Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Local Area Connection constantly disconnecting / connecting


  • This topic is locked This topic is locked
6 replies to this topic

#1 Balta

Balta

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 05 November 2010 - 06:21 AM

Hi, I think I must have some sort of problem/infection since my network keeps on and off every 10s to 120s I changed the network cable already and did all hardware tests.
I run full anti-virus scan software, full antispyware etc bt the problem persists so here is my HijackThis log to see if anyone can help me.

Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:23 AM, on 05/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
F:\SitesDevelop\apache\Apache2\bin\Apache.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
F:\SitesDevelop\apache\Apache2\bin\Apache.exe
D:\WINDOWS\system32\crypserv.exe
D:\Program Files\FileZilla Server\FileZilla Server.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\SitesDevelop\mysql\bin\mysqld-nt.exe
D:\Program Files\Nero\Update\NASvc.exe
D:\Program Files\No-IP\DUC20.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\iPod\bin\iPodService.exe
F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe
D:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
F:\SitesDevelop\mysql\bin\winmysqladmin.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Trillian\trillian.exe
F:\SitesDevelop\eclipse\eclipse.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Baltasar\Desktop\Thunder5.8.13.699\Thunder\Program\Thunder5.exe
D:\Program Files\PS3 Media Server\win32\service\wrapper.exe
D:\WINDOWS\system32\java.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iraqigeek.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Name of App] D:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "D:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Certificate Import] D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [NBAgent] "D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "D:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: WinMySQLadmin.lnk = F:\SitesDevelop\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Monitor Apache Servers.lnk = F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: MediaChecker.lnk = D:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) -
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154986089372
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128861032596
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{209A3915-9058-4AEA-8CDC-1A15B41943D0}: NameServer = 192.168.0.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\WINDOWS\system32\skype4com.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2 - Apache Software Foundation - F:\SitesDevelop\apache\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: BlueSoleilCS - IVT Corporation - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - F:/SitesDevelop/mysql/bin/mysqld-nt.exe
O23 - Service: @D:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - D:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PS3 Media Server - Unknown owner - D:\Program Files\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 16131 bytes

BC AdBot (Login to Remove)

 


#2 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 05 November 2010 - 10:40 AM

Hi, I think I must have some sort of problem/infection since my network keeps on and off every 10s to 120s I changed the network cable already and did all hardware tests.
I run full anti-virus scan software, full antispyware etc bt the problem persists so here is my request to see if anyone can help me.

Regarding the dds.scr logs I can't post them as when I run the tool I get blue screen on a fltmgr.sys file, run twice with and without anti-virus on and allways get blue screen crash.

So here is the rest of requested files and tell me something else needed?

Also the forum didn't allow me to attach the ark.txt file, said is too big so I copy paste here.

Thanks.


GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-05 14:22:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST350063 3.AA
Running: gmer.exe; Driver: D:\DOCUME~1\Baltasar\LOCALS~1\Temp\fxliqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB62CA558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB62CAE5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB62CBC90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB62CC1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB62CB138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB62C93C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB62CC0C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB62CA146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB62CBF94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB62CA2EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB62CC2FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB62CAAE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB62CC02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB62CD9E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB62C99D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB62C9D86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB62CB5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB62CEBEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB62C9ED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB62C9F6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB62CB3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB62CDAD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB62C93A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB62C93B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB62CE23C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB62CA096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB62CC270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB62CAEDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB62C9588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB62CC150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB62CA794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB62CDFD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB62CC390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB62CA686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB62CA002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB62C9C3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB62CE576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB62C9864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB62CDE68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB62C9AF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB62C8DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB62CC6F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB62CC5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB62CD77C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB62C9156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB62CEA90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB62C8D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB62CB9D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB62CAD00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB62CD01C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB62CDC72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB62CE6C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB62C96DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB62CE7B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB62CE8F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB62CD906]
SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB609A620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB62CA890]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB62CE41A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB62CAA1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B62BCFE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B62BD3C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [D4, DA, 2C, B6, A4, 93, 2C, ...] {AAM 0xda; SUB AL, 0xb6; MOVSB ; XCHG EBX, EAX; SUB AL, 0xb6; MOV DH, 0x93; SUB AL, 0xb6}
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [F4, 9A, 2C, B6, DE, 8D, 2C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 8 Bytes JMP 8D76B62C
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B8, E7, 2C, B6, F2, E8, 2C, ...] {MOV EAX, 0xf2b62ce7; CALL 0xffffffffd906b636; SUB AL, 0xb6}
init D:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xBA4BC30E]
.text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C5E360, 0x3541AF, 0xE8000020]
init D:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB63E2A00]

---- User code sections - GMER 1.0.15 ----

? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1868] D:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1868] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1868] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[4676] D:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[4676] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[4676] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4700] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4844] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5012] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[5404] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Documents and Settings\Baltasar\Desktop\Thunder5.8.13.699\Thunder\Program\Thunder5.exe[6180] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 22AE1170 D:\Documents and Settings\Baltasar\Desktop\Thunder5.8.13.699\Thunder\Program\BugReport.dll (BugReport/ShenZhen Thunder Networking Technologies,LTD)
.text D:\Documents and Settings\Baltasar\Desktop\Thunder5.8.13.699\Thunder\Program\Thunder5.exe[6180] kernel32.dll!UnhandledExceptionFilter 7C863FCA 5 Bytes JMP 22AE13D0 D:\Documents and Settings\Baltasar\Desktop\Thunder5.8.13.699\Thunder\Program\BugReport.dll (BugReport/ShenZhen Thunder Networking Technologies,LTD)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[7420] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027200f5df
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833c98ab
Reg HKLM\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\00027200f5df (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\00027200f5df@000319864d07 0x29 0xC7 0x73 0xB4 ...
Reg HKLM\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\0015833c98ab (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@D:\Program Files\telesat\xae\MultiCAS-Edit\MultiCASEdit.exe 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bc5-2d9b-11d8-88bc-806d6172696f}@_LabelFromReg GRAPHIC PROGRAMS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bc8-2d9b-11d8-88bc-806d6172696f}@BaseClass Drive
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bc9-2d9b-11d8-88bc-806d6172696f}@BaseClass Drive
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}@BaseClass Drive
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}\_Autorun
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}\_Autorun\DefaultIcon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcb-2d9b-11d8-88bc-806d6172696f}\_Autorun\DefaultIcon@ G:\LG.ico
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD1MESSAGE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD1MESSAGE@ Microsoft AutoRoute is already installed on this computer. To run Microsoft AutoRoute insert the Run Disc. Would you like to reinstall or remove Microsoft AutoRoute?
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2MESSAGE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2MESSAGE@ Microsoft AutoRoute is not installed on your computer. The Run Disc is used only to run this application once it has been installed. To install Microsoft AutoRoute, insert the Setup Disc.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2RETAILONTRIAL
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_CD2RETAILONTRIAL@ You have inserted the Microsoft AutoRoute Run Disc on a machine that has the trial version installed. Please uninstall the trial version and then install the retail version.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_NAME
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_NAME@ Microsoft AutoRoute
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_SETUPEXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_SETUPEXE@ Setup_AR.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_TRIALOVERRETAIL
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\IDS_LOC_TRIALOVERRETAIL@ Setup has detected an existing version of Microsoft AutoRoute. You cannot install the trial version on a computer that already has the full version installed.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbc8bcc-2d9b-11d8-88bc-806d6172696f}\_Autorun\DefaultIcon@ H:\bootcd\icon.ico
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}@iaaoammeggdicjlkci 0x6A 0x61 0x66 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}@hacogpceicfchene 0x6A 0x61 0x66 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8906638D-3F40-6F46-4469-CC5DD022F0AF}@iampicoohemilenikc 0x63 0x61 0x6D 0x62 ...

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 05 November 2010 - 11:31 PM.
Merged topics. ~ OB


#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:19 AM

Posted 13 November 2010 - 08:55 AM

Hello Balta

Welcome to BleepingComputer :)
==========================
This could be a network card issue itself I see no signs of malware.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 13 November 2010 - 09:03 AM

Ok thanks.

I'll try to do some hardware tests with other network card to see if solved the problem, or even the router.

Thanks again.

Edited by Balta, 13 November 2010 - 09:03 AM.


#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:19 AM

Posted 13 November 2010 - 10:04 AM

OK let me know and I will close this if that is indeed the problem.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 15 November 2010 - 05:49 PM

Ok I replaced the network card and got the same problem, so I tested with another router and "voila" problem solved.

The router was damaged on is 4 switch ports as I tested each one and also with my notebook and I had the same problem in every port/computer.

Thanks for the help.

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:19 AM

Posted 15 November 2010 - 07:06 PM

Ahh well glad it is sorted out.
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users