Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe infected - multiple outgoing connections from my PC


  • This topic is locked This topic is locked
2 replies to this topic

#1 gsmf

gsmf

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 20 March 2011 - 06:05 PM

Hello,

i've found my computer is malware/virus infected.
Yesterday, when i was running PeerBlock, i checked there were hundreds of requests to different IP addresses from my host, mostly to port 25.

Today, tried to run different scans but nothing solved the problem. AVG found nothing... Spybot found nothing....
Malwarebytes found nothing, but keeps blocking outgoing connections to malicious websites, mostly to IP 89.149.209.107 (even with all programs closed!).
Combofix found some virus and told me was fixed, but after reboot problem remains!
Checking my explorer.exe in virustotal online scanner, it shows my file infected with 3 virus: Malware-Cryptor.Win32.0074, Win32/SpamTool.Agent.NER and Worm:Win32/Bymot.A.

This stupid virus is really getting me crazy!

Here are DDS and GMER LOGS


DDS LOGS:
.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by goncalo at 22:25:31,65 on 20-03-2011
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.351.2070.18.2037.610 [GMT 0:00]
.
AV: AVG Internet Security *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Internet Security *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\NDAS\System\ndassvc.exe
D:\Program Files\nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\Installer\MSIA272.tmp
C:\Windows\system32\cryptainersrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\goncalo\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://pt.intl.acer.yahoo.com
uInternet Settings,ProxyServer = 143.205.172.11:3128
uInternet Settings,ProxyOverride = *.google.com;*.google.pt;*.ru;*.nntime.com;*.local;<local>
uSearchURL,(Default) = hxxp://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\goncalo\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA5ADMANAAyADUANAA0ADkALQBVADkAMAArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEA"&"prod=90"&"ver=9.0.894
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet
IE: &Download with FlashGet
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Atomic Email Hunter
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all by FlashGet3 - c:\users\goncalo\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\goncalo\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xportar para o Microsoft Excel
IE: Google AdSense Preview Tool
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: bmnet.dll
Trusted Zone: kuaiche.com\software
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {1FABA798-B63A-4725-80B1-FD6ECECDDAA3} = 93.182.182.85 93.182.182.85
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll c:\windows\system32\eNetHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\goncalo\appdata\roaming\mozilla\firefox\profiles\eje5of41.default user\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\goncalo\appdata\roaming\mozilla\firefox\profiles\eje5of41.default user\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Profile Manager and Synchronizer: {69f6e5ea-e975-4d70-a983-1e5c094ded79} - %profile%\extensions\{69f6e5ea-e975-4d70-a983-1e5c094ded79}
FF - Ext: ProfilePassword-Firefox: {b9615918-d3de-44a4-ab65-76df7ea1f1c1} - %profile%\extensions\{b9615918-d3de-44a4-ab65-76df7ea1f1c1}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 cc_4g;cc_4g;c:\windows\system32\drivers\cc_4g.sys [2010-4-8 196608]
R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2008-12-3 318440]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2008-12-3 104808]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2008-12-3 329448]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2008-12-3 450920]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2008-12-3 774120]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-16 50688]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-7-20 363344]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\installer\MSIA272.tmp [2008-12-9 189688]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [2008-12-24 100728]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2011-1-10 464224]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2011-1-10 189792]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-16 179712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-7-20 20952]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2008-12-3 137704]
S2 gupdate;Serviço Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-4-6 1153368]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2010-1-19 9216]
S2 xgkfvboe;AMD K8 Processor Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-6-6 21504]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2008-12-3 354152]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-8-21 20080]
.
=============== Created Last 30 ================
.
2011-03-20 22:11:46	--------	d-sh--w-	C:\$RECYCLE.BIN
2011-03-20 22:11:30	--------	d-----w-	c:\users\goncalo\appdata\local\temp
2011-03-20 21:27:30	89088	----a-w-	c:\windows\MBR.exe
2011-03-20 21:27:30	256512	----a-w-	c:\windows\PEV.exe
2011-03-20 21:27:15	--------	d-----w-	C:\ComboFix
2011-03-20 18:16:18	709456	----a-w-	c:\windows\isRS-000.tmp
2011-03-15 09:11:53	--------	d--h--w-	c:\progra~2\Common Files
2011-03-06 23:34:07	53248	----a-r-	c:\users\goncalo\appdata\roaming\microsoft\installer\{6ba13efc-e8d0-4d37-af04-42796cf0e8f5}\ARPPRODUCTICON.exe
2011-03-06 19:24:42	--------	d-----w-	c:\program files\BBSAK
2011-03-03 12:09:38	22872	----a-r-	c:\windows\system32\AdobePDFUI.dll
2011-03-03 12:06:59	112056	----a-w-	c:\windows\system32\acaptuser32.dll
2011-03-03 12:05:36	103864	----a-w-	c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-02-27 13:33:52	--------	d-----w-	c:\program files\Microsoft Research
2011-02-21 02:01:33	--------	d-----w-	c:\program files\Canon
2011-02-21 01:55:47	--------	d-----w-	c:\program files\common files\Canon
.
==================== Find3M  ====================
.
2011-03-09 10:57:58	2980352	----a-w-	c:\windows\explorer.exe
2011-01-15 01:12:15	73728	----a-w-	c:\windows\system32\APISlice.dll
2011-01-02 21:38:07	286720	------w-	c:\windows\Setup1.exe
2011-01-02 21:38:03	73216	----a-w-	c:\windows\ST6UNST.EXE
2010-12-21 23:41:30	80896	----a-w-	c:\windows\system32\ff_vfw.dll
2010-12-21 23:35:00	50688	----a-w-	c:\windows\system32\ff_acm.acm
.
============= FINISH: 22:31:57,44 ===============




GMER LOGS:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-20 23:11:40
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542512K9SA00 rev.BB2OC31P
Running: gmer.exe; Driver: C:\Users\goncalo\AppData\Local\Temp\fgtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\system32\Drivers\PROCEXP113.SYS O sistema não conseguiu localizar o ficheiro especificado. !
? C:\Users\goncalo\AppData\Local\Temp\catchme.sys O sistema não conseguiu localizar o ficheiro especificado. !
? C:\Users\goncalo\AppData\Local\Temp\mbr.sys O sistema não conseguiu localizar o ficheiro especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[916] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2228] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3244] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetWindowsHookExW 76F37B69 5 Bytes JMP 6EED9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CallNextHookEx 76F38C33 5 Bytes JMP 6EECCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamW 76F3BD25 5 Bytes JMP 6EFD3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateWindowExW 76F43D67 5 Bytes JMP 6EEDD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamW 76F51FD5 5 Bytes JMP 6EE051FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!UnhookWindowsHookEx 76F608BE 5 Bytes JMP 6EE443F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamA 76F780B2 5 Bytes JMP 6EFD3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamA 76F783DD 5 Bytes JMP 6EFD3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectA 76F8D471 5 Bytes JMP 6EFD3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectW 76F8D56B 5 Bytes JMP 6EFD3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExA 76F8D5D1 5 Bytes JMP 6EFD3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExW 76F8D5F5 5 Bytes JMP 6EFD3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!OleLoadFromStream 76969726 5 Bytes JMP 6EFD3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!CoCreateInstance 7699E188 5 Bytes JMP 6EEDD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys

Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)
Device \FileSystem\ndasrofs \NdasRofs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Program Files\ESET 0 bytes
File C:\Program Files\ESET\ESET Online Scanner 0 bytes
File C:\Program Files\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2322184 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\esets_apiA.dll 365184 bytes
File C:\Program Files\ESET\ESET Online Scanner\esets_apiW.dll 373424 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\esets_apiW_a.dll 768944 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\log.txt 122 bytes
File C:\Program Files\ESET\ESET Online Scanner\Modules 0 bytes
File C:\Program Files\ESET\ESET Online Scanner\Modules\data 0 bytes
File C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles 0 bytes
File C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 880184 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 863704 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.inf 172 bytes
File C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx 3381024 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\OnlineScanner64.ocx 3887832 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe 546464 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\OnlineScannerLang.dll 311624 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 204504 bytes executable
File C:\Program Files\ESET\ESET Online Scanner\Quarantine 0 bytes
File C:\Program Files\ESET\ESET Online Scanner\unicows.dll 258352 bytes executable




MALWAREBYTES LOG:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6113

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18813

20-03-2011 23:06:06
mbam-log-2011-03-20 (23-06-06).txt

Scan type: Quick scan
Objects scanned: 168870
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




EXAMPLE OF IP-BLOCK:
19:43:51	goncalo	IP-BLOCK	91.200.240.29 (Type: outgoing, Port: 4766, Process: iexplore.exe)
19:43:51	goncalo	IP-BLOCK	194.60.205.233 (Type: outgoing, Port: 4767, Process: iexplore.exe)
19:43:51	goncalo	IP-BLOCK	91.200.240.31 (Type: outgoing, Port: 4768, Process: iexplore.exe)
19:43:51	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4769, Process: explorer.exe)
19:43:51	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4770, Process: explorer.exe)
19:43:51	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4771, Process: explorer.exe)
19:43:51	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4772, Process: explorer.exe)
19:43:51	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4774, Process: explorer.exe)
19:43:51	goncalo	IP-BLOCK	194.60.205.232 (Type: outgoing, Port: 4776, Process: iexplore.exe)
19:43:51	goncalo	IP-BLOCK	194.60.205.233 (Type: outgoing, Port: 4777, Process: iexplore.exe)
19:43:51	goncalo	IP-BLOCK	194.60.205.234 (Type: outgoing, Port: 4778, Process: iexplore.exe)
19:43:51	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4779, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4780, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4788, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4808, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4809, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4811, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4812, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4813, Process: explorer.exe)
19:43:59	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4814, Process: explorer.exe)
19:44:07	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4815, Process: explorer.exe)
19:44:07	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4816, Process: explorer.exe)
19:44:07	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4817, Process: explorer.exe)
19:44:07	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4820, Process: explorer.exe)
19:44:07	goncalo	IP-BLOCK	89.149.209.107 (Type: outgoing, Port: 4821, Process: explorer.exe)




Thanks for helping!!!!
Regards,

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 25 March 2011 - 05:42 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 30 March 2011 - 05:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users