Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Runing in Background


  • Please log in to reply
20 replies to this topic

#1 usern

usern

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 30 July 2011 - 01:16 PM

Hi,

My computer is sharing a public wifi for with other computers. And currently
my Internet Explorer keep on popping up with a window that says
"could not perform this operation because the default email client
is not properly installed".

Posted Image

Uploaded with ImageShack.us


I do not use Internet Explorer, this message keep on popping up.
I click "OK" on the prompt and I found two iexplorer.exe in the task manager.
I've end task it and after a wile it came back along with the prompt.
This happens even when I don't use my computer. I've scanned
my computer with ESET NOD32 but it did not show any sign of virus.

Can anyone help me on this? Can it be virus?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:30 PM

Posted 30 July 2011 - 01:32 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#3 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 08:25 AM

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET NOD32 Antivirus
Autorun Virus Remover 2.3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 08:28 AM

MiniToolBox by Farbar
Ran by Ananda (administrator) on 30-07-2011 at 20:57:43
Windows 7 Ultimate (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add address name="VMware Network Adapter VMnet1" address=192.168.131.1
add address name="VMware Network Adapter VMnet8" address=192.168.234.1
add address name="VMware Network Adapter VMnet8" address=192.168.253.1
add address name="Local Area Connection" address=192.168.1.1
add address name="VMware Network Adapter VMnet1" address=192.168.91.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ananda-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eduroam.rwth-aachen.de

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : eduroam.rwth-aachen.de
Description . . . . . . . . . . . : Linksys WUSB600N Wireless-N USB Network Adapter with Dual-Band ver. 2
Physical Address. . . . . . . . . : 00-25-9C-DC-A2-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ac30:c46:a080:7e83%27(Preferred)
IPv4 Address. . . . . . . . . . . : 134.61.75.141(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.224.0
Lease Obtained. . . . . . . . . . : 29 July 2011 07:51:40
Lease Expires . . . . . . . . . . : 30 July 2011 21:19:00
Default Gateway . . . . . . . . . : 134.61.64.1
DHCP Server . . . . . . . . . . . : 137.226.33.41
DHCPv6 IAID . . . . . . . . . . . : 704652700
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AC-81-98-00-25-B3-68-47-87
DNS Servers . . . . . . . . . . . : 134.130.4.1
134.130.5.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-25-B3-68-47-87
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:863d:4b8d:c:6141:8272:55c4:b85(Preferred)
Site-local IPv6 Address . . . . . : fec0::c:6141:8272:55c4:b85%2(Preferred)
Temporary IPv6 Address. . . . . . : 2002:863d:4b8d:c:c9eb:4836:84dd:ca7a(Preferred)
Link-local IPv6 Address . . . . . : fe80::6141:8272:55c4:b85%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 285222323
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AC-81-98-00-25-B3-68-47-87
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-26-5E-0D-D2-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::447d:12d0:1faf:55f5%23(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.91.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 637554774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AC-81-98-00-25-B3-68-47-87
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b19b:3ffb:1e2c:a84a%25(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.253.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 671109206
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AC-81-98-00-25-B3-68-47-87
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #11
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B0C782E1-BA3D-4895-85E3-CFB64053361B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{25351A11-688D-4C55-A282-5C046829D6AF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7C9DCDBF-2BC5-4DD7-AD51-8FD41389251C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #12
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #14
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #15
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #13
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #17
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #16
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #18
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Connection-specific DNS Suffix . : eduroam.rwth-aachen.de
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #20
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:863d:4b8d::863d:4b8d(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 134.130.4.1
134.130.5.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.eduroam.rwth-aachen.de:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : eduroam.rwth-aachen.de
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns1.rz.RWTH-Aachen.DE
Address: 134.130.4.1

Name: google.com
Addresses: 209.85.148.104
209.85.148.105
209.85.148.106
209.85.148.147
209.85.148.99
209.85.148.103


Pinging google.com [209.85.148.103] with 32 bytes of data:
Reply from 209.85.148.103: bytes=32 time=13ms TTL=54
Reply from 209.85.148.103: bytes=32 time=22ms TTL=54

Ping statistics for 209.85.148.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 22ms, Average = 17ms
Server: dns1.rz.RWTH-Aachen.DE
Address: 134.130.4.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=181ms TTL=53
Reply from 72.30.2.43: bytes=32 time=189ms TTL=53

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 181ms, Maximum = 189ms, Average = 185ms

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
27...00 25 9c dc a2 ee ......Linksys WUSB600N Wireless-N USB Network Adapter with Dual-Band ver. 2
12...00 25 b3 68 47 87 ......Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...00 26 5e 0d d2 80 ......Broadcom 802.11g Network Adapter
23...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
25...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
34...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
33...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
29...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
28...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
31...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #9
30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
35...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
38...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
36...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
41...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
40...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
42...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #18
43...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
44...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #19
58...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 134.61.64.1 134.61.75.141 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
134.61.64.0 255.255.224.0 On-link 134.61.75.141 286
134.61.75.141 255.255.255.255 On-link 134.61.75.141 286
134.61.95.255 255.255.255.255 On-link 134.61.75.141 286
169.254.0.0 255.255.0.0 On-link 192.168.1.1 30
169.254.255.255 255.255.255.255 On-link 192.168.1.1 276
192.168.1.0 255.255.255.0 On-link 192.168.1.1 276
192.168.1.1 255.255.255.255 On-link 192.168.1.1 276
192.168.1.255 255.255.255.255 On-link 192.168.1.1 276
192.168.91.0 255.255.255.0 On-link 192.168.91.1 276
192.168.91.1 255.255.255.255 On-link 192.168.91.1 276
192.168.91.255 255.255.255.255 On-link 192.168.91.1 276
192.168.253.0 255.255.255.0 On-link 192.168.253.1 276
192.168.253.1 255.255.255.255 On-link 192.168.253.1 276
192.168.253.255 255.255.255.255 On-link 192.168.253.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.1 276
224.0.0.0 240.0.0.0 On-link 192.168.91.1 276
224.0.0.0 240.0.0.0 On-link 192.168.253.1 276
224.0.0.0 240.0.0.0 On-link 134.61.75.141 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.1 276
255.255.255.255 255.255.255.255 On-link 192.168.91.1 276
255.255.255.255 255.255.255.255 On-link 192.168.253.1 276
255.255.255.255 255.255.255.255 On-link 134.61.75.141 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
43 1140 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
43 1040 2002::/16 On-link
43 296 2002:863d:4b8d::/128 On-link
43 296 2002:863d:4b8d::863d:4b8d/128
On-link
12 20 2002:863d:4b8d:c::/64 On-link
12 276 2002:863d:4b8d:c::/128 On-link
12 276 2002:863d:4b8d:c:6141:8272:55c4:b85/128
On-link
12 276 2002:863d:4b8d:c:c9eb:4836:84dd:ca7a/128
On-link
27 30 2002:863d:4b8d:1b::/64 On-link
12 276 fe80::/64 On-link
23 276 fe80::/64 On-link
25 276 fe80::/64 On-link
27 286 fe80::/64 On-link
23 276 fe80::447d:12d0:1faf:55f5/128
On-link
12 276 fe80::6141:8272:55c4:b85/128
On-link
27 286 fe80::ac30:c46:a080:7e83/128
On-link
25 276 fe80::b19b:3ffb:1e2c:a84a/128
On-link
12 20 fec0:0:0:c::/64 On-link
12 276 fec0:0:0:c::/128 On-link
12 276 fec0::c:6141:8272:55c4:b85/128
On-link
27 30 fec0:0:0:1b::/64 On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
23 276 ff00::/8 On-link
25 276 ff00::/8 On-link
27 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/30/2011 07:45:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0f0c4b39
Faulting process id: 0xff8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2011 04:31:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xc4840f0d
Faulting process id: 0xf78
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2011 03:49:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x8dd2b60f
Faulting process id: 0x5c4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2011 03:35:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffa0fd4
Faulting process id: 0x1170
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2011 01:35:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xff006a00
Faulting process id: 0x498
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2011 01:04:40 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xb025ff90
Faulting process id: 0x1778
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/29/2011 10:56:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xaa002000
Faulting process id: 0x14b8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/29/2011 02:26:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xb60f08e8
Faulting process id: 0x14e4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/29/2011 01:55:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x38b1ff10
Faulting process id: 0x16e8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/28/2011 03:01:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x00027a5b
Faulting process id: 0x4f4
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3


System errors:
=============
Error: (07/30/2011 08:40:26 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/30/2011 08:34:01 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2011 08:27:26 PM) (Source: ipnathlp) (User: )
Description:

Error: (07/30/2011 08:15:19 PM) (Source: ipnathlp) (User: )
Description:

Error: (07/30/2011 07:49:05 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2011 07:37:34 PM) (Source: ipnathlp) (User: )
Description:

Error: (07/30/2011 07:25:26 PM) (Source: ipnathlp) (User: )
Description:

Error: (07/30/2011 07:18:58 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2011 07:03:58 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2011 06:47:44 PM) (Source: ipnathlp) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (05/20/2011 10:05:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41323 seconds with 7740 seconds of active time. This session ended with a crash.

Error: (02/20/2011 10:47:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3949 seconds with 240 seconds of active time. This session ended with a crash.

Error: (02/14/2010 08:21:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6707 seconds with 4020 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 1015.3 MB
Available physical RAM: 233.18 MB
Total Pagefile: 3015.3 MB
Available Pagefile: 1643.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:30 GB) (Free:7.01 GB) NTFS
2 Drive d: () (Fixed) (Total:119.04 GB) (Free:99.55 GB) NTFS

========================= Users: ========================================

User accounts for \\ANANDA-PC

__vmware_user__ Administrator Ananda
Guest


== End of log ==

#5 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 08:31 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7327

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/07/2011 21:13:45
mbam-log-2011-07-30 (21-13-45).txt

Scan type: Quick scan
Objects scanned: 167514
Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 08:32 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-31 15:20:16
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160314AS rev.P003HPM1
Running: ljfewyvy.exe; Driver: C:\Users\Ananda\AppData\Local\Temp\pwdiqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E98579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EBCF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text kdcom.dll!KdSendPacket 81CB6047 28 Bytes [66, 39, 45, FC, 75, 05, 83, ...]
.text kdcom.dll!KdSendPacket 81CB6064 7 Bytes [55, 8B, EC, 81, EC, 6C, 01]
.text kdcom.dll!KdSendPacket 81CB606C 1 Byte [00]
.text kdcom.dll!KdSendPacket 81CB606C 33 Bytes [00, 53, 57, 33, C0, 33, DB, ...]
.text kdcom.dll!KdSendPacket 81CB608E 33 Bytes [83, C4, 0C, 66, 39, 07, 74, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 14 81CB60B0 25 Bytes [55, 10, 03, CF, 56, 8B, 71, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 2E 81CB60CA 31 Bytes [00, 8B, 71, 1C, 8D, 14, 96, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 4F 81CB60EB 86 Bytes [6A, 2E, 56, FF, 15, B4, 52, ...]
.text kdcom.dll!KdDebuggerInitialize0 + A7 81CB6143 7 Bytes [A5, A4, 33, F6, 8D, BB, 90]
.text kdcom.dll!KdDebuggerInitialize0 + AF 81CB614B 11 Bytes [00, 00, 8B, C7, 8D, 50, 02, ...]
.text kdcom.dll!KdDebuggerInitialize1 + 7 81CB6157 26 Bytes [02, 66, 85, C9, 75, F5, 2B, ...]
.text kdcom.dll!KdRestore + 2 81CB6172 55 Bytes [15, AC, 52, CB, 81, 59, 59, ...]
.text kdcom.dll!KdRestore + 3A 81CB61AA 17 Bytes CALL 81CB6061 \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
.text kdcom.dll!KdRestore + 4C 81CB61BC 25 Bytes [C7, 8D, 50, 02, 66, 8B, 08, ...]
.text kdcom.dll!KdRestore + 66 81CB61D6 22 Bytes [10, 46, 81, C7, AC, 00, 00, ...]
.text kdcom.dll!KdRestore + 7D 81CB61ED 24 Bytes [8D, 50, 01, 8A, 08, 40, 84, ...]
.text ...
.text kdcom.dll!KdReceivePacket + 48 81CB6348 24 Bytes [02, 74, 26, 8D, 4D, F4, 51, ...]
.text kdcom.dll!KdReceivePacket + 61 81CB6361 38 Bytes [FD, FF, FF, 89, 45, EC, 85, ...]
.text kdcom.dll!KdReceivePacket + 88 81CB6388 29 Bytes JMP 81CB62B1 \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation)
.text kdcom.dll!KdReceivePacket + A6 81CB63A6 118 Bytes [B7, 58, 0E, 00, 00, FF, 15, ...]
.text kdcom.dll!KdReceivePacket + 11E 81CB641E 16 Bytes [83, C4, 0C, FF, 75, 08, FF, ...] {ADD ESP, 0xc; PUSH DWORD [EBP+0x8]; CALL [0x81cb52a8]; MOV ESI, EAX; TEST ESI, ESI}
.text ...
.text kdcom.dll!KdSendPacket + 9A 81CB6616 98 Bytes [4D, 07, 5A, 77, 43, 6C, 6F, ...]
.text kdcom.dll!KdSendPacket + FD 81CB6679 32 Bytes [05, 52, 74, 6C, 49, 6D, 61, ...]
.text kdcom.dll!KdSendPacket + 11E 81CB669A 197 Bytes [45, 78, 41, 6C, 6C, 6F, 63, ...]
.text kdcom.dll!KdSendPacket + 1E4 81CB6760 41 Bytes [25, 06, 00, 00, 31, 06, 00, ...]
.text kdcom.dll!KdSendPacket + 20E 81CB678A 1 Byte [01]
.text ...
? System32\Drivers\spef.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8B235CA0 5 Bytes JMP 84D484B8
? C:\Users\Ananda\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1644] kernel32.dll!SetUnhandledExceptionFilter 75373142 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!CreateWindowExW 765D0E51 5 Bytes JMP 6D297AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamW 765F4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamW 765F4AA7 5 Bytes JMP 6D3E58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamW 765F564A 5 Bytes JMP 6D1B490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamA 7660CF6A 5 Bytes JMP 6D3E5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamA 7660D29C 5 Bytes JMP 6D3E590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectA 7661E8C9 5 Bytes JMP 6D3E57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectW 7661E9C3 5 Bytes JMP 6D3E5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExA 7661EA29 5 Bytes JMP 6D3E5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExW 7661EA4D 5 Bytes JMP 6D3E56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ole32.dll!OleLoadFromStream 767B5B88 5 Bytes JMP 6D3E5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WININET.dll!HttpAddRequestHeadersA 75829AFA 5 Bytes JMP 012A6840
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WININET.dll!HttpAddRequestHeadersW 75830888 5 Bytes JMP 012A6A4B
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!closesocket 75923BED 5 Bytes JMP 0054000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!recv 759247DF 5 Bytes JMP 0052000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!connect 759248BE 5 Bytes JMP 0053000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!getaddrinfo 75926737 5 Bytes JMP 013B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!send 7592C4C8 5 Bytes JMP 0131000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!gethostbyname 75937133 5 Bytes JMP 0136000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!UnhookWindowsHookEx 765CCC7B 5 Bytes JMP 6D2A7E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!CallNextHookEx 765CCC8F 5 Bytes JMP 6D2894EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!CreateWindowExW 765D0E51 5 Bytes JMP 6D297AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!SetWindowsHookExW 765D210A 5 Bytes JMP 6D244243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamW 765F4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamW 765F4AA7 5 Bytes JMP 6D3E58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamW 765F564A 5 Bytes JMP 6D1B490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamA 7660CF6A 5 Bytes JMP 6D3E5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamA 7660D29C 5 Bytes JMP 6D3E590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectA 7661E8C9 5 Bytes JMP 6D3E57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectW 7661E9C3 5 Bytes JMP 6D3E5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExA 7661EA29 5 Bytes JMP 6D3E5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExW 7661EA4D 5 Bytes JMP 6D3E56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ole32.dll!OleLoadFromStream 767B5B88 5 Bytes JMP 6D3E5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ole32.dll!CoCreateInstance 768057FC 5 Bytes JMP 6D298595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WS2_32.dll!closesocket 75923BED 5 Bytes JMP 004D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WS2_32.dll!recv 759247DF 5 Bytes JMP 004B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WS2_32.dll!connect 759248BE 5 Bytes JMP 004C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WS2_32.dll!getaddrinfo 75926737 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WS2_32.dll!send 7592C4C8 5 Bytes JMP 004E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WS2_32.dll!gethostbyname 75937133 5 Bytes JMP 004F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WININET.dll!HttpAddRequestHeadersA 75829AFA 5 Bytes JMP 01326840
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] WININET.dll!HttpAddRequestHeadersW 75830888 5 Bytes JMP 01326A4B

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 848081F8
Device \Driver\usbhub \Device\0000008e hcmon.sys
Device \Driver\usbhub \Device\0000008f hcmon.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0C782E1-BA3D-4895-85E3-CFB64053361B} 84AEC1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys

Device \Driver\volmgr \Device\VolMgrControl 83B421F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C9DCDBF-2BC5-4DD7-AD51-8FD41389251C} 84AEC1F8
Device \Driver\usbuhci \Device\USBPDO-0 84D59500
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 84D59500
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 84D59500
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 84D59500
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-4 84DAA500
Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys
Device \Driver\ACPI_HAL \Device\00000070 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 83B421F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume2 83B421F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 848061F8
Device \Driver\atapi \Device\Ide\IdePort0 848061F8
Device \Driver\atapi \Device\Ide\IdePort1 848061F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FC951335-0EDC-482C-8E94-6A0950AB78EF} 84AEC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{25351A11-688D-4C55-A282-5C046829D6AF} 84AEC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84AEC1F8
Device \Driver\usbhub \Device\00000090 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 84D59500
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 84D59500
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 84D59500
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 84D59500
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{598B78DA-1FCB-4100-ABE8-D1F1BCF262AB} 84AEC1F8
Device \Driver\usbehci \Device\USBFDO-4 84DAA500
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbhub \Device\0000008c hcmon.sys
Device \Driver\usbhub \Device\0000008d hcmon.sys

---- Threads - GMER 1.0.15 ----

Thread System [4:216] 8499A0B3
Thread System [4:228] 8499B7FB

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????? ??????????? ?B?*?????13???????????????.??????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????F??????25??? ???????????????????l?1?????????????????????????????o???E??????????storage\volume????????\?????????????????????????????????USB\Class_08&SubClass_06&Prot_50?USB\Class_08&SubClass_06?USB\Class_08??????USB\VID_1221&PID_3234&REV_0000?USB\VID_1221&PID_3234??????N??????5?????DA-??Microsoft???6.1.7600.16385??????{36fc9e60-c465-11cf-8056-444553540000}??????? l?????????????????????????usb.inf:Generic.Section.NTx86:Composite.Dev:6.1.7600.16385:usb\composite?c??????????????????????vi???????????k?n?????????????????????????????????f?????s? ???????????6??NN?????????????????s????? 4?????????????s?????~??????????????????????5??0?????????!??????????????????????????????e??usb\class_08&subclass_06&prot_50????volume.inf?????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x50 0x38 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ?????l????????????????????????????????????X??????1???8??gendisk?????? "??????????????????????????}???????~???????????v??????????c.??????? ???????A???????????????????? ??????????????????????????D??????????? ??????????????????????? ???????}???????????U????????"?????????????A-??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|???????j????????????n??????X??????|???t????X??????&???&???????<?????????????<?????????????{???????????????????????????????.??????il????$?????????????????????????6-21-2006???6-21-2006???????????????????6.1.7600.16385????????????????????????????????N?????????????????Generic volume???????????????????????????????v???t???????????????????B?????e1B??? ???????E??????e ??78??? ???????}???????????f????????"?????????????p6??????????????????.NT?um???????????????????????i?????5???????????????????????????d??????????????????????n?????? ?????
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x50 0x38 0x98 ...

---- EOF - GMER 1.0.15 ----

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:30 PM

Posted 31 July 2011 - 10:49 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#8 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 11:37 AM

It detected a rootkit and ask for restart.

The netbook reboot and stuck at blank dark screen, there is HDD led activity indication but it just black, what should i do now :(

After i force restart it, its ok now, I can get back onto Windows. Should i scan again? below are the log

Edited by usern, 31 July 2011 - 11:55 AM.


#9 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 11:51 AM

2011/07/31 18:09:42.0869 5368 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/07/31 18:09:43.0461 5368 ================================================================================
2011/07/31 18:09:43.0461 5368 SystemInfo:
2011/07/31 18:09:43.0462 5368
2011/07/31 18:09:43.0462 5368 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/31 18:09:43.0462 5368 Product type: Workstation
2011/07/31 18:09:43.0462 5368 ComputerName: ANANDA-PC
2011/07/31 18:09:43.0463 5368 UserName: Ananda
2011/07/31 18:09:43.0463 5368 Windows directory: C:\Windows
2011/07/31 18:09:43.0463 5368 System windows directory: C:\Windows
2011/07/31 18:09:43.0463 5368 Processor architecture: Intel x86
2011/07/31 18:09:43.0463 5368 Number of processors: 2
2011/07/31 18:09:43.0463 5368 Page size: 0x1000
2011/07/31 18:09:43.0463 5368 Boot type: Normal boot
2011/07/31 18:09:43.0463 5368 ================================================================================
2011/07/31 18:09:46.0302 5368 Initialize success
2011/07/31 18:09:52.0194 5492 ================================================================================
2011/07/31 18:09:52.0194 5492 Scan started
2011/07/31 18:09:52.0194 5492 Mode: Manual;
2011/07/31 18:09:52.0194 5492 ================================================================================
2011/07/31 18:09:55.0192 5492 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/31 18:09:55.0529 5492 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/31 18:09:55.0788 5492 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/31 18:09:56.0115 5492 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/31 18:09:56.0585 5492 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/31 18:09:56.0876 5492 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/31 18:09:57.0231 5492 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/07/31 18:09:57.0534 5492 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/31 18:09:57.0843 5492 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/31 18:09:58.0128 5492 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/31 18:09:58.0316 5492 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/31 18:09:58.0787 5492 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/31 18:09:59.0155 5492 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/31 18:09:59.0466 5492 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/31 18:10:00.0513 5492 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/31 18:10:00.0942 5492 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/31 18:10:01.0127 5492 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/31 18:10:01.0389 5492 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/31 18:10:01.0684 5492 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/31 18:10:01.0893 5492 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/31 18:10:02.0065 5492 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/31 18:10:02.0358 5492 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/31 18:10:02.0727 5492 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/31 18:10:02.0947 5492 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/31 18:10:03.0408 5492 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/31 18:10:03.0817 5492 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/31 18:10:04.0082 5492 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/31 18:10:04.0396 5492 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/31 18:10:04.0631 5492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/31 18:10:04.0757 5492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/31 18:10:04.0968 5492 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/31 18:10:05.0113 5492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/31 18:10:05.0296 5492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/31 18:10:05.0421 5492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/31 18:10:05.0566 5492 BTATH_BUS (8f503c5857e4ba3126e4dddd63d44403) C:\Windows\system32\DRIVERS\btath_bus.sys
2011/07/31 18:10:05.0967 5492 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/31 18:10:06.0413 5492 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/31 18:10:06.0672 5492 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/31 18:10:07.0085 5492 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/31 18:10:07.0190 5492 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/31 18:10:07.0435 5492 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/31 18:10:07.0848 5492 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/31 18:10:08.0054 5492 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/31 18:10:08.0371 5492 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/31 18:10:08.0618 5492 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/31 18:10:08.0806 5492 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/31 18:10:09.0083 5492 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/07/31 18:10:09.0633 5492 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/07/31 18:10:09.0964 5492 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/31 18:10:10.0200 5492 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/31 18:10:10.0685 5492 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/31 18:10:11.0073 5492 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/31 18:10:11.0758 5492 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
2011/07/31 18:10:12.0423 5492 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/31 18:10:12.0937 5492 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/07/31 18:10:13.0420 5492 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/31 18:10:13.0880 5492 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/07/31 18:10:14.0125 5492 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/31 18:10:14.0544 5492 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/31 18:10:14.0777 5492 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/31 18:10:15.0032 5492 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/31 18:10:15.0265 5492 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/31 18:10:15.0562 5492 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/31 18:10:15.0948 5492 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/31 18:10:16.0246 5492 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/31 18:10:16.0504 5492 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/31 18:10:16.0687 5492 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/31 18:10:16.0891 5492 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/31 18:10:17.0320 5492 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/31 18:10:17.0740 5492 hcmon (51fa91bb463b15fd8eacd5045c3f2fa6) C:\Windows\system32\drivers\hcmon.sys
2011/07/31 18:10:18.0016 5492 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/31 18:10:18.0201 5492 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/31 18:10:18.0627 5492 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/31 18:10:18.0790 5492 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/31 18:10:19.0112 5492 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/31 18:10:19.0369 5492 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/31 18:10:19.0635 5492 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/31 18:10:19.0959 5492 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/31 18:10:20.0295 5492 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/31 18:10:20.0643 5492 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/31 18:10:21.0050 5492 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/31 18:10:21.0304 5492 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/31 18:10:21.0855 5492 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/31 18:10:22.0289 5492 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/31 18:10:22.0599 5492 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/31 18:10:22.0932 5492 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/31 18:10:23.0279 5492 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/31 18:10:23.0605 5492 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/31 18:10:23.0831 5492 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/31 18:10:24.0057 5492 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/31 18:10:24.0277 5492 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/31 18:10:24.0623 5492 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/31 18:10:24.0900 5492 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/31 18:10:25.0160 5492 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/31 18:10:25.0464 5492 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/31 18:10:25.0615 5492 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/31 18:10:25.0914 5492 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
2011/07/31 18:10:26.0390 5492 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/31 18:10:26.0708 5492 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/31 18:10:26.0990 5492 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/31 18:10:27.0260 5492 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/31 18:10:27.0574 5492 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/31 18:10:27.0883 5492 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/31 18:10:28.0236 5492 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/31 18:10:28.0556 5492 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/31 18:10:28.0942 5492 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/31 18:10:29.0239 5492 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/31 18:10:29.0465 5492 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/31 18:10:29.0709 5492 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/31 18:10:29.0925 5492 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/31 18:10:30.0167 5492 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/31 18:10:30.0349 5492 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/31 18:10:30.0705 5492 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/31 18:10:30.0937 5492 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/31 18:10:31.0344 5492 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/31 18:10:31.0572 5492 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/31 18:10:31.0820 5492 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/31 18:10:32.0157 5492 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/31 18:10:33.0075 5492 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/31 18:10:33.0401 5492 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/31 18:10:33.0735 5492 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/31 18:10:34.0182 5492 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/31 18:10:34.0336 5492 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/31 18:10:34.0523 5492 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/31 18:10:34.0702 5492 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/31 18:10:34.0882 5492 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/31 18:10:35.0176 5492 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/31 18:10:35.0518 5492 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/31 18:10:35.0946 5492 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/31 18:10:36.0255 5492 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/31 18:10:36.0535 5492 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/07/31 18:10:36.0708 5492 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/31 18:10:37.0100 5492 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/31 18:10:37.0329 5492 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/31 18:10:37.0860 5492 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/31 18:10:38.0244 5492 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/31 18:10:38.0548 5492 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/31 18:10:38.0864 5492 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/31 18:10:39.0421 5492 netr28u (105a0947e6e01e5a6b76dad87547cd89) C:\Windows\system32\DRIVERS\netr28u.sys
2011/07/31 18:10:39.0769 5492 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/31 18:10:40.0115 5492 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
2011/07/31 18:10:40.0313 5492 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/31 18:10:40.0611 5492 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/31 18:10:41.0347 5492 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/07/31 18:10:41.0718 5492 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/31 18:10:42.0061 5492 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/31 18:10:42.0410 5492 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/31 18:10:42.0760 5492 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/31 18:10:43.0210 5492 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/31 18:10:43.0433 5492 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/31 18:10:43.0716 5492 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/31 18:10:44.0226 5492 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/31 18:10:44.0492 5492 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/31 18:10:44.0769 5492 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/31 18:10:45.0092 5492 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/31 18:10:45.0473 5492 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/31 18:10:45.0798 5492 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/31 18:10:46.0228 5492 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/07/31 18:10:46.0503 5492 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/31 18:10:46.0726 5492 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/31 18:10:47.0074 5492 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/31 18:10:47.0271 5492 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/07/31 18:10:47.0572 5492 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/31 18:10:47.0945 5492 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/31 18:10:48.0129 5492 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/31 18:10:48.0488 5492 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/31 18:10:48.0741 5492 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/31 18:10:49.0047 5492 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/31 18:10:49.0307 5492 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/31 18:10:49.0503 5492 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/31 18:10:49.0664 5492 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/31 18:10:50.0021 5492 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/31 18:10:50.0238 5492 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/31 18:10:50.0398 5492 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/31 18:10:50.0577 5492 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/31 18:10:50.0813 5492 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/31 18:10:51.0010 5492 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/31 18:10:51.0174 5492 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/31 18:10:51.0542 5492 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/31 18:10:51.0817 5492 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/31 18:10:52.0186 5492 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/31 18:10:52.0334 5492 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/31 18:10:52.0630 5492 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/31 18:10:52.0833 5492 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/31 18:10:53.0079 5492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/31 18:10:53.0347 5492 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/31 18:10:53.0611 5492 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/31 18:10:53.0958 5492 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/31 18:10:54.0481 5492 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/31 18:10:54.0692 5492 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/31 18:10:54.0933 5492 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/31 18:10:55.0128 5492 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/31 18:10:55.0463 5492 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/31 18:10:55.0890 5492 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/31 18:10:56.0239 5492 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/31 18:10:56.0855 5492 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/31 18:10:57.0229 5492 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/31 18:10:57.0797 5492 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/07/31 18:10:57.0797 5492 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/07/31 18:10:57.0831 5492 sptd - detected LockedFile.Multi.Generic (1)
2011/07/31 18:10:57.0951 5492 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/07/31 18:10:58.0374 5492 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/31 18:10:58.0836 5492 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/31 18:10:59.0855 5492 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/31 18:11:00.0237 5492 STHDA (666954876b4c973eee61b1b2332b58c4) C:\Windows\system32\DRIVERS\stwrt.sys
2011/07/31 18:11:00.0636 5492 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/31 18:11:01.0003 5492 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/31 18:11:01.0268 5492 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/31 18:11:01.0815 5492 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/07/31 18:11:02.0338 5492 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/31 18:11:02.0645 5492 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/31 18:11:03.0191 5492 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/31 18:11:03.0455 5492 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/31 18:11:03.0759 5492 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/31 18:11:04.0046 5492 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/31 18:11:04.0329 5492 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/31 18:11:04.0757 5492 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/31 18:11:05.0348 5492 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/31 18:11:05.0662 5492 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/31 18:11:06.0169 5492 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/31 18:11:06.0485 5492 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/31 18:11:07.0008 5492 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/31 18:11:08.0926 5492 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/07/31 18:11:09.0230 5492 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/31 18:11:09.0633 5492 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/31 18:11:10.0063 5492 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/31 18:11:10.0439 5492 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/31 18:11:10.0700 5492 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/31 18:11:11.0057 5492 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/31 18:11:11.0333 5492 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/31 18:11:11.0627 5492 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/31 18:11:11.0957 5492 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/31 18:11:12.0216 5492 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/31 18:11:12.0524 5492 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/31 18:11:12.0685 5492 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/31 18:11:12.0881 5492 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/31 18:11:13.0069 5492 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/31 18:11:13.0448 5492 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/31 18:11:13.0614 5492 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/31 18:11:13.0894 5492 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/31 18:11:14.0093 5492 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/31 18:11:14.0450 5492 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/31 18:11:14.0584 5492 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/31 18:11:14.0686 5492 vmci (6f5d703bf312cb6cda78948763cb1e0d) C:\Windows\system32\Drivers\vmci.sys
2011/07/31 18:11:14.0790 5492 vmkbd (27df4aece721961f9c9064a31790f2ea) C:\Windows\system32\drivers\VMkbd.sys
2011/07/31 18:11:14.0903 5492 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/07/31 18:11:15.0231 5492 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/07/31 18:11:15.0723 5492 VMnetuserif (ea10f0c9333388d2ecc4068efb8c366d) C:\Windows\system32\drivers\vmnetuserif.sys
2011/07/31 18:11:16.0074 5492 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
2011/07/31 18:11:16.0483 5492 vmx86 (35dc7079a413484423750db5d40b8ea6) C:\Windows\system32\Drivers\vmx86.sys
2011/07/31 18:11:16.0713 5492 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/31 18:11:16.0962 5492 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/31 18:11:17.0379 5492 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/31 18:11:17.0753 5492 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/31 18:11:18.0176 5492 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
2011/07/31 18:11:18.0371 5492 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/31 18:11:18.0603 5492 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/31 18:11:19.0155 5492 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/31 18:11:19.0540 5492 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/31 18:11:19.0830 5492 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/31 18:11:20.0034 5492 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/31 18:11:20.0693 5492 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/31 18:11:20.0868 5492 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/31 18:11:21.0314 5492 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/31 18:11:21.0474 5492 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/31 18:11:22.0707 5492 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/31 18:11:22.0939 5492 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/31 18:11:23.0328 5492 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/31 18:11:23.0989 5492 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/31 18:11:24.0300 5492 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/31 18:11:24.0635 5492 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/31 18:11:24.0682 5492 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/31 18:11:24.0728 5492 Boot (0x1200) (a1b2511a238ed0cdd7bc40b9ba330510) \Device\Harddisk0\DR0\Partition0
2011/07/31 18:11:24.0831 5492 Boot (0x1200) (0b010a2b678258878a458f2935000e63) \Device\Harddisk0\DR0\Partition1
2011/07/31 18:11:24.0856 5492 ================================================================================
2011/07/31 18:11:24.0856 5492 Scan finished
2011/07/31 18:11:24.0856 5492 ================================================================================
2011/07/31 18:11:24.0933 5924 Detected object count: 2
2011/07/31 18:11:24.0933 5924 Actual detected object count: 2
2011/07/31 18:11:52.0272 5924 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/31 18:11:52.0707 5924 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/31 18:11:52.0737 5924 \Device\Harddisk0\DR0 - ok
2011/07/31 18:11:52.0840 5924 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/31 18:12:30.0942 1144 Deinitialize success

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:30 PM

Posted 31 July 2011 - 01:08 PM

Very good :)

How is computer doing?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#11 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 04:25 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8AE13000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81E13000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x81E13000 PnpManager 4259840 bytes
0x81E13000 RAW 4259840 bytes
0x81E13000 WMIxWDM 4259840 bytes
0x8D290000 Win32k 2408448 bytes
0x8D290000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x86C9D000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x86A2D000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8B66B000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1146880 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8669C000 PCI_PNP0682 1052672 bytes
0x8669C000 sptd 1052672 bytes
0x8669C000 C:\Windows\System32\Drivers\spyq.sys 1052672 bytes
0xA6E11000 C:\Windows\system32\Drivers\vmx86.sys 847872 bytes (VMware, Inc., VMware kernel driver)
0xA7864000 C:\Windows\system32\DRIVERS\netr28u.sys 770048 bytes (Ralink Technology Corp., Ralink 802.11n Wireless Adapter Driver)
0x8B31C000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x86926000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8650C000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x8DA76000 C:\Windows\system32\DRIVERS\eamonm.sys 679936 bytes (ESET, Amon monitor)
0xA6EF9000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA4226000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x86439000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8661D000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8A59B000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x86B9A000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8A415000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA7812000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x8F138000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA4381000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D540000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8B7A8000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x86836000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x865B7000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8DB54000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8F0E3000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x864CA000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A53A000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x86E30000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x86C3A000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA42F9000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B613000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82223000 ACPI_HAL 225280 bytes
0x82223000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x868E1000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F091000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x86EBC000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8A46F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x86C00000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F188000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86E77000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x86B5C000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x86400000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA7920000 C:\Windows\System32\drivers\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x867A6000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x86EFF000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x86C78000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8DA2C000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x868B5000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA42D6000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8F01D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A512000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA6F9A000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x869DD000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86FAE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x86F83000 C:\Windows\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)
0x8B64C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8A4B1000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D520000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DA5B000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA4334000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8DB1C000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA42AB000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F1B7000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0xA6EE0000 C:\Windows\system32\DRIVERS\epfwwfpr.sys 102400 bytes (ESET, ESET Personal Firewall driver)
0x86F56000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B3D3000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x86812000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F03F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F057000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F06E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x86E0E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x86F24000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x86896000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0xA6FDC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x86B87000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8DBBE000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8A4EF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86800000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x86DE6000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA42C4000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x86EEE000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F000000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x86915000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F127000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x867DF000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x864B1000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A4D0000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8B78D000 C:\Windows\system32\DRIVERS\L1C62x86.sys 65536 bytes (Atheros Communications, Inc., Atheros L1c PCI-E Gigabit Ethernet Controller)
0x8DB44000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x86EA4000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8DB9A000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8A502000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0xA4371000 C:\Windows\system32\Drivers\vmci.sys 65536 bytes (VMware, Inc., VMware kernel driver)
0x8660B000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8B600000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8A400000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8A4E1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x86E00000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x86888000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x86A00000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8F0CF000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8DB36000 C:\Windows\system32\DRIVERS\vmnetbridge.sys 57344 bytes (VMware, Inc., VMware bridge driver (32-bit))
0x8668E000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x86A17000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8F1D0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8B7F3000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B3F0000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA6FBB000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x86FCF000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8A58F000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0xA6E00000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x86FA2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86600000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8F1DD000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0xA6FD1000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8DA50000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x86FF4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8682A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x86E25000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B79D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x867D4000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8F0C5000 C:\Windows\system32\DRIVERS\btath_bus.sys 40960 bytes (Atheros, Atheros BUS driver)
0x8F013000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xA4367000 C:\Windows\system32\drivers\hcmon.sys 40960 bytes (VMware, Inc., VMware USB monitor)
0x8A585000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8A57B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8DBAA000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0x8DBB4000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0x8F085000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA6F90000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B783000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x868D8000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x868AC000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA79CD000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8F1E8000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x86A0E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D4F0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x86C31000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8AE00000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8679D000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A4A1000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x864C2000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x867F0000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x86EB4000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x81CB6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x867CC000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x86FDC000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86FE4000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x86FEC000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x86E6F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x86F7C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0xA6FEF000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x86881000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x86F75000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A4AA000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8A534000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8B3EB000 C:\Windows\system32\drivers\VMkbd.sys 20480 bytes (VMware, Inc., VMware keyboard filter driver (32-bit))
0xA6FC8000 C:\Windows\system32\drivers\vmnetuserif.sys 20480 bytes (VMware, Inc., VMware network application interface driver (32-bit))
0x8B60F000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA6FCD000 C:\Program Files\VMware\VMware Player\vstor2-ws60.sys 16384 bytes (VMware, Inc., VMware Virtual Storage Volume Driver)
0x8F0E0000 C:\Windows\system32\DRIVERS\VMNET.SYS 12288 bytes (VMware, Inc., VMware virtual network driver (32-bit))
0x8F0DD000 C:\Windows\system32\DRIVERS\vmnetadapter.sys 12288 bytes (VMware, Inc., VMware virtual network adapter driver (32-bit))
0xA79CB000 C:\Windows\system32\drivers\MSPCLOCK.sys 8192 bytes (Microsoft Corporation, MS Proxy Clock)
0xA79C9000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0x8F08F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F011000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x844091F8 unknown_irp_handler 3592 bytes
0x844071F8 unknown_irp_handler 3592 bytes
0x844081F8 unknown_irp_handler 3592 bytes
0x8497B1F8 unknown_irp_handler 3592 bytes
0x846AE1F8 unknown_irp_handler 3592 bytes
0x837421F8 unknown_irp_handler 3592 bytes
0x851391F8 unknown_irp_handler 3592 bytes
0x845A1500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x84843F13 Unknown page with executable code, 237 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x847BCDA4 Unknown page with executable code, 604 bytes
0x847C4D46 Unknown page with executable code, 698 bytes

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:30 PM

Posted 31 July 2011 - 04:28 PM

You didn't say how computer is doing.

Please re-run GMER and post fresh log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#13 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 05:50 PM

You didn't say how computer is doing.

Please re-run GMER and post fresh log.


My computer was able to start, no signs of the Internet Explorer pop up now
Just a little shock when it was unable to boot. Thanks for your help and concern =)
Now running GMER

#14 usern

usern
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 July 2011 - 09:04 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-01 04:02:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160314AS rev.P003HPM1
Running: ljfewyvy.exe; Driver: C:\Users\Ananda\AppData\Local\Temp\pwdiqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81E56569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E7B092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spyq.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8B7CCCA0 3 Bytes JMP 849171D8
.text USBPORT.SYS!DllUnload + 4 8B7CCCA4 1 Byte [F9]
.text peauth.sys A6EFEC9D 28 Bytes [CF, EA, 09, 0C, 13, 24, A6, ...]
.text peauth.sys A6EFECC1 28 Bytes [CF, EA, 09, 0C, 13, 24, A6, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 775330E2 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!UnhookWindowsHookEx 7772CC7B 5 Bytes JMP 6D4783AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!CallNextHookEx 7772CC8F 5 Bytes JMP 6D459D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!CreateWindowExW 77730E51 5 Bytes JMP 6D468187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!SetWindowsHookExW 7773210A 5 Bytes JMP 6D41460B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxIndirectParamW 77754AA7 5 Bytes JMP 6D590240 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxParamW 7775564A 5 Bytes JMP 6D384B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxParamA 7776CF6A 5 Bytes JMP 6D5901DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxIndirectParamA 7776D29C 5 Bytes JMP 6D5902A3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxIndirectA 7777E8C9 5 Bytes JMP 6D590172 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxIndirectW 7777E9C3 5 Bytes JMP 6D590107 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxExA 7777EA29 5 Bytes JMP 6D5900A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxExW 7777EA4D 5 Bytes JMP 6D590043 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] ole32.dll!OleLoadFromStream 76E45BF6 5 Bytes JMP 6D59059E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] ole32.dll!CoCreateInstance 76E9590C 5 Bytes JMP 6D468C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!CreateWindowExW 77730E51 5 Bytes JMP 6D468187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxIndirectParamW 77754AA7 5 Bytes JMP 6D590240 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxParamW 7775564A 5 Bytes JMP 6D384B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxParamA 7776CF6A 5 Bytes JMP 6D5901DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxIndirectParamA 7776D29C 5 Bytes JMP 6D5902A3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxIndirectA 7777E8C9 5 Bytes JMP 6D590172 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxIndirectW 7777E9C3 5 Bytes JMP 6D590107 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxExA 7777EA29 5 Bytes JMP 6D5900A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxExW 7777EA4D 5 Bytes JMP 6D590043 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 844091F8
Device \Driver\usbhub \Device\0000008f hcmon.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0C782E1-BA3D-4895-85E3-CFB64053361B} 846AE1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys

Device \Driver\volmgr \Device\VolMgrControl 837421F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C9DCDBF-2BC5-4DD7-AD51-8FD41389251C} 846AE1F8
Device \Driver\usbuhci \Device\USBPDO-0 8497B1F8
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 8497B1F8
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 8497B1F8
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 8497B1F8
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-4 845A1500
Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume1 837421F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume2 837421F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 844071F8
Device \Driver\atapi \Device\Ide\IdePort0 844071F8
Device \Driver\atapi \Device\Ide\IdePort1 844071F8
Device \Driver\ACPI_HAL \Device\00000073 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{FC951335-0EDC-482C-8E94-6A0950AB78EF} 846AE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{25351A11-688D-4C55-A282-5C046829D6AF} 846AE1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 846AE1F8
Device \Driver\usbhub \Device\00000090 hcmon.sys
Device \Driver\usbhub \Device\00000091 hcmon.sys
Device \Driver\usbhub \Device\00000092 hcmon.sys
Device \Driver\usbhub \Device\00000093 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 8497B1F8
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 8497B1F8
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 8497B1F8
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 8497B1F8
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{598B78DA-1FCB-4100-ABE8-D1F1BCF262AB} 846AE1F8
Device \Driver\usbehci \Device\USBFDO-4 845A1500
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????n??????????????????WpdFs??osh??? ??????????????n???6.1.7600.16385??????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????6.1.7600.16385??????? ?????????????????????1????????????????????Extended Base????????????F???h???????????????????????????????????k??????s????????????g????????$???????????????????:??????0??????????????????? ??????? ??????s???????????????????????????????????????????s???USB???????t????????g????@usbport.inf,%generic.mfg%;(Standard USB Host Controller)????4?4?4?4?4?4?4??????????usb\root_hub20??????? ?????????????????????1????????????????????? ??????????????????????????????????????????????? ?????????????????????1????????????????????????????????????usb\root_hub20??????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1???????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ??????????????????????????N??????t?????|?v????????????????????????????????s???????????????????s????????????????????s????192.168.1.1?????vm??????????{4d36e972-e325-11ce-bfc1-08002be10318}????????f????????g?????????????????????????????-??????7-13-2009????????????????????????????????????????d???????d??? ???????m???????? ????.??"?????n?"?7???????????????????????????????????? ???????m???????? ????.??"?????n?)?7????????????????????????????0??USBSTOR\DiskGeneric_Flash_Disk______8.07?USBSTOR\DiskGeneric_Flash_Disk______?USBSTOR\DiskGeneric_?USBSTOR\Generic_Flash_Disk______8?Generic_Flash_Disk______8?USBSTOR\GenDisk?GenDisk?????????????????????s??????N?????????????????{4d36e967-e325-11ce-bfc1-08002be10318}?dis???????????????????????????l??????????????Ne??????????? ????????????????????????????????????~??????s??t ???????????????????????????i???????????s??????????????????????6-21-2006????????????z???7????N?????????????????? ???????e?????e?e????????????????????????????????????N??????2????DAC3?????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x50 0x38 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????l??????????????????????????????????????volume_snapshot_install?????????????????????????????????????????????????????????? ?????????????l???????.????????????????????????????????????????????????????????????????????????????????????{00000000-0000-0000-0000-000000000000}???????????j???????????????j????????????????????????????X?????????????????????????? ???????????????? ??????????? ?B? ??????????????????????h??usbstor.inf?????? ??????????????????USBSTOR_BULK????? ??????????????t????????|???????????????????????????????????????|???????h??? ??????????????????? ??????????????n???6.1.7600.16385??????? ????????????????????B?????????????????usb\class_08&subclass_06&prot_50????? 0?????????????????USB Mass Storage Device?????????????????????????????? ???????@???????????????????? ?????????????disk_install????? ???x??????????t????????|???????????????????x??????????????? ??????????????????Disk drive??????? ??????????????n???6.1.7600.16385???????????|??????????????????????????????????? ??????????????????? :????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ?????l????????????????????????????????????X??????1???8??gendisk?????? "??????????????????????????}???????~???????????v??????????c.??????? ???????A???????????????????? ??????????????????????????D??????????? ??????????????????????? ???????}???????????U????????"?????????????A-??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|?????? ??????????????s?????X??????|???t????X??????&???&???????<?????????????<????????? .??????5?????ect???????????????????.??????il????$?????????????????????????6-21-2006???6-21-2006???????????????????6.1.7600.16385????????????????????????????????N?????????????????Generic volume???????????????????????????????v???t???????????????????B?????e1B??? ???????E??????e ??78??? ???????}???????????f????????"?????????????p6??????????????????.NT?um???????????????????????i?????5???????????????????????????d??????????????????????n?????? ?????
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x50 0x38 0x98 ...

---- EOF - GMER 1.0.15 ----

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:30 PM

Posted 31 July 2011 - 11:23 PM

Good :)

Any current issues?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users