Extra-cranky and rusty PC 7 replies

Please wait...

Sgt.kar98

Back from the dead

50 XP

23rd November 2004

0 Uploads

1,505 Posts

0 Threads

#1 8 years ago

Hi guys,long time I don´t come here. I have a quite serious problem.My computer that used to run as it should,now is doing as my father´s first one,but with the loading of my computer. Everything started when there was energy break at my house. My PC was turned on,but when power was back,everything was normal. The next day,the bastard started to stop at boot with the message "CANT BOOT FROM HD,PLEASE INSERT WINDOWS CD/DVD" (something like that). After a lot of tries,the computer booted,as this problem occured,from the nothing. I noticed my PC was slower than usual.Then,I remember about something called rootkits.I made a rootkit scan with AVG Free and it said I had 7. Panicked,didn´t knew if I could remove,since it was being show on Win32 folder; Downloaded a program called ThreatFire,it found one RK,removed it.End of problem?Just the beggining. After some days,PC had the boot error again and this time "it didn´t heal itself".Had to send to tech support,he installed Windows again. Still,PC was getting slower every day. I installed Avira after that too.Now my computer is extra-slow,what it used to do in 1min at max now does with 3 at minimun. Saw in a site that there must be a lot of processes running,and I saw "AAWService" uses 88.932K of memory,"iexplorer" 1 uses 74.824 and "explorer" uses 74.840K. Is that normal? BTW,my PC is a Pentium Dual Core 2160 @ 1.80GHz 1.81 GHz, 2GB of RAM,GeForce 9600 GTX and Gigabyte that I forgot wich one was.




>Omen<

Modern Warfare

50 XP

1st January 2005

0 Uploads

7,395 Posts

0 Threads

#2 8 years ago

A good (and free) tool to scan for rootkits is GMER. GMER - Rootkit Detector and Remover

Second, there is a possibility the power outage, esp if you are not hooked to a surge protector, resulted in a voltage spike when the power came back on, which could have physically harmed your PC. This is actually more of a concern during storms, the power coming back on, not going out.

So if you don't have a surge protector, or even if you do, when there's a severe storm, unplug such items, at the very least right after (if not before) the power goes out. Then don't turn them back on until after the power's been back on for a while. A good way to tell how long to wait is until the storm dies down, your local utilities or news teams say repairs have been done and/or the storm has passed, and the lights in your house stop flickering.

If the HDD was formatted properly and the OS reinstalled and you're still having problems, it's not a good sign.

AAWService is a process that the Ad-Aware anti adware tool runs. I used to use it but stopped because even the free version that doesn't work in the back ground as real time protection runs that process without really needing to.

That process nor Explorer should be taking up that much resources.

If the system (all HDDs) hasn't been fully formatted, I would do so. For now you could DL and run HijackThis and zip and attach the logfile here or use the HijackThis.de online analyzer.

HijackThis HijackThis Logfile Analyzer




Sgt.kar98

Back from the dead

50 XP

23rd November 2004

0 Uploads

1,505 Posts

0 Threads

#3 8 years ago

The result from GMER was this:

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover Rootkit scan 2010-11-28 22:45:20 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD250HJ rev.FH100-06 Running: kdsf5byr[1].exe; Driver: C:\DOCUME~1\Elcio\CONFIG~1\Temp\uwdoapog.sys ---- System - GMER 1.0.15 ---- SSDT B87D9ADE ZwCreateKey SSDT B87D9AD4 ZwCreateThread SSDT B87D9AE3 ZwDeleteKey SSDT B87D9AED ZwDeleteValueKey SSDT B87D9AF2 ZwLoadKey SSDT B87D9AC0 ZwOpenProcess SSDT B87D9AC5 ZwOpenThread SSDT B87D9AFC ZwReplaceKey SSDT B87D9AF7 ZwRestoreKey SSDT B87D9AE8 ZwSetValueKey SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0x964D76D0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050485C 4 Bytes CALL 7508C5FB .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6369380, 0x5414D5, 0xE8000020] ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys O sistema não pode encontrar o arquivo especificado. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1008A990 C:\ARQUIV~1\GbPlugin\gbiehuni.dll (Gbieh Module/Banco Unibanco) .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 1008A810 C:\ARQUIV~1\GbPlugin\gbiehuni.dll (Gbieh Module/Banco Unibanco) .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 1008A6B0 C:\ARQUIV~1\GbPlugin\gbiehuni.dll (Gbieh Module/Banco Unibanco) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403354F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40374656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 40505027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4050508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 4040DB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] ole32.dll!OleLoadFromStream 7750981B 5 Bytes JMP 4050538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 2806C8A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 2806C700 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 2806C680 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 2806C950 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 2806C780 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 2806C9C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 2806C2E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!FindResourceExA 7C835FA8 2 Bytes JMP 2806C810 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] kernel32.dll!FindResourceExA + 3 7C835FAB 4 Bytes [83, AB, CC, CC] .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] ADVAPI32.dll!CryptDeriveKey 77F69FFD 7 Bytes JMP 2806BDF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] ADVAPI32.dll!CryptDecrypt 77F6A129 7 Bytes JMP 2806BE50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28070850 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!PeekMessageW 7E36929B 2 Bytes JMP 2806E850 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!PeekMessageW + 3 7E36929E 2 Bytes [D0, A9] .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 2806FDC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 2806FF10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280705A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 2806DDE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 2806FE60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 28070720 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28070140 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 2806EED0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WS2_32.dll!closesocket 71A73E2B 5 Bytes JMP 28074C60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WS2_32.dll!send 71A74C27 5 Bytes JMP 28074920 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WS2_32.dll!WSARecv 71A74CB5 5 Bytes JMP 28074770 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WS2_32.dll!recv 71A7676F 5 Bytes JMP 28074640 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WS2_32.dll!WSASend 71A768FA 5 Bytes JMP 28074A90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] SHELL32.dll!Shell_NotifyIconW 7CA2A587 5 Bytes JMP 2806D550 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 2806CFA0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] ole32.dll!CoInitializeEx 774E1473 5 Bytes JMP 2806CC20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] ole32.dll!CoRegisterClassObject 774F79C0 5 Bytes JMP 2806CD20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WININET.dll!InternetReadFile 3FA6654B 5 Bytes JMP 280738C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WININET.dll!InternetCloseHandle 3FA69088 5 Bytes JMP 28073A00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WININET.dll!HttpOpenRequestA 3FA6D508 5 Bytes JMP 28073760 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2332] WININET.dll!HttpSendRequestA 3FA7EE89 5 Bytes JMP 28073960 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403354F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40374656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 40505027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4050508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 4040DB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] ole32.dll!OleLoadFromStream 7750981B 5 Bytes JMP 4050538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2740] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1004BF70 C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2740] USER32.dll!SetWindowRgn + 2BD 7E37E7E5 7 Bytes JMP 1004BE30 C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2740] USER32.dll!SetClipboardData + 19D 7E38113B 7 Bytes JMP 1004BF50 C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2740] USER32.dll!MessageBoxA + 49 7E3A0833 7 Bytes JMP 1004C040 C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2740] USER32.dll!MessageBoxExW + 1F 7E3A0857 7 Bytes JMP 1004C090 C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2740] USER32.dll!MessageBoxTimeoutA + CA 7E3B64D0 7 Bytes JMP 1004BFC0 C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403354F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40374656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 40505027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4050508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 4040DB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] ole32.dll!OleLoadFromStream 7750981B 5 Bytes JMP 4050538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403354F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 40505027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4050508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Arquivos de programas\Internet Explorer\iexplore.exe[1500] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Arquivos de programas\Internet Explorer\iexplore.exe[2532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Arquivos de programas\Internet Explorer\iexplore.exe[3036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Elcio\Cookies\elcio@CA69O64Q.txt 790 bytes File C:\Documents and Settings\Elcio\Cookies\elcio@CAS5Q34U.txt 0 bytes File C:\Documents and Settings\Elcio\Cookies\elcio@CAY1YRBW.txt 112 bytes ---- EOF - GMER 1.0.15 ----

What would be rootkit in the analysis?




D3matt

I take what n0e says way too seriously

27,515 XP

20th November 2007

0 Uploads

2,554 Posts

1 Threads

#4 8 years ago

I suggest going to Bleeping Computer - Computer Help and Discussion. They are very helpful and provide simple instructions that just about anyone should be able to follow. If they can't get your computer clean, nobody can.

EDIT: Wow nice auto-linker filefront!




Red_Fist

GF is my bext friend *hugs GF*

50 XP

28th April 2010

0 Uploads

1,004 Posts

0 Threads

#5 8 years ago

WD-40 and a hammer.




Red_Fist

GF is my bext friend *hugs GF*

50 XP

28th April 2010

0 Uploads

1,004 Posts

0 Threads

#6 8 years ago

Turn stuff off that is running. Task manager or ALT-Ctrl-Del keys brings up the things running. or look using msconfig.exe windows stock prog. Turn off antivirus when installing drivers and for things to work.

good luck man, TAME that system !!




*The.Doctor

Trust me, I'm a Doctor

102,440 XP

25th November 2003

0 Uploads

9,964 Posts

0 Threads

#7 8 years ago

This is the place to go for all your windows tweaking needs: Black Viper's Web Site




*The.Doctor

Trust me, I'm a Doctor

102,440 XP

25th November 2003

0 Uploads

9,964 Posts

0 Threads

#8 8 years ago

This is the place to go for all your windows tweaking needs: Black Viper's Web Site