Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with trojans/browser hijacked (logs attached)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 15th, 2010, 6:06 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-15 18:06:14
Windows 5.1.2600 Service Pack 3
Running: 1r4eppng.exe; Driver: C:\DOCUME~1\Ryan\LOCALS~1\Temp\kwpyrpod.sys


---- System - GMER 1.0.15 ----

SSDT 8A3DFC98 ZwAlertResumeThread
SSDT 8A390288 ZwAlertThread
SSDT 8A386540 ZwAllocateVirtualMemory
SSDT 8A3CAE08 ZwConnectPort
SSDT 8A375348 ZwCreateMutant
SSDT 8A38F7A8 ZwCreateThread
SSDT 8A3721C8 ZwFreeVirtualMemory
SSDT 8A3C2160 ZwImpersonateAnonymousToken
SSDT 8A3CA160 ZwImpersonateThread
SSDT 8A377238 ZwMapViewOfSection
SSDT 8A3BE5B0 ZwOpenEvent
SSDT 8A3923E0 ZwOpenProcessToken
SSDT 8A3C4A38 ZwOpenThreadToken
SSDT 8A3CD680 ZwResumeThread
SSDT 8A3BEA00 ZwSetContextThread
SSDT 8A37B8C8 ZwSetInformationProcess
SSDT 8A390518 ZwSetInformationThread
SSDT 8A387EC0 ZwSuspendProcess
SSDT 8A37F9F8 ZwSuspendThread
SSDT 8A38E270 ZwTerminateProcess
SSDT 8A8629F8 ZwTerminateThread
SSDT 8A38E470 ZwUnmapViewOfSection
SSDT 8A3E04E8 ZwWriteVirtualMemory
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am
Advertisement
Register to Remove

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 15th, 2010, 6:08 pm

The program didn't give a prompt to indicate that it was finished scanning so after about 10 minutes I saved the above file. I think its finished (no sign of my cpu doing any work) Please let me know if I need to rescan and wait for it to prompt once scan is complete. Thanks
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 15th, 2010, 6:13 pm

Now that I tried to close it, it says scanning not complete. Sorry, I will rescan
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 16th, 2010, 5:09 am

Post it when done. :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 16th, 2010, 5:38 am

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-16 05:30:36
Windows 5.1.2600 Service Pack 3
Running: 1r4eppng.exe; Driver: C:\DOCUME~1\Ryan\LOCALS~1\Temp\kwpyrpod.sys


---- System - GMER 1.0.15 ----

SSDT 8A3858B0 ZwAlertResumeThread
SSDT 8A385970 ZwAlertThread
SSDT 8A387268 ZwAllocateVirtualMemory
SSDT 8AEA02C0 ZwConnectPort
SSDT 8A385660 ZwCreateMutant
SSDT 8AA3C730 ZwCreateThread
SSDT 8A386280 ZwFreeVirtualMemory
SSDT 8A385730 ZwImpersonateAnonymousToken
SSDT 8A3857F0 ZwImpersonateThread
SSDT 8A385FB0 ZwMapViewOfSection
SSDT 8A3855A0 ZwOpenEvent
SSDT 8A39CC00 ZwOpenProcessToken
SSDT 8A385D88 ZwOpenThreadToken
SSDT 8A894908 ZwResumeThread
SSDT 8A385CC8 ZwSetContextThread
SSDT 8A385E58 ZwSetInformationProcess
SSDT 8A385BF8 ZwSetInformationThread
SSDT 8A3854E0 ZwSuspendProcess
SSDT 8A385A78 ZwSuspendThread
SSDT 8A7F7058 ZwTerminateProcess
SSDT 8A385B38 ZwTerminateThread
SSDT 8A38D120 ZwUnmapViewOfSection
SSDT 8A386350 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x9F 0x97 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x86 0x4A 0x06 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0xF5 0x81 0x29 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x9F 0x97 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x86 0x4A 0x06 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0xF5 0x81 0x29 ...

---- EOF - GMER 1.0.15 ----
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 16th, 2010, 5:39 am

UPDATE: My computer has been locking up like crazy for the past day or so (especially with Internet Explorer). I really don't know what's going on. Time to just reformat maybe?
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 16th, 2010, 6:27 am

veo1 wrote:UPDATE: My computer has been locking up like crazy for the past day or so (especially with Internet Explorer). I really don't know what's going on. Time to just reformat maybe?

Personally if it was my computer, I would without a second thought. Although we can and do clear infected files unfortunately we can never find all the system changes that could have been made. A few hours work is always better than a few weeks work when the ultimate outcome might be the same. :?

Let me know if that is what you decide to do. :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 16th, 2010, 7:32 pm

Many thanks for your time and help but I think the time to reformat has come! Again thanks for trying!
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 17th, 2010, 8:30 am

veo1 wrote:Many thanks for your time and help but I think the time to reformat has come! Again thanks for trying!


I think you will not regret the decision, especially in the long run. :) Good luck, stay safe and keep clear of P2P. :thumbright:

This Topic is now Closed.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware