Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD and Firefox shutdowns


  • This topic is locked This topic is locked
36 replies to this topic

#1 Franja

Franja

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 19 April 2010 - 07:27 PM

As described on this same topic on the Windows Vista forum, I have experienced 6 crashes (minidumps attached on the other forum) and frequent shutdowns of my Firefox browser.

As advised by Broni on the forementioned forum, I´m starting this topic to get advise from you guys.

I have a Dell Inspiron 1720 with Trend Micro Internet security antivirus, updated and within expiration date, still valid. Last scan April 14 and reported good, no infections found, and if found, deleted by the same antivirus.

I have the normal Windows defender that Vista provides, up and running. I´ve ran Malware and Spyware cleaning about three weeks ago.

My Internet Secuirty antivirus doesn't allow me to run the Malware, neither the Bluescreen View tool to download the minidumps, even if I included the addresses on the allowed list. So, I had to turn down the antivirus in order to work with these tools.

If more info is neccessary, please let me know.

Thanks a lot

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:15 AM

Posted 27 April 2010 - 04:16 PM

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

===============================================================================================

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

==============================================================================================

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Franja

Franja
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 29 April 2010 - 07:37 PM

Broni, sorry for my ignorance on PC tools, but I havn't being able to find the way to disable the script that pops up. Can you help me?. I'm 71, not an excuse at all, but can learn, and usually don't give up this easy. Is just that it has taken some time since you posted and don't want to make you think I'm ignoring you.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:15 AM

Posted 29 April 2010 - 08:05 PM

Which particular PC Tools program are you referring to?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Franja

Franja
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 30 April 2010 - 12:15 PM

The one which will allow me to disable the black screen script pop up. After a while there is a long script shown if I don't close the black screen, is this the script you refer as the one to disable, how?, just closing it?, or is avoid (disable) the first black screen?. Kindergarden questions probably, but I'm stuck.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:15 AM

Posted 30 April 2010 - 07:27 PM

No.
You have to worry about script blocking programs only, if you have Spybot, or Windows Defender installed.
If you have any of them, this is how to disable them.

1. Spybot...

Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

Alternatively, I suggest, you uninstall Spybot since it's a tool of the past.

2. Windows Defender...

- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

If you don't have any of those programs installed, you don't have to worry about anything and proceed with prescribed steps, starting with DDS.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Franja

Franja
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 01 May 2010 - 04:07 PM

Didn't understand this post from tg1911. Am I insulting someone?

Broni, I turned off Windows Defender, ran the dds, but no .txt. neither of the two you mentioned, appeared.

I tried three times, did this bother someone?

#8 Franja

Franja
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 01 May 2010 - 06:24 PM

Probably these are the ones you were asking for




DDS (Ver_10-03-17.01) - NTFSx86
Run by JLLozano at 18:10:33.20 on s b 05/01/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.52.1033.18.2037.876 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\ACD Systems\DevDetect\DevDetect.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JLLozano\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://bmv.com.mx/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSC Service Utility] c:\program files\ssc service utility\ssc_serv.exe /s
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
StartupFolder: c:\users\jllozano\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\jllozano\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jllozano\appdata\roaming\mozilla\firefox\profiles\2eo84u22.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?source=navclient#|http://finance.yahoo.com/p?k=pf_3|http://www.bmv.com.mx/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\jllozano\appdata\roaming\mozilla\firefox\profiles\2eo84u22.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\jllozano\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-3-18 142352]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-18 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-20 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-3-18 235024]

=============== Created Last 30 ================

2010-05-01 00:19:14 99176 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2010-05-01 00:19:14 51768 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2010-05-01 00:19:13 28120 ----a-w- c:\windows\system32\drivers\DLARTL_M.SYS
2010-05-01 00:19:13 12856 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2010-05-01 00:19:12 92920 ----a-w- c:\windows\DLA.EXE
2010-05-01 00:19:12 56056 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2010-05-01 00:19:12 120 ----a-w- c:\windows\wininit.ini
2010-05-01 00:19:12 0 d-----w- c:\windows\system32\DLA
2010-05-01 00:18:21 0 d-----w- c:\programdata\Sonic
2010-05-01 00:15:44 0 d-----w- c:\programdata\Roxio
2010-05-01 00:13:38 0 d-----w- c:\program files\common files\SureThing Shared
2010-05-01 00:12:39 0 d-----w- c:\program files\common files\Sonic Shared
2010-05-01 00:11:55 0 d-----w- c:\programdata\InstallShield
2010-05-01 00:11:40 0 d-----w- c:\program files\Roxio
2010-04-27 18:43:06 0 dc----w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2010-04-26 07:25:20 0 d-----w- c:\programdata\HotSync
2010-04-26 07:24:38 53248 ----a-w- c:\windows\PalmDevC.dll
2010-04-26 07:22:50 0 d-----w- c:\program files\Palm
2010-04-22 15:47:32 0 d-sh--w- C:\found.002
2010-04-21 02:18:13 0 d-----w- c:\program files\Auslogics
2010-04-20 18:30:08 230928 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-04-20 18:30:08 1322680 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-04-20 18:30:07 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-04-20 15:47:47 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-19 18:29:27 0 d-----w- c:\program files\common files\Windows Live
2010-04-19 18:26:50 0 d-----w- c:\program files\Microsoft
2010-04-19 18:24:26 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-19 18:24:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-17 20:12:17 0 d-----w- c:\users\jllozano\appdata\roaming\TeamViewer
2010-04-17 20:12:10 0 d-----w- c:\users\jllozano\temp
2010-04-15 19:12:31 0 d-----w- c:\programdata\PC Drivers HeadQuarters
2010-04-14 21:55:46 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 21:55:46 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 21:55:46 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 21:55:40 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 21:55:39 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 21:55:37 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 21:55:22 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 21:55:22 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 21:55:18 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 21:55:17 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 21:55:17 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 07:03:24 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-04-14 04:48:14 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 04:47:12 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 18:54:42 0 d-----w- c:\program files\iXi Tools
2010-04-13 18:00:48 0 d-----w- c:\users\jllozano\appdata\roaming\Uniblue
2010-04-13 18:00:29 0 d-----w- c:\program files\Uniblue
2010-04-13 01:58:25 2555904 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-04-13 01:58:23 0 d-----w- c:\program files\Microsoft ATS
2010-04-12 02:43:17 0 d-----w- c:\users\jllozano\appdata\roaming\Juniper Networks
2010-04-05 21:44:28 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
2010-04-05 20:21:47 0 d-----w- c:\windows\Driver Cache
2010-04-05 20:21:46 0 d-----w- c:\program files\AVerMedia
2010-04-05 20:21:31 0 d-----w- c:\program files\AVerMedia HC82 Express-Card Hybrid Analog
2010-04-05 03:37:43 0 d-----w- c:\users\jllozano\appdata\roaming\Malwarebytes
2010-04-05 03:37:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 03:37:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 03:37:21 0 d-----w- c:\programdata\Malwarebytes
2010-04-05 03:37:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 02:22:50 0 d-----w- c:\users\jllozano\appdata\roaming\ACD Systems
2010-04-05 02:19:36 0 d-----w- c:\programdata\ACD Systems
2010-04-05 02:19:23 0 d-----w- c:\program files\common files\ACD Systems
2010-04-05 02:19:22 0 d-----w- c:\program files\ACD Systems
2010-04-05 01:13:05 0 d-----w- c:\program files\Picasa2
2010-04-05 01:12:01 0 d-----w- c:\program files\Jaman Player
2010-04-05 01:11:15 0 d-----w- c:\program files\iPod
2010-04-05 01:10:09 0 d-----w- c:\program files\Microsoft Games - Copy
2010-04-05 01:09:36 0 d-----w- c:\program files\Kodak
2010-04-05 01:07:56 0 d-----w- c:\program files\eMule
2010-04-05 00:57:02 0 d-----w- c:\program files\DK
2010-04-05 00:55:42 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-04-26 07:25:02 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-26 07:25:02 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-26 07:25:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-27 23:28:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-27 05:09:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-03-22 21:29:04 174 --sha-w- c:\program files\desktop.ini
2010-03-22 20:14:53 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-03-22 20:14:49 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-03-18 18:43:36 66320 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-18 18:43:36 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-18 18:43:36 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-18 18:43:36 235024 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-03-18 18:43:36 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-18 18:43:36 142352 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-03-18 01:55:59 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-03-18 01:50:57 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-17 23:38:35 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-03-17 23:38:34 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-03-17 23:38:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-03-17 23:38:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-03-17 23:38:34 23552 ----a-w- c:\windows\system32\lpk.dll
2010-03-17 23:38:34 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-03-17 23:32:54 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-03-17 23:32:53 272896 ----a-w- c:\windows\system32\polstore.dll
2010-03-17 23:29:37 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-03-17 23:29:37 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-03-17 23:24:30 17920 ----a-w- c:\windows\system32\netevent.dll
2010-03-17 23:24:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-03-17 23:24:29 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-03-17 23:24:29 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-03-17 23:24:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-03-17 23:24:29 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-03-17 23:24:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-03-17 23:24:29 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-03-17 23:24:29 10240 ----a-w- c:\windows\system32\finger.exe
2010-03-17 23:19:40 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-03-17 23:19:39 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-03-17 23:19:39 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-03-17 23:19:39 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-03-17 23:19:39 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-03-17 23:19:38 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-03-17 23:19:35 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-03-17 23:17:36 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-03-17 23:17:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-03-17 23:17:33 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-03-17 23:17:32 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-03-17 23:16:15 72704 ----a-w- c:\windows\system32\secur32.dll
2010-03-17 23:16:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-03-17 23:16:15 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-03-17 23:16:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-03-17 23:16:14 9728 ----a-w- c:\windows\system32\lsass.exe
2010-03-17 23:16:14 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-03-17 23:14:07 2868224 ----a-w- c:\windows\system32\mf.dll
2010-03-17 23:14:06 98816 ----a-w- c:\windows\system32\mfps.dll
2010-03-17 23:14:06 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-03-17 23:14:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-03-17 23:14:06 2048 ----a-w- c:\windows\system32\mferror.dll
2010-03-17 23:10:08 71680 ----a-w- c:\windows\system32\atl.dll
2010-03-17 23:03:21 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-03-17 23:02:19 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-03-17 23:02:19 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-03-17 23:02:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-03-17 22:48:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-17 22:47:20 623616 ----a-w- c:\windows\system32\localspl.dll
2010-03-17 22:36:07 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-03-17 20:20:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-17 17:59:45 37888 ----a-w- c:\windows\system32\printcom.dll
2010-03-17 17:59:00 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-03-17 17:57:18 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-03-17 17:56:22 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-03-17 17:55:05 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-17 17:55:05 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-17 17:55:05 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-17 17:55:04 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-17 17:55:04 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-17 17:55:04 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-17 17:55:04 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-17 17:55:03 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-17 17:55:03 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-17 17:49:03 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-03-17 17:48:20 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-03-17 17:46:30 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-03-17 17:45:09 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-17 17:45:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-17 17:45:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-17 17:41:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-03-17 17:40:39 243712 ----a-w- c:\windows\system32\rastls.dll
2010-03-17 17:39:47 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-03-17 17:34:17 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-03-17 17:34:17 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-17 17:34:16 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-17 17:34:16 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-17 17:34:16 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-17 17:34:16 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-17 17:34:15 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-17 17:34:14 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-17 17:34:14 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-17 17:34:14 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-17 17:30:15 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-03-17 17:29:05 310784 ----a-w- c:\windows\system32\unregmp2.exe
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:13:57.08 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2010 2:26:35 AM
System Uptime: 5/1/2010 5:54:27 PM (1 hours ago)

Motherboard: Dell Inc. | | 0UK434
Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz | Microprocessor | 1000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 94.716 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

ACDSee for PENTAX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2 - Español
Auslogics Duplicate File Finder
AVerMedia MCE Encoder x86 3.0.1.0
Compresor WinRAR
Dell Driver Download Manager
Dell Resource CD
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Java Auto Updater
Java™ 6 Update 18
Laptop Integrated Webcam Driver (1.04.01.1011)
LimeWire 5.5.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Spanish) 2007






Havn't had BSODs in three days, have not touched RAM. only a few Firefox shutdowns.

Regards


#9 Franja

Franja
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 01 May 2010 - 06:28 PM

I think the last one was cut, here it is:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2010 2:26:35 AM
System Uptime: 5/1/2010 5:54:27 PM (1 hours ago)

Motherboard: Dell Inc. | | 0UK434
Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz | Microprocessor | 1000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 94.716 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

ACDSee for PENTAX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2 - Español
Auslogics Duplicate File Finder
AVerMedia MCE Encoder x86 3.0.1.0
Compresor WinRAR
Dell Driver Download Manager
Dell Resource CD
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Java Auto Updater
Java™ 6 Update 18
Laptop Integrated Webcam Driver (1.04.01.1011)
LimeWire 5.5.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
RICOH Media Driver ver.2.07.01.04
RICOH R5U8xx Media Driver ver.3.62.02
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SigmaTel Audio
Skype Toolbars
Skype™ 4.2
Sonic Activation Module
Trend Micro Internet Security
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974561)
Windows Live ID Sign-in Assistant

==== End Of File ===========================


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:15 AM

Posted 01 May 2010 - 07:42 PM

QUOTE
Didn't understand this post from tg1911. Am I insulting someone?

No, no, it was some unruly posted, who butted in here with not so nice remarks, so his posts has been deleted.

Go on...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Franja

Franja
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 01 May 2010 - 08:05 PM

Broni, I think my problem, related to the response of tg1911, was that I closed the black script before waiting for the scan to start.

Now I was able to run gmer and saved the log, but I can't find it in my computer, so I tried to run it again but windows shuts me off, twice already, at the middle of the scan. I didn't realize that you wanted it posted to you and went ahead with the malware program, which advised me on shutting all programs run, and there it goes the gmer log.

Where can I find the gmer.log, which I was told it was saved? or should I continue with the safe mode and see if I have more luck?

I know I have being a pain in the neck, but I'm very stubborn on unfinished tasks.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:15 AM

Posted 01 May 2010 - 08:13 PM

QUOTE
I know I have being a pain in the neck

You're not smile.gif

When GMER finishes...
...you click Save button, and save the results as gmer.log
You have to remember to what location you saved the log.

Try to run it in Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:12:15 PM

Posted 01 May 2010 - 08:40 PM

Hi Franja,

I am transferring your topic to the Malware Response Forum as you have furnished a DDS log. Only Certified Malware Response Team members can assist members posting DDS logs. I am requesting a member to pick up your log as soon as possible so you will not have to wait.

QUOTE
Didn't understand this post from tg1911. Am I insulting someone?


I apologize for the interruption by member SolidState. tg1911 was editing out his advice - SolidState was out of bounds in his response.

I will PM you to make sure you have a link to your topic - you can also follow the link forwarding arrow in the AII forum.

If you have any questions, please feel free to PM me.

rigel
BleepingComputer Global Moderator

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#14 Franja

Franja
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 01 May 2010 - 09:40 PM

I'm tired by now. I will attach the gmer as a text, before reading tomorrow all the instructios I need to follow to continue in this new forum:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-01 21:13:13
Windows 6.0.6002 Service Pack 2
Running: wtejlwdm.exe; Driver: C:\Users\JLLozano\AppData\Local\Temp\pwdyrkog.sys


---- System - GMER 1.0.15 ----

SSDT 87AC5000 ZwCreateKey
SSDT 87AC4240 ZwCreateProcess
SSDT 87AC4500 ZwCreateProcessEx
SSDT 87AC5E60 ZwCreateThread
SSDT 87AC5580 ZwDeleteKey
SSDT 87AC5840 ZwDeleteValueKey
SSDT 87AC61A0 ZwLoadDriver
SSDT 87AC4A80 ZwOpenProcess
SSDT 87AC52C0 ZwSetValueKey
SSDT 87AC4D40 ZwTerminateProcess
SSDT 87AC5CC0 ZwWriteVirtualMemory
SSDT 87AC6000 ZwCreateThreadEx
SSDT 87AC47C0 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1E9 81CCB94C 4 Bytes [00, 50, AC, 87]
.text ntkrnlpa.exe!KeSetEvent + 209 81CCB96C 8 Bytes [40, 42, AC, 87, 00, 45, AC, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 81CCB984 4 Bytes [60, 5E, AC, 87]
.text ntkrnlpa.exe!KeSetEvent + 2D5 81CCBA38 4 Bytes [80, 55, AC, 87] {ADC BYTE [EBP-0x54], 0x87}
.text ntkrnlpa.exe!KeSetEvent + 2E1 81CCBA44 4 Bytes [40, 58, AC, 87]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3564] ntdll.dll!LdrLoadDll 770D9390 5 Bytes JMP 000A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#15 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:15 AM

Posted 01 May 2010 - 09:41 PM

Sorry for the misunderstanding, Franja.
That post should have been removed with the other posts I removed.
I have moved it to where it should have been in the first place.
It wasn't meant for you.
Once again, sorry for the misunderstanding.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users