Jump to content

Slow internet connections/system restart


fdgloworm

Recommended Posts

Hello. I recently got my computer back, and things are not running as smoothly as they did before. The system itself seems to be functioning okay, but certain programs, and Internet Explorer, are running slower than they did, and for some reason the system has rebooted itself several times. I don't know what was being done when the system rebooted as I was not home at the time, my wife was on the computer. I have posted the MBAM, DDS, GMER logs in this post and have attached the zip file of ARK.txt and ATTACH.txt.

MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7797

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/25/2011 5:50:57 PM

mbam-log-2011-09-25 (17-50-57).txt

Scan type: Full scan (C:\|)

Objects scanned: 227558

Time elapsed: 1 hour(s), 16 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Acton at 17:57:12 on 2011-09-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2712 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.comcast.net/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Reboot.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315696631359

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1DA8FD69-5DFB-43A9-A714-E1BC09AD913E} : DhcpNameServer = 192.168.1.254

.

============= SERVICES / DRIVERS ===============

.

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-10 2255464]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-8-1 143752]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]

.

=============== Created Last 30 ================

.

2011-09-25 20:31:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 20:31:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-22 10:43:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-09-15 08:35:52 -------- d-----w- c:\program files\common files\xing shared

2011-09-15 08:35:35 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-09-15 05:27:25 -------- d-----w- c:\program files\EA GAMES

2011-09-14 22:55:05 442368 ----a-r- c:\windows\system32\vp6vfw.dll

2011-09-14 15:11:33 -------- d-----w- c:\documents and settings\acton\local settings\application data\LEGO Software

2011-09-14 15:04:27 -------- d-----w- c:\documents and settings\acton\local settings\application data\Chromium

2011-09-14 15:04:14 -------- d-----w- c:\program files\LEGO Software

2011-09-14 15:03:48 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-09-14 15:03:48 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-09-14 15:03:48 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-09-12 01:51:24 -------- d-----w- C:\lj1010 series

2011-09-12 00:44:53 -------- d-----w- c:\windows\system32\GroupPolicy

2011-09-11 08:54:39 -------- d-sh--w- c:\documents and settings\acton\IECompatCache

2011-09-11 08:19:15 -------- d-----w- c:\documents and settings\acton\local settings\application data\Temp

2011-09-11 06:57:16 -------- d-----w- c:\documents and settings\acton\local settings\application data\Google

2011-09-11 00:45:52 -------- d-----w- c:\documents and settings\acton\application data\Panda Security

2011-09-11 00:44:34 -------- d-----w- c:\program files\Toolbar Cleaner

2011-09-11 00:44:33 -------- d-----w- c:\documents and settings\acton\local settings\application data\panda2_0dn

2011-09-11 00:44:31 -------- d-----w- c:\documents and settings\all users\application data\Panda Security URL Filtering

2011-09-11 00:44:30 -------- d-----w- c:\documents and settings\acton\application data\pandasecuritytb

2011-09-11 00:43:45 -------- d-----w- c:\program files\Panda Security

2011-09-11 00:43:45 -------- d-----w- c:\documents and settings\all users\application data\Panda Security

2011-09-11 00:43:16 -------- d-----w- C:\temp

2011-09-11 00:24:34 -------- d-----w- c:\documents and settings\acton\application data\Malwarebytes

2011-09-11 00:24:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-11 00:20:07 -------- d-sh--w- c:\documents and settings\acton\PrivacIE

2011-09-11 00:15:19 -------- d-sh--w- c:\documents and settings\acton\IETldCache

2011-09-11 00:06:59 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-09-11 00:06:44 -------- d-----w- c:\windows\ie8updates

2011-09-11 00:06:39 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-09-11 00:06:39 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-09-11 00:06:39 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-09-11 00:06:39 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-09-11 00:06:39 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-09-11 00:06:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-09-11 00:06:39 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-09-11 00:05:42 -------- dc-h--w- c:\windows\ie8

2011-09-11 00:00:38 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2011-09-11 00:00:38 -------- d-----w- c:\windows\system32\ReinstallBackups

2011-09-10 23:52:59 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2011-09-10 23:51:28 -------- d-----w- c:\windows\Logs

2011-09-10 23:49:34 -------- d-----w- c:\windows\system32\Adobe

2011-09-10 23:47:41 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-09-10 23:47:41 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-09-10 23:47:41 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-09-10 23:47:40 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2011-09-10 23:46:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-09-10 23:45:32 -------- d-----w- c:\documents and settings\acton\local settings\application data\Adobe

2011-09-10 23:39:26 423936 ----a-w- c:\windows\system32\wgatray.exe.bak

2011-09-10 23:39:26 220672 ----a-w- c:\windows\system32\wgalogon.dll.bak

2011-09-10 23:38:24 -------- d-----w- c:\documents and settings\acton\application data\Philipp Winterberg

2011-09-10 23:20:08 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2011-09-10 23:20:08 -------- d-----w- c:\windows\system32\PreInstall

2011-09-10 23:20:07 -------- d--h--w- c:\windows\$hf_mig$

2011-09-10 23:18:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-09-10 23:18:17 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-09-10 23:18:17 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-09-10 23:18:17 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-09-10 23:18:17 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-09-10 23:17:08 -------- d-sh--w- c:\documents and settings\acton\UserData

2011-09-10 23:12:06 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation

2011-09-10 23:08:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-10 23:05:10 -------- d-----w- c:\windows\system32\Lang

2011-09-10 23:01:59 2165760 ------r- c:\windows\MicCal.exe

2011-09-10 23:01:59 16380416 ------r- c:\windows\RTHDCPL.exe

2011-09-10 23:01:57 69632 ------r- c:\windows\Alcmtr.exe

2011-09-10 23:01:57 2808832 ------r- c:\windows\alcwzrd.exe

2011-09-10 23:01:56 299008 ------r- c:\windows\system32\ALSndMgr.cpl

2011-09-10 23:01:56 -------- d-----w- c:\program files\Realtek

2011-09-10 23:01:51 520192 ------r- c:\windows\RtlExUpd.dll

2011-09-10 23:01:51 315392 ----a-w- c:\windows\HideWin.exe

.

==================== Find3M ====================

.

2011-09-10 23:11:53 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-09-10 23:11:53 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-09-10 23:11:50 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-01 11:23:20 143752 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 17:57:37.71 ===============

GMER:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-25 18:54:27

Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-17 SAMSUNG_SP0411C rev.UU100-05

Running: dew0w652.exe; Driver: C:\DOCUME~1\Acton\LOCALS~1\Temp\pxtdapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xB170B416]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D403A0, 0x8A1A15, 0xE8000020]

? C:\DOCUME~1\Acton\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1048] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01540001

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A20F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719F0F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!send 71AB4C27 6 Bytes JMP 719C0F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71930F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!recv 71AB676F 6 Bytes JMP 71990F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71960F5A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3564] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71900F5A

---- EOF - GMER 1.0.15 ----

And the two attached files. I see alot of items in the GMER, especially items like USER32.dll!SetWindowsHookExW that have me very concerned. Are these all normal entries for Internet Explorer?

Aaronattach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.