Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all articles
Browse latest Browse all 4746

My laptops slow after getting rid of a ransom virus. Please help.

September 12, 2013, 5:13 am
$
0
0
GMER log


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-12 14:49:31
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9500325AS rev.0001SDM1 465.76GB
Running: d4u74i0b.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdapoc.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xA41C7004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xA41C70D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xA41C6D76]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xB98761D6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xA41C6E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xA41C6EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xA41C6F56]

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9014360, 0x3347AD, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\program files\real\realplayer\update\realsched.exe[664] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 0396BEA0 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] ADVAPI32.dll!RegSetValueExA 77DDEAE7 5 Bytes JMP 0396BD50 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 0396BB20 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 0396BC70 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0396C1E0 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215559 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC44 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79EF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7921 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E798C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0396C310 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0396C7C0 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77F2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E7854 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A52 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0396B150 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E78B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0396C820 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0396B280 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 0381BEA0 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] ADVAPI32.dll!RegSetValueExA 77DDEAE7 5 Bytes JMP 0381BD50 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 0381BB20 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 0381BC70 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0381C1E0 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215559 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9BB9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1F5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC44 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546B9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79EF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7921 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E798C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0381C310 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0381C7C0 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77F2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E7854 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A52 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 02F5D840 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\tbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E78B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0381C820 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\hktbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 02F5D970 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\tbWis2.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDCA0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E7D57 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5732] WININET.dll!HttpQueryInfoA 3D95182D 5 Bytes JMP 02F5F1A0 C:\Documents and Settings\Admin\Local Settings\Application Data\WiseConvert\tbWis2.dll
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[5916] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)

---- EOF - GMER 2.1 ----
Search
Viewing all articles
Browse latest Browse all 4746

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search