Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
MBAM
HJT (No abnormal entries)
MS Security Essentials
mwav
TDSSkiller
VundoFix
RootkitBuster
Combofix
kaspersky Vius Removal Tool
ESET Online Scanner
Spybot S&D
Rootkit Unhooker (No abnormal entries)
HitmanPro
aswMBR
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by User at 12:05:59 on 2011-08-06
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.559 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey -update
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CA7B8AC9-89DF-4E46-BE29-A15F81E127B1} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\cdqkk53v.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
============= SERVICES / DRIVERS ===============
.
R0 18185592;18185592;c:\windows\system32\drivers\18185592.sys [2011-8-3 133208]
R0 35723331;35723331;c:\windows\system32\drivers\35723331.sys [2011-8-5 133208]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ea2d930fbd80;Google Update Service (gupdate1c9ea2d930fbd80);c:\program files\google\update\GoogleUpdate.exe [2009-6-10 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-10 133104]
S3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\drivers\ser2rs.sys [2009-5-30 76288]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-06 15:35:42 -------- d-----w- c:\program files\ESET
2011-08-06 15:08:54 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-06 15:08:25 -------- d-----w- c:\programdata\Hitman Pro
2011-08-06 06:02:57 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-06 05:19:53 -------- d-----w- c:\users\user\appdata\local\temp
2011-08-06 05:19:10 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-06 04:33:25 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d6062ebc-e834-4829-8159-d56c1e38404f}\gapaengine.dll
2011-08-06 04:33:02 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc74f1e3-792b-4ffc-b9a7-34615df7b9e0}\mpengine.dll
2011-08-06 04:18:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-06 02:42:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 21:16:04 133208 ----a-w- c:\windows\system32\drivers\35723331.sys
2011-08-03 22:16:19 36726328 ----a-w- c:\windows\hklmSY.reg
2011-08-03 18:53:12 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-03 18:52:18 133208 ----a-w- c:\windows\system32\drivers\18185592.sys
2011-08-03 18:37:52 -------- d---a-w- c:\windows\VDLL.DLL
2011-08-03 18:37:52 -------- d---a-w- c:\windows\system32\runouce.exe
2011-08-03 18:37:52 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-08-03 18:37:52 -------- d---a-w- c:\windows\logo_1.exe
2011-08-03 18:24:59 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-03 18:24:58 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-03 18:24:57 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-08-03 18:24:53 -------- d-----w- c:\program files\common files\MicroWorld
2011-08-03 18:24:50 -------- d-----w- c:\programdata\MicroWorld
2011-07-29 02:04:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-29 02:04:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-28 16:55:04 -------- d-----w- c:\program files\Microsoft LifeCam
2011-07-28 16:55:01 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-28 16:55:01 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-28 16:09:04 98816 ----a-w- c:\windows\sed.exe
2011-07-28 16:09:04 518144 ----a-w- c:\windows\SWREG.exe
2011-07-28 16:09:04 256000 ----a-w- c:\windows\PEV.exe
2011-07-28 16:09:04 208896 ----a-w- c:\windows\MBR.exe
2011-07-28 15:24:12 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-07-28 00:45:30 0 ----a-w- c:\users\user\appdata\local\Tsapexijokiqov.bin
2011-07-27 23:30:55 63488 --sha-r- c:\windows\system32\msvcr71F.dll
2011-07-24 19:01:50 -------- d-----w- c:\programdata\SSScanAppDataDir
2011-07-24 19:01:15 -------- d-----w- c:\programdata\MSScanAppDataDir
2011-07-13 01:32:43 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 01:32:43 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 01:32:41 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 01:32:33 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 01:32:33 375808 ----a-w- c:\windows\system32\winsrv.dll
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:08:06.42 ===============
Note:
c:\windows\system32\drivers\35723331.sys
c:\windows\system32\drivers\18185592.sys
were created by Kaspersky and are legit
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:32 PM, on 8/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\PC Repair\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -update
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Google Update Service (gupdate1c9ea2d930fbd80) (gupdate1c9ea2d930fbd80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 3993 bytes
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 12:34:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAJS-75M0A0 rev.01.03E01
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\pwddapod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwAdjustPrivilegesToken [0xD1E32E36]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwAlpcConnectPort [0xD1E35074]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwAlpcCreatePort [0xD1E352EE]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwAlpcSendWaitReceivePort [0xD1E35564]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwClose [0xD1E3374A]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwConnectPort [0xD1E3457E]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateEvent [0xD1E34AC8]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateFile [0xD1E33A26]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateMutant [0xD1E349AE]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateNamedPipeFile [0xD1E32A24]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreatePort [0xD1E34882]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateSection [0xD1E32BCC]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateSemaphore [0xD1E34BE8]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateThread [0xD1E333D0]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateWaitablePort [0xD1E34918]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwDebugActiveProcess [0xD1E362D6]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwDeviceIoControlFile [0xD1E33EA8]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwDuplicateObject [0xD1E374E4]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwFsControlFile [0xD1E33CB6]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwLoadDriver [0xD1E363C8]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwMapViewOfSection [0xD1E36B30]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwOpenEvent [0xD1E34B5E]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwOpenFile [0xD1E337CC]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwOpenMutant [0xD1E34A3E]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwOpenProcess [0xD1E33074]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwOpenSection [0xD1E368CA]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwOpenSemaphore [0xD1E34C7E]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwOpenThread [0xD1E32F64]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwQueryDirectoryObject [0xD1E35868]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwQuerySection [0xD1E36E6A]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwQueueApcThread [0xD1E3675C]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwReplaceKey [0xD1E316DE]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwReplyPort [0xD1E34FE2]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwReplyWaitReceivePort [0xD1E34EA8]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwRequestWaitReplyPort [0xD1E36070]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwRestoreKey [0xD1E31A56]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwResumeThread [0xD1E37386]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSaveKey [0xD1E31676]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSecureConnectPort [0xD1E342C4]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSetContextThread [0xD1E335EC]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSetInformationToken [0xD1E3590A]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSetSecurityObject [0xD1E36566]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSetSystemInformation [0xD1E36FBA]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSuspendProcess [0xD1E370AC]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSuspendThread [0xD1E371E6]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwSystemDebugControl [0xD1E361FA]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwTerminateProcess [0xD1E3321A]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwTerminateThread [0xD1E33170]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwUnmapViewOfSection [0xD1E36D0E]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwWriteVirtualMemory [0xD1E33306]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateThreadEx [0xD1E334CE]
SSDT \SystemRoot\system32\DRIVERS\2544697drv.sys ZwCreateUserProcess [0xD1E357AE]
Code \SystemRoot\System32\Drivers\BlackBox.SYS ExAllocatePool
Code \SystemRoot\System32\Drivers\BlackBox.SYS ExAllocatePoolWithTag
Code \SystemRoot\System32\Drivers\BlackBox.SYS KeDelayExecutionThread
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ExAllocatePool 82621B56 5 Bytes JMP A89B24DC \SystemRoot\System32\Drivers\BlackBox.SYS
.text ntkrnlpa.exe!KeDelayExecutionThread 826BF5DC 5 Bytes JMP A89B253B \SystemRoot\System32\Drivers\BlackBox.SYS
.text ntkrnlpa.exe!KeSetEvent + 119 826C289C 4 Bytes [36, 2E, E3, D1]
.text ntkrnlpa.exe!KeSetEvent + 13D 826C28C0 8 Bytes [74, 50, E3, D1, EE, 52, E3, ...] {JZ 0x52; JECXZ 0xffffffffffffffd5; OUT DX, AL ; PUSH EDX; JECXZ 0xffffffffffffffd9}
.text ntkrnlpa.exe!KeSetEvent + 181 826C2904 4 Bytes [64, 55, E3, D1]
.text ntkrnlpa.exe!KeSetEvent + 1A9 826C292C 4 Bytes [4A, 37, E3, D1] {DEC EDX; AAA ; JECXZ 0xffffffffffffffd5}
.text ntkrnlpa.exe!KeSetEvent + 1C1 826C2944 4 Bytes [7E, 45, E3, D1] {JLE 0x47; JECXZ 0xffffffffffffffd5}
.text ...
? System32\Drivers\BlackBox.SYS The system cannot find the path specified. !
? C:\Users\user\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
? system32\DRIVERS\2544697drv.sys The system cannot find the path specified. !
? system32\DRIVERS\43008154.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!EnableWindow 76BCCD8B 5 Bytes JMP 6F7898BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DrawTextExW 76BD91CE 5 Bytes JMP 00D9D579
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DrawTextW 76BD97D3 5 Bytes JMP 00D9D3B7
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DrawTextA 76BE558D 5 Bytes JMP 00D9D2DC
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DrawTextExA 76BE55C4 5 Bytes JMP 00D9D492
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DialogBoxParamW 76BF10B0 5 Bytes JMP 00D9C46C
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DialogBoxIndirectParamW 76BF2EF5 5 Bytes JMP 6F8D5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!SetClipboardData 76C06410 5 Bytes JMP 00D9D02D
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DialogBoxParamA 76C08152 5 Bytes JMP 6F8D5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!DialogBoxIndirectParamA 76C0847D 5 Bytes JMP 6F8D5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!MessageBoxIndirectA 76C1D4D9 5 Bytes JMP 6F8D5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!MessageBoxIndirectW 76C1D5D3 5 Bytes JMP 6F8D5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!MessageBoxExA 76C1D639 5 Bytes JMP 6F8D5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] USER32.dll!MessageBoxExW 76C1D65D 5 Bytes JMP 6F8D5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] GDI32.dll!ExtTextOutW 76AC872B 5 Bytes JMP 00D9D744
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] GDI32.dll!GetGlyphIndicesW 76ACB765 5 Bytes JMP 00D9DBD1
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] GDI32.dll!ExtTextOutA 76AD00A5 5 Bytes JMP 00D9D660
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] GDI32.dll!TextOutA 76AD0BAB 5 Bytes JMP 00D9D144
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] GDI32.dll!TextOutW 76AD0D6D 5 Bytes JMP 00D9D210
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] GDI32.dll!GetGlyphIndicesA 76AE9DC0 5 Bytes JMP 00D9DB04
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WININET.dll!InternetCrackUrlW 76742E2B 5 Bytes JMP 00D9DFE0
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!closesocket 756E330C 5 Bytes JMP 00D9CF86
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!recv 756E343A 5 Bytes JMP 00D9CBA0
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!GetAddrInfoW 756E3D12 5 Bytes JMP 00D9C0AA
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!getaddrinfo 756E418A 5 Bytes JMP 00D9BFCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!WSASend 756E4496 5 Bytes JMP 00D9CC4E
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!send 756E659B 5 Bytes JMP 00D9CAFB
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!WSARecv 756E8400 5 Bytes JMP 00D9CD22
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!WSAAsyncGetHostByName 756F5FB9 5 Bytes JMP 00D9C38D
.text C:\Program Files\Internet Explorer\iexplore.exe[1400] WS2_32.dll!gethostbyname 756F62D4 5 Bytes JMP 00D9BF09
.text C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6Z8UVB1\RKUnhookerLE.EXE[2888] ntdll.dll!CsrClientCallServer 77088182 5 Bytes JMP 00447E98 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6Z8UVB1\RKUnhookerLE.EXE
.text C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6Z8UVB1\RKUnhookerLE.EXE[2888] kernel32.dll!LoadLibraryExW 7658927C 5 Bytes JMP 00447E54 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6Z8UVB1\RKUnhookerLE.EXE
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] kernel32.dll!CreateThread 765ACB2E 5 Bytes JMP 6F7471CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateDialogParamW 76BC72A2 5 Bytes JMP 6F8D61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!GetAsyncKeyState 76BC863C 5 Bytes JMP 6F72DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 6F78204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CallNextHookEx 76BC8E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CallNextHookEx 76BC8E3B 5 Bytes JMP 6F7A7A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 6F7CE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!EnableWindow 76BCCD8B 5 Bytes JMP 6F7898BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DefWindowProcA 76BCDB88 7 Bytes JMP 6F7493F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateWindowExA 76BCDC2A 2 Bytes JMP 6F753223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateWindowExA + 3 76BCDC2D 2 Bytes [B8, F8]
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateWindowExW 76BD1305 5 Bytes JMP 6F7AFE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!GetKeyState 76BD8CB1 5 Bytes JMP 6F72DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DrawTextExW 76BD91CE 5 Bytes JMP 033AD579
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DrawTextW 76BD97D3 5 Bytes JMP 033AD3B7
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DefWindowProcW 76BE03B4 7 Bytes JMP 6F7A7AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!IsDialogMessageW 76BE0745 5 Bytes JMP 6F8D6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateDialogParamA 76BE17AA 5 Bytes JMP 6F8D61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!IsDialogMessage 76BE1847 5 Bytes JMP 6F8D693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateDialogIndirectParamA 76BE26F1 5 Bytes JMP 6F8D6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DrawTextA 76BE558D 5 Bytes JMP 033AD2DC
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DrawTextExA 76BE55C4 5 Bytes JMP 033AD492
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateDialogIndirectParamW 76BE9A62 5 Bytes JMP 6F8D6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SetKeyboardState 76BF0987 5 Bytes JMP 6F8D722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamW 76BF10B0 5 Bytes JMP 033AC46C
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamW 76BF2EF5 5 Bytes JMP 6F8D5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SendInput 76BF2F75 5 Bytes JMP 6F8D71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!EndDialog 76BF326E 5 Bytes JMP 6F8D6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SetClipboardData 76C06410 5 Bytes JMP 033AD02D
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SetCursorPos 76C06FB2 5 Bytes JMP 6F8D72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamA 76C08152 5 Bytes JMP 6F8D5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamA 76C0847D 5 Bytes JMP 6F8D5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectA 76C1D4D9 5 Bytes JMP 6F8D5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectW 76C1D5D3 5 Bytes JMP 6F8D5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExA 76C1D639 5 Bytes JMP 6F8D5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExW 76C1D65D 5 Bytes JMP 6F8D5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!keybd_event 76C1D972 5 Bytes JMP 6F8D7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] GDI32.dll!ExtTextOutW 76AC872B 5 Bytes JMP 033AD744
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] GDI32.dll!GetGlyphIndicesW 76ACB765 5 Bytes JMP 033ADBD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] GDI32.dll!ExtTextOutA 76AD00A5 5 Bytes JMP 033AD660
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] GDI32.dll!TextOutA 76AD0BAB 5 Bytes JMP 033AD144
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] GDI32.dll!TextOutW 76AD0D6D 5 Bytes JMP 033AD210
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] GDI32.dll!GetGlyphIndicesA 76AE9DC0 5 Bytes JMP 033ADB04
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] SHELL32.dll!SHRestricted + D95 759789A8 4 Bytes [37, 01, 7D, 71] {AAA ; ADD [EBP+0x71], EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] SHELL32.dll!SHRestricted + D9D 759789B0 8 Bytes [60, 61, 7C, 71, E1, F6, 7C, ...] {PUSHA ; POPA ; JL 0x75; LOOPZ 0xfffffffffffffffc; JL 0x79}
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] ole32.dll!OleLoadFromStream 76431E80 5 Bytes JMP 6F8D666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WININET.dll!InternetCrackUrlW 76742E2B 5 Bytes JMP 033ADFE0
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!closesocket 756E330C 5 Bytes JMP 033ACF86
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!recv 756E343A 5 Bytes JMP 033ACBA0
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!GetAddrInfoW 756E3D12 5 Bytes JMP 033AC0AA
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!getaddrinfo 756E418A 5 Bytes JMP 033ABFCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!WSASend 756E4496 5 Bytes JMP 033ACC4E
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!send 756E659B 5 Bytes JMP 033ACAFB
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!WSARecv 756E8400 5 Bytes JMP 033ACD22
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!WSAAsyncGetHostByName 756F5FB9 5 Bytes JMP 033AC38D
.text C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!gethostbyname 756F62D4 5 Bytes JMP 033ABF09
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] kernel32.dll!CreateThread 765ACB2E 5 Bytes JMP 6F7471CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateDialogParamW 76BC72A2 5 Bytes JMP 6F8D61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!GetAsyncKeyState 76BC863C 5 Bytes JMP 6F72DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 6F78204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CallNextHookEx 76BC8E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CallNextHookEx 76BC8E3B 5 Bytes JMP 6F7A7A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 6F7CE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!EnableWindow 76BCCD8B 5 Bytes JMP 6F7898BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DefWindowProcA 76BCDB88 7 Bytes JMP 6F7493F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateWindowExA 76BCDC2A 2 Bytes JMP 6F753223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateWindowExA + 3 76BCDC2D 2 Bytes [B8, F8]
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateWindowExW 76BD1305 5 Bytes JMP 6F7AFE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!GetKeyState 76BD8CB1 5 Bytes JMP 6F72DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DrawTextExW 76BD91CE 5 Bytes JMP 0121D579
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DrawTextW 76BD97D3 5 Bytes JMP 0121D3B7
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DefWindowProcW 76BE03B4 7 Bytes JMP 6F7A7AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!IsDialogMessageW 76BE0745 5 Bytes JMP 6F8D6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateDialogParamA 76BE17AA 5 Bytes JMP 6F8D61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!IsDialogMessage 76BE1847 5 Bytes JMP 6F8D693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateDialogIndirectParamA 76BE26F1 5 Bytes JMP 6F8D6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DrawTextA 76BE558D 5 Bytes JMP 0121D2DC
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DrawTextExA 76BE55C4 5 Bytes JMP 0121D492
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateDialogIndirectParamW 76BE9A62 5 Bytes JMP 6F8D6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!SetKeyboardState 76BF0987 5 Bytes JMP 6F8D722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxParamW 76BF10B0 5 Bytes JMP 0121C46C
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxIndirectParamW 76BF2EF5 5 Bytes JMP 6F8D5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!SendInput 76BF2F75 5 Bytes JMP 6F8D71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!EndDialog 76BF326E 5 Bytes JMP 6F8D6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!SetClipboardData 76C06410 5 Bytes JMP 0121D02D
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!SetCursorPos 76C06FB2 5 Bytes JMP 6F8D72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxParamA 76C08152 5 Bytes JMP 6F8D5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxIndirectParamA 76C0847D 5 Bytes JMP 6F8D5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxIndirectA 76C1D4D9 5 Bytes JMP 6F8D5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxIndirectW 76C1D5D3 5 Bytes JMP 6F8D5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxExA 76C1D639 5 Bytes JMP 6F8D5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxExW 76C1D65D 5 Bytes JMP 6F8D5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!keybd_event 76C1D972 5 Bytes JMP 6F8D7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] GDI32.dll!ExtTextOutW 76AC872B 5 Bytes JMP 0121D744
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] GDI32.dll!GetGlyphIndicesW 76ACB765 5 Bytes JMP 0121DBD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] GDI32.dll!ExtTextOutA 76AD00A5 5 Bytes JMP 0121D660
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] GDI32.dll!TextOutA 76AD0BAB 5 Bytes JMP 0121D144
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] GDI32.dll!TextOutW 76AD0D6D 5 Bytes JMP 0121D210
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] GDI32.dll!GetGlyphIndicesA 76AE9DC0 5 Bytes JMP 0121DB04
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] SHELL32.dll!SHRestricted + D95 759789A8 4 Bytes [37, 01, 7D, 71] {AAA ; ADD [EBP+0x71], EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] SHELL32.dll!SHRestricted + D9D 759789B0 8 Bytes [60, 61, 7C, 71, E1, F6, 7C, ...] {PUSHA ; POPA ; JL 0x75; LOOPZ 0xfffffffffffffffc; JL 0x79}
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] ole32.dll!OleLoadFromStream 76431E80 5 Bytes JMP 6F8D666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WININET.dll!InternetCrackUrlW 76742E2B 5 Bytes JMP 0121DFE0
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!closesocket 756E330C 5 Bytes JMP 0121CF86
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!recv 756E343A 5 Bytes JMP 0121CBA0
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!GetAddrInfoW 756E3D12 5 Bytes JMP 0121C0AA
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!getaddrinfo 756E418A 5 Bytes JMP 0121BFCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!WSASend 756E4496 5 Bytes JMP 0121CC4E
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!send 756E659B 5 Bytes JMP 0121CAFB
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!WSARecv 756E8400 5 Bytes JMP 0121CD22
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!WSAAsyncGetHostByName 756F5FB9 5 Bytes JMP 0121C38D
.text C:\Program Files\Internet Explorer\iexplore.exe[3672] WS2_32.dll!gethostbyname 756F62D4 5 Bytes JMP 0121BF09
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] kernel32.dll!CreateThread 765ACB2E 5 Bytes JMP 6F7471CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CreateDialogParamW 76BC72A2 5 Bytes JMP 6F8D61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!GetAsyncKeyState 76BC863C 5 Bytes JMP 6F72DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 6F78204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CallNextHookEx 76BC8E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CallNextHookEx 76BC8E3B 5 Bytes JMP 6F7A7A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 6F7CE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!EnableWindow 76BCCD8B 5 Bytes JMP 6F7898BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DefWindowProcA 76BCDB88 7 Bytes JMP 6F7493F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CreateWindowExA 76BCDC2A 2 Bytes JMP 6F753223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CreateWindowExA + 3 76BCDC2D 2 Bytes [B8, F8]
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CreateWindowExW 76BD1305 5 Bytes JMP 6F7AFE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!GetKeyState 76BD8CB1 5 Bytes JMP 6F72DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DrawTextExW 76BD91CE 5 Bytes JMP 002ED579
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DrawTextW 76BD97D3 5 Bytes JMP 002ED3B7
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DefWindowProcW 76BE03B4 7 Bytes JMP 6F7A7AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!IsDialogMessageW 76BE0745 5 Bytes JMP 6F8D6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CreateDialogParamA 76BE17AA 5 Bytes JMP 6F8D61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!IsDialogMessage 76BE1847 5 Bytes JMP 6F8D693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CreateDialogIndirectParamA 76BE26F1 5 Bytes JMP 6F8D6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DrawTextA 76BE558D 5 Bytes JMP 002ED2DC
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DrawTextExA 76BE55C4 5 Bytes JMP 002ED492
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!CreateDialogIndirectParamW 76BE9A62 5 Bytes JMP 6F8D6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SetKeyboardState 76BF0987 5 Bytes JMP 6F8D722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamW 76BF10B0 5 Bytes JMP 6F6E15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamW 76BF2EF5 5 Bytes JMP 6F8D5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SendInput 76BF2F75 5 Bytes JMP 6F8D71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!EndDialog 76BF326E 5 Bytes JMP 6F8D6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SetClipboardData 76C06410 5 Bytes JMP 002ED02D
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SetCursorPos 76C06FB2 5 Bytes JMP 6F8D72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamA 76C08152 5 Bytes JMP 6F8D5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamA 76C0847D 5 Bytes JMP 6F8D5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectA 76C1D4D9 5 Bytes JMP 6F8D5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectW 76C1D5D3 5 Bytes JMP 6F8D5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExA 76C1D639 5 Bytes JMP 6F8D5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExW 76C1D65D 5 Bytes JMP 6F8D5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!keybd_event 76C1D972 5 Bytes JMP 6F8D7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] GDI32.dll!ExtTextOutW 76AC872B 5 Bytes JMP 002ED744
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] GDI32.dll!GetGlyphIndicesW 76ACB765 5 Bytes JMP 002EDBD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] GDI32.dll!ExtTextOutA 76AD00A5 5 Bytes JMP 002ED660
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] GDI32.dll!TextOutA 76AD0BAB 5 Bytes JMP 002ED144
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] GDI32.dll!TextOutW 76AD0D6D 5 Bytes JMP 002ED210
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] GDI32.dll!GetGlyphIndicesA 76AE9DC0 5 Bytes JMP 002EDB04
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] SHELL32.dll!SHRestricted + D95 759789A8 4 Bytes [37, 01, 7D, 71] {AAA ; ADD [EBP+0x71], EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] SHELL32.dll!SHRestricted + D9D 759789B0 8 Bytes [60, 61, 7C, 71, E1, F6, 7C, ...] {PUSHA ; POPA ; JL 0x75; LOOPZ 0xfffffffffffffffc; JL 0x79}
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] ole32.dll!OleLoadFromStream 76431E80 5 Bytes JMP 6F8D666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WININET.dll!InternetCrackUrlW 76742E2B 5 Bytes JMP 002EDFE0
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!closesocket 756E330C 5 Bytes JMP 002ECF86
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!recv 756E343A 5 Bytes JMP 002ECBA0
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!GetAddrInfoW 756E3D12 5 Bytes JMP 002EC0AA
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!getaddrinfo 756E418A 5 Bytes JMP 002EBFCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!WSASend 756E4496 5 Bytes JMP 002ECC4E
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!send 756E659B 5 Bytes JMP 002ECAFB
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!WSARecv 756E8400 5 Bytes JMP 002ECD22
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!WSAAsyncGetHostByName 756F5FB9 5 Bytes JMP 002EC38D
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!gethostbyname 756F62D4 5 Bytes JMP 002EBF09
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a31d
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a31d (not active ControlSet)
Note: gmer is still scanning c:\ but it didn't find anything earlier today (I just didn't save a log, but will post the full log when it is done if neccessary)
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software Run date: 2011-08-06 13:29:45 ----------------------------- 13:29:45.690 OS Version: Windows 6.0.6002 Service Pack 2 13:29:45.690 Number of processors: 1 586 0x1601 13:29:45.692 ComputerName: LIVING-ROOM UserName: User 13:30:00.234 Initialize success 13:31:24.878 AVAST engine defs: 11080600 13:32:22.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:32:22.458 Disk 0 Vendor: WDC_WD2500AAJS-75M0A0 01.03E01 Size: 238418MB BusType: 3 13:32:24.520 Disk 0 MBR read successfully 13:32:24.523 Disk 0 MBR scan 13:32:24.528 Disk 0 Windows VISTA default MBR code 13:32:24.564 Disk 0 scanning sectors +488279202 13:32:24.760 Disk 0 scanning C:\Windows\system32\drivers 13:33:23.311 Service scanning 13:33:25.917 Modules scanning 13:34:54.341 Disk 0 trace - called modules: 13:34:54.407 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys 13:34:54.412 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85afaac8] 13:34:54.420 3 CLASSPNP.SYS[88ba18b3] -> nt!IofCallDriver -> [0x8505d800] 13:34:54.783 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85050528] 13:34:59.101 AVAST engine scan C:\Windows 13:36:47.469 AVAST engine scan C:\Windows\system32 13:46:45.008 AVAST engine scan C:\Windows\system32\drivers 13:48:47.845 AVAST engine scan C:\Users\User 15:16:38.990 AVAST engine scan C:\ProgramData 15:23:09.755 Scan finished successfully 18:41:37.919 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat" 18:41:38.137 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
This post has been edited by nsc: 06 August 2011 - 09:53 PM
Back to top
