Internet connection issues?

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

2 Pages
1
2
→

You cannot start a new topic
You cannot reply to this topic

Internet connection issues?

#1 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 27 December 2011 - 11:08 AM

I have a XP box from my inlaws here that had "XP Security 2012". I think I removed it all, it starts up much better that it did and XP Security 2012 seem to be gone (no more fake alerts ect.). But it will not stay connected to the internet. If I open firefox google should load, sometimes it does, sometimes nothing. I ran Malwarebytes and Superantispyware to remove XP Security 2012. Am I missing something?? Thank you for any help you can offer!

Dennis

Note: I am posting from a computer connected to the same router as the one with the issues.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Sorry I failed to say that I also ran SmitfraudFix on this PC also.

This post has been edited by Ford.da: 27 December 2011 - 12:00 PM

#2 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 27 December 2011 - 07:39 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#3 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 27 December 2011 - 08:36 PM

Well obviously I didn't rid this computer of all the issues! Any app I try to open now asks what it should be opened with, even in safe mode.

Dennis

#4 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 27 December 2011 - 09:01 PM

Download and run exeHelper.

Please download exeHelper from Raktor to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
A log file named log.txt will be created in the directory where you ran exeHelper.com
Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#5 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 27 December 2011 - 09:12 PM

Ran it twice

exeHelper by Raktor
Build 20100414
Run at 21:04:02 on 12/27/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:07:14 on 12/27/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I don't see a way to attach a file here...

Dennis

#6 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 27 December 2011 - 09:16 PM

Here is the FSS log

Farbar Service Scanner
Ran by Administrator (administrator) on 27-12-2011 at 21:14:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2004-08-10 14:00] - [2008-04-13 19:12] - 0039936 ___AH (Microsoft Corporation) 5E7E63AE1256FD162BE8EA91866893B1

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
bdftdif(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x06000000040000000300000008000000050000000600000007000000

**** End of log ****

Dennis

#7 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 27 December 2011 - 09:48 PM

All looks good there.

Please download MiniToolBox and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#8 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 27 December 2011 - 10:21 PM

Here is the MiniToolBox Log...

MiniToolBox by Farbar
Ran by Administrator (administrator) on 27-12-2011 at 22:19:17
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Larrys-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-13-D4-C2-76-6B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.78

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Tuesday, December 27, 2011 8:19:05 PM

Lease Expires . . . . . . . . . . : Wednesday, December 28, 2011 8:19:05 PM

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.112, 74.125.225.113, 74.125.225.116, 74.125.225.114
74.125.225.115

Pinging google.com [74.125.225.84] with 32 bytes of data:

Reply from 74.125.225.84: bytes=32 time=28ms TTL=53

Reply from 74.125.225.84: bytes=32 time=26ms TTL=53

Ping statistics for 74.125.225.84:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 28ms, Average = 27ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:

Reply from 72.30.2.43: bytes=32 time=116ms TTL=55

Reply from 72.30.2.43: bytes=32 time=114ms TTL=55

Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 114ms, Maximum = 116ms, Average = 115ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d4 c2 76 6b ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.78 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.78 192.168.1.78 20
192.168.1.78 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.78 192.168.1.78 20
224.0.0.0 240.0.0.0 192.168.1.78 192.168.1.78 20
255.255.255.255 255.255.255.255 192.168.1.78 192.168.1.78 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2011 08:15:58 PM) (Source: MSDTC) (User: )
Description: MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1

.

Error: (12/27/2011 08:15:28 PM) (Source: MSSHA) (User: )
Description: The Windows Security Health Agent could not be initialized.
Failure Code: 80070424.

Error: (12/27/2011 07:03:44 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/27/2011 06:49:13 PM) (Source: Application Hang) (User: )
Description: Hanging application b696f7be-1eff-4e75-9577-ffd0f5147035.com, version 5.0.0.1142, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/27/2011 06:03:39 PM) (Source: Application Error) (User: )
Description: Fault bucket -1557370671.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/27/2011 06:03:38 PM) (Source: Application Error) (User: )
Description: Fault bucket -1557370671.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/27/2011 06:03:37 PM) (Source: Application Error) (User: )
Description: Fault bucket -1557370671.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/27/2011 06:03:27 PM) (Source: Application Error) (User: )
Description: Fault bucket -1557370671.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/27/2011 05:21:59 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/27/2011 05:09:56 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [iexplore.exe!ws!]

System errors:
=============
Error: (12/27/2011 09:00:41 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/27/2011 08:50:12 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/27/2011 08:49:51 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/27/2011 08:42:07 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/27/2011 08:20:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
bdfsfltr
Fips
ftsata2
SASDIFSV
SASKUTIL

Error: (12/27/2011 08:20:43 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (12/27/2011 08:19:34 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/27/2011 08:19:18 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (12/27/2011 08:15:34 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/27/2011 08:14:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (12/27/2011 08:15:58 PM) (Source: MSDTC)(User: )
Description: msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1

Error: (12/27/2011 08:15:28 PM) (Source: MSSHA)(User: )
Description: 80070424

Error: (12/27/2011 07:03:44 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1917000067978

Error: (12/27/2011 06:49:13 PM) (Source: Application Hang)(User: )
Description: b696f7be-1eff-4e75-9577-ffd0f5147035.com5.0.0.1142hungapp0.0.0.000000000

Error: (12/27/2011 06:03:39 PM) (Source: Application Error)(User: )
Description: -1557370671

Error: (12/27/2011 06:03:38 PM) (Source: Application Error)(User: )
Description: -1557370671

Error: (12/27/2011 06:03:37 PM) (Source: Application Error)(User: )
Description: -1557370671

Error: (12/27/2011 06:03:27 PM) (Source: Application Error)(User: )
Description: -1557370671

Error: (12/27/2011 05:21:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1917000067978

Error: (12/27/2011 05:09:56 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1917000067978

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 7.0 (Version: 7.0.0)
AiO_Scan (Version: 50.0.206.000)
aiofw (Version: 4.2.6.0)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 4.2.6.0)
AiOSoftware (Version: 50.0.206.000)
ATI Control Panel (Version: 6.14.10.5157)
ATI Display Driver (Version: 8.15-050607a-024880C-HP)
Barnyard Invasion from HP Media Center (remove only)
BitDefender Antivirus 2010 (Version: 13.0.15)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour (Version: 1.0.106)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm (Version: 53.0.13.000)
C4USelfUpdater (Version: 1.00.0000)
CameraDrivers (Version: 5.0.0.290)
CameraDrivers (Version: 5.0.0.328)
CCleaner (Version: 2.29)
center (Version: 5.0.0.0)
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
CouponBar
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
Creative EAX Console
Creative EAX Settings
Creative MediaSource (Version: 3.00)
Creative MediaSource 5 (Version: 5.00)
Creative Software AutoUpdate
Creative Speaker Settings
Creative System Information
Creative WaveStudio 7 (Version: 7.12)
Crystal Maze from HP Media Center (remove only)
CueTour (Version: 53.0.13.000)
Data Fax SoftModem with SmartCP
Destinations (Version: 53.0.13.000)
Device Control
DeviceManagementQFolder (Version: 1.00.0000)
Digby's Donuts from HP Media Center (remove only)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 53.0.13.000)
DocumentViewerQFolder (Version: 1.00.0000)
Easy Internet Sign-up (Version: FE UI-4.0.0.1573)
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FATE Demo from HP Media Center (remove only)
Fax (Version: 50.0.206.000)
Flip Words from HP Media Center (remove only)
GemMaster Mystic
HP Boot Optimizer (Version: 1.0.2)
HP Deskjet Printer Preload (Version: 10.1.0)
HP DigitalMedia Archive (Version: 1.2)
HP Document Viewer 5.3 (Version: 5.3)
HP Game Console and games
HP Image Zone 5.3 (Version: 5.3)
HP Image Zone for Media Center PC (Version: 1.02.001)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP Photosmart 330,380,420,470,7800,8000,8200 Series (Version: 8.1)
HP Photosmart Cameras 5.0 (Version: 5.0)
HP Product Assistant (Version: 100.000.001.000)
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Tunes (Version: 2.1.0.2)
HP Update (Version: 5.002.001.004)
HPProductAssistant (Version: 53.0.13.000)
HpSdpAppCoreApp (Version: 3.00.0000)
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices (Version: 53.0.13.000)
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.789)
iTunes (Version: 4.8.0.31)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Java™ 6 Update 17 (Version: 6.0.170)
Jewel Quest from HP Media Center (remove only)
KODAK AiO Home Center (Version: 5.4.6.4)
ksDIP (Version: 3.20.0000.0001)
LightScribe 1.4.31.1 (Version: 1.4.31.1)
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Money 2005 (Version: 14)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Dancer LE (Version: 1.1.0.3522)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3500)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
Mozilla Thunderbird (8.0) (Version: 8.0 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
muvee autoProducer 4.0 (Version: 4.00.050)
muvee autoProducer unPlugged 1.1 - HPD (Version: 1.1.000)
NewCopy (Version: 50.0.206.000)
Office 2003 Tour (Version: 1.0.0)
Otto
PanoStandAlone (Version: 53.0.13.000)
PhotoGallery (Version: 53.0.13.000)
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PreReq (Version: 6.0.5.2)
PS2
PSPrinters08 (Version: 8.01.0000)
PSTAPlugin (Version: 8.01.0000)
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2005 (Version: 14.00.0000)
QuickTime
RandMap (Version: 53.0.13.000)
Readme (Version: 50.0.206.000)
RealPlayer
Ricochet Lost Worlds from HP Media Center (remove only)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1 (Version: 53.0.13.000)
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
SolutionCenter (Version: 50.0.152.000)
Sonic Encoders (Version: 1.00)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.1.3)
Sonic RecordNow Audio (Version: 2.0.2)
Sonic RecordNow Copy (Version: 2.0.2)
Sonic RecordNow Data (Version: 2.0.2)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 53.0.13.000)
Sound Blaster Audigy (Version: 1.0)
Status (Version: 53.0.13.000)
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware (Version: 5.0.1142)
Swarm from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
Updates from HP (remove only)
Vopt 9 (Version: 9.21)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB890629
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1470.48 MB
Available physical RAM: 783.61 MB
Total Pagefile: 3823.23 MB
Available Pagefile: 3400.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.43 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:178.3 GB) (Free:160.21 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8 GB) (Free:0.88 GB) FAT32

========================= Users: ========================================

User accounts for \\LARRYS-PC

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904
TEMP-Admin

**** End of log ****

#9 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 27 December 2011 - 10:25 PM

All looks fine here too.

"Ping" command works just fine except for BC site, which may indicate you're still infected.

Can you check if you're having same issues with IE?

Then....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Note.
To manually update MBAM, download this file: http://data.mbamupdates.com/tools/mbam-rules.exe
Double click on downloaded file to update the program.

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#10 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 28 December 2011 - 12:08 AM

Security check log

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
BitDefender Antivirus 2010
McAfee Security Scan Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

Dennis

#11 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 28 December 2011 - 12:10 AM

MBAM log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122605

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/27/2011 10:44:37 PM
mbam-log-2011-12-27 (22-44-37).txt

Scan type: Quick scan
Objects scanned: 225208
Time elapsed: 11 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Classes (Trojan.Agent) -> Value: Classes -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\nlh.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\nlh.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\nlh.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\AKV6BKZR\bringmesports[1].exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\application data\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\fsdfdsf0.5405475836666037.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

Dennis

#12 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 28 December 2011 - 12:12 AM

I'll post GMER's log in the morning, root kit scans take a LONG time...

#13 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 28 December 2011 - 12:14 AM

OK.

You forgot:

Quote

Can you check if you're having same issues with IE?

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#14 Ford.da

Member

Group: Members
Posts: 42
Joined: 27-December 11
Gender:Male
Location:Maumee, Ohio

Posted 28 December 2011 - 05:27 AM

IE is working MUCH faster and goes to all the right pages.
No more redirects and it stays connected every time I open it.

The GMER log next...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-28 05:16:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200822AS rev.3.02
Running: GMER.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwdyrpog.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00634844
.text C:\WINDOWS\Explorer.EXE[1512] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B44844
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2244] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4820] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4820] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4820] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4820] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\Program Files\Mozilla Firefox\firefox.exe[7208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0121B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[6108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[6376] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[8092] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Temp@TimeGetWork 575871

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\config\systemprofile\Cookies\ZF9HC9NM.txt 391 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\J476CS1D.txt 110 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\3EDPKO64.txt 135 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\L333MCF5.txt 11024 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\I1I9XC32.txt 490 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\4NLIMRCD.txt 1459 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\PFIIKZ9D.txt 263 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\HL7NLCTP.txt 141 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\9ONQ7EYB.txt 370 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\QK5N20P1.txt 142 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\ML5SYXUA.txt 209 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\CK4F91SW.txt 666 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\SILWAVLA.txt 6658 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\V3D2G0K8.txt 231 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\TFIMPMEI.txt 2665 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\MA28YMUR.txt 146 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\7L0CQRLQ.txt 2131 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\5KP1PZVG.txt 149 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\VPR35UPE.txt 136 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A038DC6-310D-11E1-B0D6-0013D4C2766B}.dat 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1C816EA-310D-11E1-B0D6-0013D4C2766B}.dat 10240 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6F680750-310D-11E1-B0D6-0013D4C2766B}.dat 6144 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6F680751-310D-11E1-B0D6-0013D4C2766B}.dat 17920 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DE5AD57A-310D-11E1-B0D6-0013D4C2766B}.dat 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{929C403B-310D-11E1-B0D6-0013D4C2766B}.dat 6656 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{929C403D-310D-11E1-B0D6-0013D4C2766B}.dat 15872 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E93B901A-310D-11E1-B0D6-0013D4C2766B}.dat 10240 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E93B901B-310D-11E1-B0D6-0013D4C2766B}.dat 10752 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4B39777E-310D-11E1-B0D6-0013D4C2766B}.dat 6656 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DA3585C-310E-11E1-B0D6-0013D4C2766B}.dat 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DA3585D-310E-11E1-B0D6-0013D4C2766B}.dat 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EFA8A6AE-310D-11E1-B0D6-0013D4C2766B}.dat 6144 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{37129676-310E-11E1-B0D6-0013D4C2766B}.dat 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{30D9F39E-310E-11E1-B0D6-0013D4C2766B}.dat 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4A0D8EF2-310E-11E1-B0D6-0013D4C2766B}.dat 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D38141E8-310D-11E1-B0D6-0013D4C2766B}.dat 10752 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D38141E9-310D-11E1-B0D6-0013D4C2766B}.dat 12288 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84495F84-310D-11E1-B0D6-0013D4C2766B}.dat 10752 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90202C1D-310E-11E1-B0D6-0013D4C2766B}.dat 4608 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90202C1F-310E-11E1-B0D6-0013D4C2766B}.dat 4608 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C5DECF38-310D-11E1-B0D6-0013D4C2766B}.dat 8704 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C5DECF39-310D-11E1-B0D6-0013D4C2766B}.dat 14848 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3C827406-310D-11E1-B0D6-0013D4C2766B}.dat 11776 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\086EI3KD\plusone[1].js 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5IN535JZ\ga[1].js 32614 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YQ4WGEFP\domainpark[1].com&num_radlinks=15&dt=1325051177625&u_tz=-300&u_his=0&u_h=600&u_w=800&frm=0 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YQ4WGEFP\Captcha[2].jpg 5482 bytes
File C:\WINDOWS\Temp\~DFADFE.tmp 0 bytes
File C:\WINDOWS\Temp\~DFB0C2.tmp 0 bytes
File C:\WINDOWS\Temp\~DFA056.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Dennis