i think i have a hacker or virus!! please help

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

6 Pages

< 1 2 3 4 > »

i think i have a hacker or virus!! please help

Options

elise025 View Member Profile	Jan 12 2010, 10:50 AM Post #16
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Well, thats not as it should be Please download a frewsh copy of Combofix, delete your old one and run Combofix. Please post me the log. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 12 2010, 11:17 AM Post #17
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	where do i find a fresh copy of combofix??

elise025 View Member Profile	Jan 12 2010, 11:46 AM Post #18
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	The links are in the first post in which I instructed you to run Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 12 2010, 01:45 PM Post #19
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	ok...here you go. is it normal to take 1 1/2 hours to run combofix?? it says 10-20 minutes?? and what exactly does it do anyways??!! ComboFix 10-01-11.04 - Owner 01/12/2010 12:20:19.3.1 - x86 Running from: c:\documents and settings\Owner\Desktop\ComboFix2.exe . ((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 ))))))))))))))))))))))))))))))) . 2010-01-08 15:13 . 2010-01-08 15:13 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-03 03:33 . 2010-01-03 03:33 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-03 03:33 . 2010-01-03 03:33 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-03 03:33 . 2010-01-03 03:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-12-21 21:14 . 2010-01-12 03:51 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-16 18:55 . 2009-12-16 18:55 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-16 18:54 . 2009-12-16 18:54 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-13 22:49 . 2009-12-13 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-12 14:39 . 2009-12-10 00:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-12 03:50 . 2009-12-10 00:46 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-11 19:26 . 2008-05-22 03:39 -------- d-----w- c:\program files\Java 2010-01-11 19:21 . 2010-01-11 19:22 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-08 15:18 . 2010-01-05 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-07 21:07 . 2010-01-05 02:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2010-01-05 02:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-06 02:18 . 2008-05-22 06:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2010-01-01 22:21 . 2010-01-01 22:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-29 23:19 . 2009-12-29 23:19 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-29 09:29 . 2009-12-29 09:28 -------- d-----w- c:\program files\Microsoft Security Essentials 2009-12-29 05:06 . 2009-12-29 05:06 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2009-12-16 18:51 . 2008-05-22 03:29 -------- d-----w- c:\program files\LimeWire 2009-12-13 22:49 . 2009-12-13 22:49 -------- d-----w- c:\program files\NOS 2009-12-10 00:44 . 2009-12-10 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-10 00:43 . 2009-12-10 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-12-10 00:29 . 2009-12-10 00:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-12-10 00:28 . 2009-12-10 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-07 05:10 . 2008-06-05 20:55 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-01 17:46 . 2008-05-22 03:09 13104 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-01 16:25 . 2009-12-01 16:25 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\MSBuild 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\Reference Assemblies 2009-11-30 05:45 . 2009-11-30 05:45 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe 2009-11-30 05:30 . 2009-11-30 05:30 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee 2009-11-30 01:31 . 2009-11-30 01:31 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8 2009-11-03 01:42 . 2009-12-29 09:34 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 07:45 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-29 04:48 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-20 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-20 114688] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-11 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0pgdfgsvc C 1 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] 2003-08-29 11:59 122880 ----a-w- c:\windows\BCMSMMSG.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408] --- Other Services/Drivers In Memory --- NewlyCreated* - MBAMSWISSARMY [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-01-12 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/search?q=internet+explorer&rls=com.microsoft:en-us:IE-Address&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7ADBF_en uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-12 12:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3948) c:\windows\system32\WININET.dll c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-01-12 13:26:33 ComboFix-quarantined-files.txt 2010-01-12 18:25 ComboFix2.txt 2010-01-11 21:05 ComboFix3.txt 2010-01-10 23:07 Pre-Run: 29,641,003,008 bytes free Post-Run: 29,647,507,456 bytes free - - End Of File - - 3F19770D6C4F6644E20F77ED3FAB2A05

elise025 View Member Profile	Jan 12 2010, 02:12 PM Post #20
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Can you please try to run MBAM without uppdating it? Combofix should not take 1,5 hours (although its possible). It scans for active malware and disables/deletes it when found. It also provides some information about locations malware likes to hide. No worries about those Net Framework updates, leave them as they are. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 12 2010, 06:04 PM Post #21
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	Malwarebytes' Anti-Malware 1.44 Database version: 3535 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/12/2010 06:03:01 PM mbam-log-2010-01-12 (18-03-01).txt Scan type: Full Scan (C:\\|) Objects scanned: 143064 Time elapsed: 58 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{1F3022D7-92F0-4731-96BD-B8ACD1AABFAF}\RP683\A0070603.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1F3022D7-92F0-4731-96BD-B8ACD1AABFAF}\RP686\A0070941.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1F3022D7-92F0-4731-96BD-B8ACD1AABFAF}\RP690\A0071071.sys (Malware.Trace) -> Quarantined and deleted successfully.

elise025 View Member Profile	Jan 13 2010, 03:17 AM Post #22
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	How is your computer running now? -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 13 2010, 02:54 PM Post #23
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	AWFUL!!!! here are the problems since last combofix and mbam scan...... very slow, constantly "not responding" then running then back to "not responding", error message microsoft visual c++ runtime library... program:c:\program files\internet explorer\IEXPLORE.EXE this application has requested the runtime to terminate in an unusual way., my programs won't always close (have to manually restatr the computer) my AV won't start up at first and won't update. MBAM wouldn't open last night,kept recieving error messages. when trying to connect to the internet yesterday, on the top it said.. res://ieframe.dll/dnserror.htm. i attempted to run some scans last night......malwarebytes -FULL (took 1 hour to get it to start!) no malicious was found .it took 8 hours and 30 minutes to complete scan!!! superanti spyware-FULL 11 hours and 41 minutes to complete! found 3 tracking cookies in files. microsoft security essentials (which won't update) _FULL after 9 hours or so, it just shut down???? also i notice when i click on IE (which i now have 2 on my desktop?) it goes to google and it acts like i'm looking up internet explorer. i did notice in my task manager that there is always more then one IE running. even last night when i closed all of my programs, they were still running? if someone is accessing my computer through that cintix (i believe thats what its called)( which for some reason is on my computer) can they still get on when i unplug my internet connection? do i have to shut off my computer? i'm about to lose my mind if this computer doesn't start to work...at least a little bit!!!

kshoney44 View Member Profile	Jan 13 2010, 03:41 PM Post #24
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	correction* citrix online go to assist

elise025 View Member Profile	Jan 13 2010, 04:36 PM Post #25
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello again, First of all there are quite a few things you mention here that are normal, like multiple internet explorer processes running. Of course there are also a few things you tell me that definitely are NOT normal and we will investigate these. First of all I would recommend you to turn off Super Antispyware realtime protection, since it can seriously slow down your computer. You can do this by opening the program and clicking the preference button. Uncheck the option to enable real time protection and to start when windows start. Please scroll back to my very first post and re-run GMER (instructions in that post). Post me the log. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 13 2010, 05:42 PM Post #26
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-13 17:38:11 Windows 5.1.2600 Service Pack 3 Running: n7s95khc.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfqcqaog.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3D540B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [40, D5, F3] {INC EAX; AAD 0xf3} ? qporj.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2692] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- not sure if i did this right or not!!! once again, i did not see an option for perform automatic quick scan. just scan, copy, save. it said it was scanning C

elise025 View Member Profile	Jan 14 2010, 06:07 AM Post #27
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello kshoney44, I want to have a closer look at your services/drivers. We need to create an OTL Report Please download OTL from one of the following mirrors: This is THE Mirror Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. Push the button. Two reports will open, copy and paste them in a reply here: OTListIt.txt <-- Will be opened Extra.txt <-- Will be minimized In your next reply, please include the following: OTL report -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

elise025 View Member Profile	Jan 14 2010, 09:57 AM Post #29
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello again, First of all, this computer is slow because it runs with a small amount of RAM, 128 MB. To run XP smoothly, you need 512 MB at the very least (1 GB recommended). I see you have Super Antispyware still turned on. This is causing trouble because this program uses many resources (RAM and CPU), which leaves nothing for your other programs. Turn off Super antispyware or uninstall it altogether and after that tell me if you see any improvement. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 14 2010, 11:22 AM Post #30
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	ok, well i uninstalled super anti spyware, and i don't believe there is much of a change. i still can not turn on or update AV (i went to services and tryed to start it that way and it said couldn't start or stop. no error. could be an internal windows error or an internal service error. i clicked on properties and it said service depends on remote procedure call?) i also notice when i click on IE 2 windows open. and i've already recieved runtime library error (which is driving me fricken CRAZY!) c\program files\internet explorer\IEXPLORE.EXE. have you seen any signs that i have a hacker or someone using some kind of wireless connection? i just don't get it!! do you think maybe i should not use IE8?

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

6 Pages

< 1 2 3 4 > »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 6th September 2010 - 03:28 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides