jay2300cee Posted June 6, 2010 ID:263080 Share Posted June 6, 2010 Please help me.. What should i delete & how to delete itGMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-06 14:01:24Windows 5.1.2600 Service Pack 2Running: oh6mt5og.exe; Driver: C:\DOCUME~1\Jay\LOCALS~1\Temp\pxldypob.sys---- System - GMER 1.0.15 ----SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xAA7E3A60]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAA7C8BF0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAA7E5920]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAA7C4F60]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xAA7D0090]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAA7DC2B0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAA7DCBB0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAA7C3D10]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAA7CFE40]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xAA7DAD70]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAA7E8F30]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAA7CEB20]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xAA7D1900]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xAA7D83A0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAA7D9BB0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAA7CF6B0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAA7C7C10]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAA7D0FC0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xAA7DECA0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAA7C4580]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xAA7DE060]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xAA7E4DA0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAA7C98A0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAA7D3750]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAA7D3FA0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAA7E2ED0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAA7D7590]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xAA7D5500]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAA7E7A50]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAA7E7D70]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xAA7D6D20]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAA7D5C80]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAA7D64D0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAA7E6480]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xAA7E2440]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAA7E9520]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAA7CABF0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAA7D91C0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xAA7D4820]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAA7E1190]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAA7E1AC0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAA7E8770]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xAA7DF790]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xAA7E0620]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAA7DA530]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xAA7E42B0]Code 6A542F00 IoReportHalResourceUsage---- Kernel code sections - GMER 1.0.15 ----.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [90, 11, 7E, AA, C0, 1A, 7E, ...] {NOP ; ADC [ESI-0x56], EDI; RCR BYTE [EDX], 0x7e; STOSB ; JO 0xffffffffffffff91; JLE 0xffffffffffffffb6}.rsrc C:\WINDOWS\system32\drivers\dmio.sys entry point in ".rsrc" section [0xF84A2B14]init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7F8AEBF]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\Explorer.EXE[316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A .text C:\WINDOWS\Explorer.EXE[316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A .text C:\WINDOWS\Explorer.EXE[316] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C .text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A000A .text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007B000A .text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0079000C .text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!GetCursorPos 77D4BD76 5 Bytes JMP 00A6000A .text C:\WINDOWS\System32\svchost.exe[1672] ole32.dll!CoCreateInstance 7750058E 5 Bytes JMP 0097000A .text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1892] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 00522570 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.).text C:\Program Files\Mozilla Firefox\firefox.exe[2756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB000A .text C:\Program Files\Mozilla Firefox\firefox.exe[2756] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FC000A .text C:\Program Files\Mozilla Firefox\firefox.exe[2756] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FA000C .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2912] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0059EB4C C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.).text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2912] kernel32.dll!LoadResource 7C809FC5 5 Bytes JMP 0059E828 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.).text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2912] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 0059EA88 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.).text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2912] USER32.dll!EnableWindow 77D4BE71 5 Bytes JMP 0104944C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.).text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2912] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 0059EB20 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.).text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2912] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 0059EAF4 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.).text C:\WINDOWS\system32\wuauclt.exe[3288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A .text C:\WINDOWS\system32\wuauclt.exe[3288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A4000A .text C:\WINDOWS\system32\wuauclt.exe[3288] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003D000C ---- Kernel IAT/EAT - GMER 1.0.15 ----IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7EA3906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AA7D9190] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AA7C6130] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)---- User IAT/EAT - GMER 1.0.15 ----IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AB7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00AB7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)---- Devices - GMER 1.0.15 ----Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)Device -> \Driver\atapi \Device\Harddisk0\DR0 82223EC5---- Files - GMER 1.0.15 ----File C:\WINDOWS\system32\drivers\dmio.sys suspicious modificationFile C:\WINDOWS\system32\drivers\atapi.sys suspicious modification---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Staff screen317 Posted June 6, 2010 Staff ID:263085 Share Posted June 6, 2010 Hi and welcome to Malwarebytes.Are you currently experiencing symptoms of infection?If so, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized. Link to post Share on other sites More sharing options...
Staff screen317 Posted June 17, 2010 Staff ID:268856 Share Posted June 17, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts