1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Computer Switching Off

Discussion in 'Malware and Virus Removal Archive' started by puppypaws, 2011/10/04.

  1. 2011/10/04
    puppypaws

    puppypaws Inactive Thread Starter

    Joined:
    2007/07/20
    Messages:
    122
    Likes Received:
    1
    [Inactive] Computer Switching Off

    My computer was freezing and this problem appears to have disappeared, now you can be working and the screen goes black, you then must hit a small button on top of the tower to reboot. I have the logs requested on my desktop, what is the best way to get them into this post. I see no attachment icon in this site?

    Here is the MalwareBytes I copied.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7870

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/4/2011 11:28:12 PM
    mbam-log-2011-10-04 (23-28-12).txt

    Scan type: Quick scan
    Objects scanned: 157519
    Time elapsed: 5 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)
     
    Last edited: 2011/10/04
    puppypaws,
    #1
  2. 2011/10/04
    puppypaws

    puppypaws Inactive Thread Starter

    Joined:
    2007/07/20
    Messages:
    122
    Likes Received:
    1
    DDS

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Reid at 23:14:21 on 2011-10-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1142 [GMT -4:00]
    .
    AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WhiteSmoke\WSEnrichment.exe
    C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Reid\Local Settings\Temporary Internet Files\Content.IE5\CEK5KYKX\o6eug9xl[1].exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe "
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\reid\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke\WSEnrichment.exe
    StartupFolder: c:\docume~1\reid\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7619\Launcher.exe
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: dinarrecaps.com\www
    Trusted Zone: msn.com\www
    Trusted Zone: trend%20micro.com\www
    Trusted Zone: trendmicro.com\us
    Trusted Zone: union.nc.us\www.co
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 192.168.254.254
    TCP: Interfaces\{B7499879-C410-4766-AEAF-83AD077AB07E} : DhcpNameServer = 192.168.254.254
    TCP: Interfaces\{BF62FDE0-4017-40AA-BBE0-609C2472895A} : DhcpNameServer = 192.168.254.254
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-5-5 22168]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2011-8-18 13696]
    R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [2011-8-31 84752]
    R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-8-31 68368]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-23 328536]
    R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10754\AGCoreService.exe [2011-8-10 20480]
    R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-8-31 200632]
    R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2011-8-9 18864]
    R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [2011-8-31 171280]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-23 1684736]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-10-05 01:35:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-05 01:35:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-03 11:49:23 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-10-03 11:49:19 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-10-03 11:49:19 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-10-03 11:49:15 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-10-03 11:49:12 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-10-03 11:49:02 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2011-10-03 11:47:55 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
    2011-10-03 11:46:57 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
    2011-10-03 11:45:58 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2011-10-03 11:44:57 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
    2011-10-03 11:43:59 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
    2011-10-03 11:42:59 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
    2011-10-03 11:41:58 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
    2011-10-03 11:40:54 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
    2011-10-03 11:39:59 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
    2011-10-03 11:38:58 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
    2011-10-03 11:37:59 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2011-10-03 11:36:56 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2011-10-03 11:35:57 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
    2011-10-03 11:34:55 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
    2011-10-03 11:33:58 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
    2011-10-03 11:32:59 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
    2011-10-03 11:31:58 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
    2011-10-03 11:30:59 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
    2011-10-03 11:29:58 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
    2011-10-03 11:28:59 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
    2011-10-03 11:27:59 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
    2011-10-03 11:27:59 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
    2011-10-03 11:27:59 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
    2011-10-03 11:27:59 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
    2011-10-03 11:27:59 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
    2011-10-03 11:27:58 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
    2011-10-03 11:27:42 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2011-09-29 02:00:42 -------- d-----w- c:\program files\SpeedFan
    2011-09-26 00:16:55 -------- d-----w- c:\program files\MSECache
    2011-09-24 11:04:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-09-24 11:04:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-09-24 11:04:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-09-24 11:04:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-09-24 11:04:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-09-24 11:04:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-09-24 11:04:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-09-24 11:03:02 -------- d-----w- c:\documents and settings\reid\local settings\application data\Apple
    2011-09-24 11:02:46 -------- d-----w- c:\documents and settings\reid\local settings\application data\Apple Computer
    2011-09-24 10:51:30 -------- d-----w- c:\program files\common files\xing shared
    2011-09-21 11:46:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-21 11:46:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-12 15:50:30 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-09-12 15:50:21 -------- d-----w- c:\program files\Coupons
    2011-09-07 17:49:26 -------- d-----w- c:\documents and settings\reid\application data\GlarySoft
    .
    ==================== Find3M ====================
    .
    2011-09-27 22:58:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-24 10:51:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-09-24 10:51:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-31 13:02:23 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
    2011-08-31 12:59:41 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2011-08-31 12:59:41 84752 ----a-w- c:\windows\system32\drivers\tmeext.sys
    2011-08-31 12:59:41 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
    2011-08-31 12:59:41 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2011-08-31 12:59:41 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-08-31 12:59:41 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
    2011-08-23 03:46:49 0 ----a-w- c:\windows\ativpsrm.bin
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-14 01:01:51 1197312 ------w- c:\windows\wweb32.dll
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2006-02-28 12:00:00 94784 --sh--w- c:\windows\twain.dll
    2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
    2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
    2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
    2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
    2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .
    ============= FINISH: 23:15:16.51 ===============
     
    puppypaws,
    #2


  3. to hide this advert.

  4. 2011/10/04
    puppypaws

    puppypaws Inactive Thread Starter

    Joined:
    2007/07/20
    Messages:
    122
    Likes Received:
    1
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-04 23:03:31
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD10EADS-00L5B1 rev.01.01A01
    Running: o6eug9xl[1].exe; Driver: C:\DOCUME~1\Reid\LOCALS~1\Temp\kwedikog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89F759D4 ZwCreateKey
    SSDT 8A115ED4 ZwCreateMutant
    SSDT 89F981FC ZwCreateProcess
    SSDT 89F970DC ZwCreateProcessEx
    SSDT 8A0E5AFC ZwCreateSymbolicLinkObject
    SSDT 8A227C8C ZwCreateThread
    SSDT 89F73454 ZwDeleteKey
    SSDT 8A170974 ZwDeleteValueKey
    SSDT 8A0F89E4 ZwDuplicateObject
    SSDT 8A160544 ZwLoadDriver
    SSDT 89F95714 ZwOpenProcess
    SSDT 8A10FCD4 ZwOpenSection
    SSDT 89F890CC ZwOpenThread
    SSDT 89F686F4 ZwRenameKey
    SSDT 89F5C5DC ZwRestoreKey
    SSDT 8A17D57C ZwSetSystemInformation
    SSDT 89F73BF4 ZwSetValueKey
    SSDT 89F8388C ZwTerminateProcess
    SSDT 89F7A1F4 ZwTerminateThread
    SSDT 8A2647AC ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5175000, 0x1BDE76, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3516] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[3516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
    puppypaws,
    #3
  5. 2011/10/04
    puppypaws

    puppypaws Inactive Thread Starter

    Joined:
    2007/07/20
    Messages:
    122
    Likes Received:
    1
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/9/2011 3:00:22 PM
    System Uptime: 10/4/2011 9:00:45 PM (2 hours ago)
    .
    Motherboard: BIOSTAR Group | | A780L
    Processor: AMD Athlon(tm) 5200 Dual-Core Processor | CPU 1 | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 932 GiB total, 911.352 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 8/12/2011 9:30:16 AM - System Checkpoint
    RP2: 8/13/2011 10:00:25 AM - System Checkpoint
    RP3: 8/18/2011 12:28:44 AM - Installed AMD Processor Driver
    RP4: 8/22/2011 11:05:33 PM - Installed ATI Catalyst Control Center
    RP5: 8/22/2011 11:07:49 PM - Installed ATI Parental Control & Encoder
    RP6: 8/23/2011 12:11:42 AM - Installed Realtek High Definition Audio Driver
    RP7: 8/23/2011 12:27:02 AM - Installed Realtek High Definition Audio Driver
    RP8: 8/24/2011 3:16:16 AM - System Checkpoint
    RP9: 8/24/2011 9:12:19 PM - Software Distribution Service 3.0
    RP10: 8/24/2011 9:15:04 PM - Software Distribution Service 3.0
    RP11: 8/25/2011 5:41:22 PM - Removed ATI Catalyst Control Center
    RP12: 8/25/2011 5:53:51 PM - Installed ATI Catalyst Control Center
    RP13: 8/25/2011 5:56:12 PM - Installed ATI Parental Control & Encoder
    RP14: 8/25/2011 7:29:00 PM - Installed Windows XP KB2524375.
    RP15: 8/25/2011 7:32:14 PM - Installed Windows XP KB2467659.
    RP16: 8/25/2011 7:38:01 PM - Software Distribution Service 3.0
    RP17: 8/25/2011 7:49:38 PM - Software Distribution Service 3.0
    RP18: 8/26/2011 8:57:47 PM - System Checkpoint
    RP19: 8/26/2011 9:40:11 PM - Restore Operation
    RP20: 8/27/2011 7:49:17 AM - Software Distribution Service 3.0
    RP21: 8/27/2011 7:59:02 AM - Restore Operation
    RP22: 8/27/2011 8:04:35 AM - Restore Operation
    RP23: 8/27/2011 8:53:46 AM - Software Distribution Service 3.0
    RP24: 8/27/2011 11:46:13 AM - Software Distribution Service 3.0
    RP25: 8/27/2011 8:26:43 PM - Installed %1 %2.
    RP26: 8/27/2011 8:27:08 PM - Installed %1 %2.
    RP27: 8/28/2011 8:29:50 PM - System Checkpoint
    RP28: 8/29/2011 8:57:26 PM - System Checkpoint
    RP29: 8/31/2011 1:25:53 AM - System Checkpoint
    RP30: 9/1/2011 1:52:10 AM - System Checkpoint
    RP31: 9/2/2011 4:52:29 AM - System Checkpoint
    RP32: 9/3/2011 5:05:29 AM - System Checkpoint
    RP33: 9/3/2011 10:12:29 AM - Installed Windows XP -- Software Updates KB952011.
    RP34: 9/4/2011 2:03:34 PM - System Checkpoint
    RP35: 9/5/2011 2:05:35 PM - System Checkpoint
    RP36: 9/6/2011 2:43:20 PM - System Checkpoint
    RP37: 9/7/2011 3:00:14 AM - Software Distribution Service 3.0
    RP38: 9/8/2011 4:33:02 AM - System Checkpoint
    RP39: 9/9/2011 7:41:58 AM - System Checkpoint
    RP40: 9/10/2011 1:01:38 PM - System Checkpoint
    RP41: 9/11/2011 1:04:25 PM - System Checkpoint
    RP42: 9/12/2011 1:18:40 PM - System Checkpoint
    RP43: 9/13/2011 2:03:55 PM - System Checkpoint
    RP44: 9/14/2011 2:15:25 PM - System Checkpoint
    RP45: 9/15/2011 2:58:24 PM - System Checkpoint
    RP46: 9/15/2011 3:18:50 PM - Software Distribution Service 3.0
    RP47: 9/16/2011 4:03:21 PM - System Checkpoint
    RP48: 9/17/2011 4:27:58 PM - System Checkpoint
    RP49: 9/18/2011 4:28:35 PM - System Checkpoint
    RP50: 9/19/2011 5:42:40 PM - System Checkpoint
    RP51: 9/20/2011 6:01:30 PM - System Checkpoint
    RP52: 9/21/2011 7:45:36 AM - Installed Java(TM) 6 Update 27
    RP53: 9/22/2011 8:29:59 AM - System Checkpoint
    RP54: 9/23/2011 9:00:43 AM - System Checkpoint
    RP55: 9/24/2011 6:26:50 AM - Software Distribution Service 3.0
    RP56: 9/24/2011 6:29:15 AM - Software Distribution Service 3.0
    RP57: 9/24/2011 7:03:48 AM - Installed QuickTime
    RP58: 9/25/2011 8:15:58 AM - System Checkpoint
    RP59: 9/25/2011 8:17:02 PM - Installed Compatibility Pack for the 2007 Office system
    RP60: 9/26/2011 8:38:56 PM - System Checkpoint
    RP61: 9/26/2011 8:48:24 PM - Software Distribution Service 3.0
    RP62: 9/27/2011 9:01:32 PM - System Checkpoint
    RP63: 9/28/2011 3:00:14 AM - Software Distribution Service 3.0
    RP64: 9/29/2011 3:43:11 AM - System Checkpoint
    RP65: 9/30/2011 4:13:41 AM - System Checkpoint
    RP66: 10/1/2011 5:15:47 AM - System Checkpoint
    RP67: 10/2/2011 5:22:54 AM - System Checkpoint
    RP68: 10/3/2011 9:26:47 AM - System Checkpoint
    RP69: 10/3/2011 7:56:36 PM - Software Distribution Service 3.0
    RP70: 10/4/2011 8:44:33 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ACDSee
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.1)
    Advanced SystemCare 4
    AMD Processor Driver
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    Belarc Advisor 8.2
    Canon CanoScan LiDE 210 User Registration
    Canon MP Navigator EX 4.0
    CanoScan LiDE 210 Scanner Driver
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Glary Utilities 2.37.0.1260
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Photo Imaging Software
    HP Photo Printing Software
    hp photosmart printer series (Remove only)
    ieSpell
    Java Auto Updater
    Java(TM) 6 Update 27
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2000 Premium
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Motorola SM56 Speakerphone Modem
    Picasa 3
    Platform
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek AC'97 Audio
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Skins
    SpeedFan (remove only)
    Trend Micro Titanium
    Trend Micro Titanium Internet Security 2012
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VIA Platform Device Manager
    VIA Rhine-Family Fast-Ethernet Adapter
    VIA/S3G Display Driver
    VIA/S3G Display Driver 6.14.10.0297
    WebFldrs XP
    Webshots Desktop
    WhiteSmoke
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WordWeb
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/3/2011 7:31:42 PM, error: Service Control Manager [7034] - The AG Core Services service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
    puppypaws,
    #4
  6. 2011/10/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see anything malicious.
    I suspect you're dealing with overheating, or some other hardware issue.
    But...that would be a subject to a different forum.
     
    broni,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...