Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 stops opening pages, browser running after shutdown


  • Please log in to reply
63 replies to this topic

#1 Bama Jeff

Bama Jeff

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 01 August 2011 - 05:24 PM

Hi,

When starting Internet Explorer 8, I can open a few pages, then it stops opening after a few minutes. Example, my home page is Yahoo.com. I can open IE8 and view Yahoo home page. I can click on the news section and read a few different articles, then it stops after opening a few. I do not get an error message, and the page stays on the current page/last article that did open, but won't open anything else that I try to read. It looks like it is trying to change the page, but then stops trying.

When I close the browser (click the X top right corner) and try to run Window Washer, it states that the browser is running. When I try to close the browser and clean using Window Washer, Window Washer will then freeze up. I also use Slim Cleaner. When I run it, same response......browser is running. I try to close it through Slim Cleaner, then it appears to close and clean as normal. However, if I immediately reclean with Slim Cleaner, same response, browser is running.

If I shut down the computer and restart, I can run Window Washer without it stating browser is running. Same with Slim Cleaner. So, it appears the problem occurs upon opening IE8, not upon start up.

I've updated all anti-virus and programs. I ran all programs 3 times in safe mode. Ad-Aware found mywebsearch, and seems like it did delete it. 2 more scans came back clean. Exterminate it! found 2 different problems, one on the first scan and one on the second scan. The third scan found no problems. Norton AntiVirus and IOBit Malware fighter found nothing. I also used Advanced System Care 4.

I've also tried to restore to a previous date. I've tried most days that it has a restore point. Each time I run it, it seems to be working, but upon restart it always says that it can not restore to previous date (or something to that nature).

I even downloaded Firefox browser hoping whatever problem that IE8 is having wouldn't affect Firefox. However, same identical problem with Firefox.

We started having this problem after my wife was trying to watch a video on YouTube. A pop up appeared and stated that to view this video Adobe Acrobat Flash had to be installed. Previously we have never had problems watching videos on YouTube. Well, she clicked it and was able to watch videos. She also went to several websites that day, including Facebook, etc, and downloaded pictures and videos. She doesn't remember downloading or clicking any other pop ups.

I tried to delete Adobe Acrobat Flash, and probably many other needed programs, but still having the same problem.

I have a Dell Dimension 4700, Pentium 4 3.20 GHz. Operating system is Windows XP Professional, Service Pack 3.

Any info or help would really be appreciated.

Thank you.

Edited by Bama Jeff, 01 August 2011 - 05:56 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:29 PM

Posted 01 August 2011 - 05:30 PM

I would recommend not using software that states that it can boost PC Performance such as Windows Washer, Slim Cleaner, and Advanced System Care per the following:

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
These programs can cause more problems then they help.

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:29 AM

Posted 05 August 2011 - 02:04 PM

Hi Bama Jeff,

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button. (The latest update is 7388)
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

:step3: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • MiniToolBox log
  • Malwarebytes log
  • GMER log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 05 August 2011 - 08:25 PM

Hi Jason,

Thanks a million for offering help and assistance. I appreciate you taking time to help.

Well, the problem seems to be getting worse. I can open a website by clicking the home button or going to favorites through the start button. The web page opens as normal, but I can't click anything else. For example, I put bleepingcomputer.com in favorites and can open the web site. However, I can't sign in, open any tabs, or view anything else other than the home page. The arrow on the top left of my computer states "connecting", but it spins and spins but will not open.

When I shut down the computer, it takes about 3 to 4 min. It has never taken that long. It goes through the usual shut down, but it takes a long time.

I am now writing you though my wife's computer, not my "sick" desk top, since it won't let me do anything. What should I do now?

Can I or should I download MiniToolBox in safe mode?

Thanks again. Jeff

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:29 AM

Posted 05 August 2011 - 08:31 PM

Yes, if you can't download anything in Normal Mode, all three steps can be completed in Safe Mode with Networking.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:29 PM

Posted 05 August 2011 - 08:32 PM

Try using malwarebytes in Safe Mode and see what all it detects.

#7 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 06 August 2011 - 06:48 PM

Hi Jason and Bleeping Madman,

Sorry to be lost so soon. Was able to download MiniToolBox in safe mode. Ran it as requested. However, don't know what you mean by putting code boxes around log.

Results popped up in Notepad. But don't see anything about code boxes. Where do I find this?

Thanks.

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:29 AM

Posted 06 August 2011 - 07:09 PM

When you post the MiniToolBox log, copy and paste the contents of the notepad document, but put this (without the letter x) [xcode] before the start of the log, and [/xcode] (without the letter x) after the log. Doing so creates this:

Example text for a log

(This makes it easier for me to read this log. Just copy and paste all other logs.)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 06 August 2011 - 07:21 PM

MiniToolBox by Farbar
Ran by Jeff (administrator) on 06-08-2011 at 18:36:01
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DFDC8M71

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Linksys NC100 Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-0C-41-EB-3D-FA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Saturday, August 06, 2011 6:26:08 PM

Lease Expires . . . . . . . . . . : Sunday, August 07, 2011 6:26:08 PM

Server: UnKnown
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.227.19, 74.125.227.16, 74.125.227.20, 74.125.227.18
74.125.227.17



Pinging google.com [74.125.73.105] with 32 bytes of data:



Reply from 74.125.73.105: bytes=32 time=19ms TTL=50

Reply from 74.125.73.105: bytes=32 time=20ms TTL=49



Ping statistics for 74.125.73.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms

Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=48ms TTL=50

Reply from 69.147.125.65: bytes=32 time=48ms TTL=50



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 48ms, Average = 48ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 41 eb 3d fa ...... Linksys NC100 Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.2 20
10.0.0.0 255.255.255.0 10.0.0.2 10.0.0.2 20
10.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.2 10.0.0.2 20
255.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/04/2011 05:34:49 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (08/01/2011 02:39:28 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (08/01/2011 02:39:20 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (07/27/2011 11:32:44 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (07/27/2011 11:24:22 PM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 10:24:06 PM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 09:22:28 PM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 09:48:37 AM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 08:22:28 AM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/24/2011 10:44:32 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.


System errors:
=============
Error: (08/06/2011 06:26:47 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/06/2011 06:26:33 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
eeCtrl
Fips
intelppm
SRTSPX
SymIRON
SYMTDI

Error: (08/06/2011 06:08:34 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/05/2011 08:58:44 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/05/2011 08:51:17 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/05/2011 08:49:45 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/05/2011 08:46:11 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/05/2011 08:45:57 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (08/05/2011 08:45:41 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/05/2011 08:44:41 PM) (Source: DCOM) (User: Jeff)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (08/04/2011 05:34:49 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (08/01/2011 02:39:28 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (08/01/2011 02:39:20 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (07/27/2011 11:32:44 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (07/27/2011 11:24:22 PM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 10:24:06 PM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 09:22:28 PM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 09:48:37 AM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/27/2011 08:22:28 AM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.

Error: (07/24/2011 10:44:32 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
Ad-Aware
Ad-Aware (Version: 8.3.0)
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader 6.0.1 (Version: 006.000.001)
Advanced SystemCare 4 (Version: 4.0.1)
AIO_Scan (Version: 82.0.203.000)
ATI Control Panel (Version: 6.14.10.5120)
ATI Display Driver (Version: 8.051-040825a-017900C-Dell)
BufferChm (Version: 82.0.173.000)
CDDRV_Installer (Version: 4.60)
Chikka Messenger V4 (Version: Chikka Instant Messenger v4.0)
Conexant D850 56K V.9x DFVc Modem
Copy (Version: 82.0.188.000)
Creative MediaSource
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience (Version: 3.00)
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell Support 5.0.0 (630)
Dell System Restore (Version: 2.00.0000)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.10)
DJ_AIO_ProductContext (Version: 82.0.203.000)
DJ_AIO_Software (Version: 82.0.203.000)
DJ_AIO_Software_min (Version: 82.0.203.000)
eSupportQFolder (Version: 1.00.0000)
Exterminate It! (Version: 1.76.05.25)
F4100 (Version: 82.0.203.000)
F4100_Help (Version: 82.0.203.000)
Google Update Helper (Version: 1.2.183.23)
HP Deskjet All-In-One Software 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.005.006)
HPProductAssistant (Version: 82.0.173.000)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
Internet Explorer Default Page (Version: 1.00.03)
IObit Malware Fighter (Version: 1.0)
Jasc Paint Shop Photo Album 5 (Version: 5.21)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
KhalInstallWrapper (Version: 4.60.122)
Logitech SetPoint (Version: 4.60)
Macromedia Flash Player (Version: 7.0.19.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005 (Version: 14)
Microsoft Picture It! Library 10 (Version: 10.0.0612)
Microsoft Picture It! Premium 10 (Version: 10.0.0612)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Word 2002 (Version: 10.0.2627.01)
Microsoft Works (Version: 08.04.0623)
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 8.0.0.0000)
Modem Helper (Version: 2.28)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch® Jukebox (Version: 9.00.2028)
NetWaiting (Version: 2.5.12)
Norton AntiVirus (Version: 18.6.0.29)
Photo Click (Version: 1.0.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
PowerDVD 5.5
RealPlayer Basic
Revo Uninstaller 1.92 (Version: 1.92)
Scan (Version: 8.1.0.0)
SlimCleaner (Version: 1.8.13603)
Smart Defrag 2 (Version: 2.1)
SolutionCenter (Version: 82.0.188.000)
Sonic Copy Module (Version: 2.0.0)
Sonic DLA (Version: 4.95)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Sound Blaster Live! 24-bit
Status (Version: 82.0.173.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
UnloadSupport (Version: 1.00.0000)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM (Version: 8.0.50727.762)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Window Washer (Version: )
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Works Upgrade (Version: 8.0.0.0000)
ZoneAlarm (Version: 9.2.106.000)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 1022.07 MB
Available physical RAM: 586.78 MB
Total Pagefile: 2462.07 MB
Available Pagefile: 2210.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.29 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:144.37 GB) (Free:109.15 GB) NTFS

========================= Users: ========================================

User accounts for \\DFDC8M71

Administrator Guest HelpAssistant
Jeff Rea SUPPORT_388945a0


== End of log ==

#10 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 06 August 2011 - 07:22 PM

Jason,

I think I figured it out. Let me know if that is what you meant. If not, I can repost.

Running Malwarebytes now.

#11 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 06 August 2011 - 07:39 PM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7397

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/6/2011 7:33:11 PM
mbam-log-2011-08-06 (19-33-11).txt

Scan type: Quick scan
Objects scanned: 178232
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{55CDE9E7-696C-47C4-8E21-7210B8AEB103} (PUP.Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5ED22E89-62FA-47EC-BD8D-374D849D436C} (PUP.Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3CA5551-FC2E-4D09-8ECE-263607ACF9FC} (PUP.Adware.FunWeb) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:29 PM

Posted 06 August 2011 - 08:21 PM

Can you do a complete scan?

#13 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 06 August 2011 - 09:30 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 21:25:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: xwc5ckqq.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\kgryapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF6C45782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF6C646DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF6C5EEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF6C5F2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF6C68916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF6C46398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF6C65FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF6C6593C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF6C5DDF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF6C6693C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF6C66B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF6C45FAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF6C611CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF6C60DF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF6C678D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF6C67208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF6C682A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF6C4B7DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF6C4675C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF6C67E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF6C650C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF6C5FF0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF6C5FC86]

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F6C50672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6C504C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F6C50CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F6C4EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F6C4EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F6C50672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F6C504C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F6C50CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F6C50672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F6C4EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F6C50CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6C504C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

#14 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 06 August 2011 - 09:31 PM

Doing complete Malwarebytes scan next.

#15 Bama Jeff

Bama Jeff
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas, U.S.A.
  • Local time:10:29 AM

Posted 06 August 2011 - 10:32 PM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7397

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/6/2011 10:23:01 PM
mbam-log-2011-08-06 (22-23-01).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 247766
Time elapsed: 44 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users