E10]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwSetValueKey [0xA8971E48]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwUnmapViewOfSection [0xA8971E88]

SSDT \SystemRoot\System32\Drivers\Crypto.SYS (SafeNet Crypto Driver/SafeNet) ZwWriteFile [0xA8971EB8]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[244] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x68 0x46 0x66 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x69 0x30 0xE3 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0xA7 0x1B 0xF7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x68 0x46 0x66 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x69 0x30 0xE3 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0xA7 0x1B 0xF7 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Here is the latest Malwarebytes scan log

The computer seems to be running good now, I have not done anything on it because of having this issue so I will really not know until later, but at first glance I would think the problem is resolved.

Once again, thank you for all of your help.

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3996

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/16/2010 8:54:49 AM

mbam-log-2010-04-16 (08-54-49).txt

Scan type: Quick scan

Objects scanned: 102995

Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi pvonkaenel,

The computer seems to be running good now

That's good. I will leave the thread open for a couple of days in case anything else shows up, however I doubt that it will.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

Remove GMER

Delete the GMER icon from your desktop.

Delete the TDSSKiller icon, folder and zip file from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.