Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirection and windows update blocked


  • Please log in to reply

#1
PippytheGreat

PippytheGreat

    New Member

  • Member
  • Pip
  • 2 posts
Its as the title says so i have the MBAM, GMER, and OTL logs prepared. The OTL log has been attached

MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4339

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/22/2010 9:54:23 PM
mbam-log-2010-07-22 (21-54-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 222313
Time elapsed: 32 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-22 21:16:58
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\W7\AppData\Local\Temp\pwldapog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C30AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C30104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C303F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C192D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C18898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C301DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C30958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C306F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C30F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C311A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C828E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA23D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spoh.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 93E45CA0 5 Bytes JMP 856A24E0
.text peauth.sys 82366C9D 28 Bytes [55, 6C, DE, B5, 2A, 56, 42, ...]
.text peauth.sys 82366CC1 28 Bytes [55, 6C, DE, B5, 2A, 56, 42, ...]
PAGE peauth.sys 8236CE20 101 Bytes [8B, DC, 4B, B5, 67, 29, D6, ...]
PAGE peauth.sys 8236D02C 102 Bytes [D6, 0E, 48, C9, 93, 7C, 93, ...]
PAGE spsys.sys![email protected]@3PADA + 4F90 AA8DB000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys![email protected]@3PADA + 50B3 AA8DB123 629 Bytes [65, 8D, AA, FE, 05, 34, 65, ...]
PAGE spsys.sys![email protected]@3PADA + 5329 AA8DB399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys![email protected]@3PADA + 538F AA8DB3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys![email protected]@3PADA + 543B AA8DB4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtProtectVirtualMemory 77995360 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtWriteVirtualMemory 77995EE0 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!KiUserExceptionDispatcher 77996448 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[1328] ole32.dll!CoCreateInstance 774357FC 5 Bytes JMP 003A000A
.text C:\Windows\Explorer.EXE[2836] ntdll.dll!NtProtectVirtualMemory 77995360 5 Bytes JMP 0045000A
.text C:\Windows\Explorer.EXE[2836] ntdll.dll!NtWriteVirtualMemory 77995EE0 5 Bytes JMP 0046000A
.text C:\Windows\Explorer.EXE[2836] ntdll.dll!KiUserExceptionDispatcher 77996448 5 Bytes JMP 0040000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 856711F8
Device \Driver\volmgr \Device\VolMgrControl 8566D1F8
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 86890500
Device \Driver\usbuhci \Device\USBPDO-1 86890500
Device \Driver\usbehci \Device\USBPDO-2 8639D500
Device \Driver\usbuhci \Device\USBPDO-3 86890500
Device \Driver\usbuhci \Device\USBPDO-4 86890500

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 86890500
Device \Driver\usbehci \Device\USBPDO-6 8639D500
Device \Driver\volmgr \Device\HarddiskVolume1 8566D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8566D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 865EA1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8566D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdePort0 8566F1F8
Device \Driver\atapi \Device\Ide\IdePort1 8566F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8566F1F8
Device \Driver\volmgr \Device\HarddiskVolume4 8566D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{4E803786-72D8-4A0C-B4D7-5E0405742AF7} 866211F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 866211F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{2893C2D8-B98C-4C08-9C40-6CC9B341C708} 866211F8

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 86890500
Device \Driver\USBSTOR \Device\0000006d 86874500
Device \Driver\usbuhci \Device\USBFDO-1 86890500
Device \Driver\USBSTOR \Device\0000006e 86874500
Device \Driver\usbehci \Device\USBFDO-2 8639D500
Device \Driver\usbuhci \Device\USBFDO-3 86890500
Device \Driver\usbuhci \Device\USBFDO-4 86890500
Device \Driver\usbuhci \Device\USBFDO-5 86890500
Device \Driver\usbehci \Device\USBFDO-6 8639D500
Device -> \Driver\atapi \Device\Harddisk0\DR0 863DCEC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x0A 0xF7 0x2C 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x0A 0xF7 0x2C 0x3B ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by PippytheGreat, 22 July 2010 - 08:04 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP