Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Still need help HiJackThis/FaceBook 2

Started by davidmc , May 25 2010 05:19 PM

  • Please log in to reply

#1
davidmc
Posted 25 May 2010 - 05:19 PM

davidmc

    New Member

  • Member
  • Pip
  • 7 posts
Yesterday I could not get the GMER to work. Today I noticed that GMER was gone from my desktop so I redownloaded and did as requested and got this log to post along with the otheGMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-25 18:09:54
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Squirrel\AppData\Local\Temp\fwldipoc.sys


---- System - GMER 1.0.15 ----

SSDT 872F2048 ZwAlertResumeThread
SSDT 872F2848 ZwAlertThread
SSDT 872E5718 ZwAllocateVirtualMemory
SSDT 86CC5850 ZwAlpcConnectPort
SSDT 8766F170 ZwAssignProcessToJobObject
SSDT 872F5AC0 ZwCreateMutant
SSDT 87671F80 ZwCreateSymbolicLinkObject
SSDT 872E3530 ZwCreateThread
SSDT 8766FDF0 ZwDebugActiveProcess
SSDT 872E5C98 ZwDuplicateObject
SSDT 872E5138 ZwFreeVirtualMemory
SSDT 872F44C8 ZwImpersonateAnonymousToken
SSDT 872F4988 ZwImpersonateThread
SSDT 86CC7A80 ZwLoadDriver
SSDT 872E6F70 ZwMapViewOfSection
SSDT 872F4048 ZwOpenEvent
SSDT 872E5EB8 ZwOpenProcess
SSDT 86ED1510 ZwOpenProcessToken
SSDT 8766E368 ZwOpenSection
SSDT 872E5DA8 ZwOpenThread
SSDT 87670C80 ZwProtectVirtualMemory
SSDT 872E8408 ZwResumeThread
SSDT 872E2048 ZwSetContextThread
SSDT 872E6D58 ZwSetInformationProcess
SSDT 8766FEB0 ZwSetSystemInformation
SSDT 8766EF90 ZwSuspendProcess
SSDT 872E7890 ZwSuspendThread
SSDT 86ED0E58 ZwTerminateProcess
SSDT 872E49D0 ZwTerminateThread
SSDT 872FED10 ZwUnmapViewOfSection
SSDT 872E5448 ZwWriteVirtualMemory
SSDT 87670460 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81CF1880 8 Bytes [48, 20, 2F, 87, 48, 28, 2F, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81CF1894 4 Bytes [18, 57, 2E, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 81CF18A0 4 Bytes [50, 58, CC, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 81CF18F4 4 Bytes [70, F1, 66, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81CF1958 4 Bytes [C0, 5A, 2F, 87] {RCR BYTE [EDX+0x2f], 0x87}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!CreateWindowExW 774E1305 5 Bytes JMP 6B97DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!DialogBoxParamW 775010B0 5 Bytes JMP 6B8A5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!DialogBoxIndirectParamW 77502EF5 5 Bytes JMP 6BA7473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!DialogBoxParamA 77518152 5 Bytes JMP 6BA746DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!DialogBoxIndirectParamA 7751847D 5 Bytes JMP 6BA747A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!MessageBoxIndirectA 7752D4D9 5 Bytes JMP 6BA74671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!MessageBoxIndirectW 7752D5D3 5 Bytes JMP 6BA74606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!MessageBoxExA 7752D639 5 Bytes JMP 6BA745A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4948] USER32.dll!MessageBoxExW 7752D65D 5 Bytes JMP 6BA74542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] ntdll.dll!RtlEncodeSystemPointer + 873 77AA938B 10 Bytes JMP 04E9003A
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!CreateDialogParamW 774D72A2 5 Bytes JMP 6B97DE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!GetAsyncKeyState 774D863C 5 Bytes JMP 6B898EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!SetWindowsHookExW 774D87AD 5 Bytes JMP 6B979A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!CallNextHookEx 774D8E3B 5 Bytes JMP 6B96D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!UnhookWindowsHookEx 774D98DB 5 Bytes JMP 6B8E466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!EnableWindow 774DCD8B 5 Bytes JMP 6B97DCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!CreateWindowExW 774E1305 5 Bytes JMP 6B97DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!GetKeyState 774E8CB1 5 Bytes JMP 6B97D28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!IsDialogMessageW 774F0745 5 Bytes JMP 6B8A5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!CreateDialogParamA 774F17AA 5 Bytes JMP 6BA753AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!IsDialogMessage 774F1847 5 Bytes JMP 6BA74C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!CreateDialogIndirectParamA 774F26F1 5 Bytes JMP 6BA753E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!CreateDialogIndirectParamW 774F9A62 5 Bytes JMP 6BA75419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!SetKeyboardState 77500987 5 Bytes JMP 6BA74FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!DialogBoxParamW 775010B0 5 Bytes JMP 6B8A5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!DialogBoxIndirectParamW 77502EF5 5 Bytes JMP 6BA7473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!SendInput 77502F75 5 Bytes JMP 6BA75B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!EndDialog 7750326E 5 Bytes JMP 6B8A7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!SetCursorPos 77516FB2 5 Bytes JMP 6BA75BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!DialogBoxParamA 77518152 5 Bytes JMP 6BA746DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!DialogBoxIndirectParamA 7751847D 5 Bytes JMP 6BA747A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!MessageBoxIndirectA 7752D4D9 5 Bytes JMP 6BA74671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!MessageBoxIndirectW 7752D5D3 5 Bytes JMP 6BA74606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!MessageBoxExA 7752D639 5 Bytes JMP 6BA745A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!MessageBoxExW 7752D65D 5 Bytes JMP 6BA74542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] USER32.dll!keybd_event 7752D972 5 Bytes JMP 6BA75EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] SHELL32.dll!SHRestricted + D95 761B8988 4 Bytes [4D, 30, 01, 69]
.text C:\Program Files\internet explorer\iexplore.exe[6012] SHELL32.dll!SHRestricted + D9D 761B8990 8 Bytes [57, 2F, 01, 69, 9C, 5B, 00, ...]
.text C:\Program Files\internet explorer\iexplore.exe[6012] ole32.dll!OleLoadFromStream 77381E12 5 Bytes JMP 6BA74AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] ole32.dll!CoGetTreatAsClass + D2F 7739FAB7 7 Bytes JMP 04E901A9
.text C:\Program Files\internet explorer\iexplore.exe[6012] ole32.dll!CoCreateInstance 773B9EA6 5 Bytes JMP 6B97DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6012] ole32.dll!CoCreateInstance + 3E 773B9EE4 7 Bytes JMP 04E900F3

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
r post I have on this site. Don't get me wrong I am being patient, just as I notice things with my computer I list them. I am new to this site and learning. Any help is greatly appreciated and needed. David
  • 0

Advertisements

#2
davidmc
Posted 25 May 2010 - 05:22 PM

davidmc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Gonna have to look at both this forum and Vista forum to get all the information I have added in the last few days. My philosofy is the more the better. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP