Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

super slow bookup, and strange folders being created


  • Please log in to reply
9 replies to this topic

#1 slamzee

slamzee

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 05 July 2011 - 03:13 PM

Hello All-

My Dell Desktop takes 4-5 minutes to boot, and will not wake up after coming back to it overnight. I am also noticing odd folders with random letter and number names being created off the root of removable drives, etc.

Any ideas where to start?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 05 July 2011 - 04:28 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 07 July 2011 - 12:06 PM

Ok here are the results - thanks for the help!

notcheckup25.txt
``````````End of Log````````````


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7029

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/5/2011 3:41:08 PM
mbam-log-2011-07-05 (15-41-08).txt

Scan type: Quick scan
Objects scanned: 190317
Time elapsed: 22 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MiniToolBox by Farbar
Ran by Scott (administrator) on 06-07-2011 at 11:00:04
Windows 7 Ultimate Service Pack 1 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=5.0.0.1 publish=Yes
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set subinterface interface=?3 subinterface=ethernet_14 mtu=1477
set subinterface interface=?3 subinterface=ethernet_15 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : GD-PC1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 5:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #5
Physical Address. . . . . . . . . : 00-02-76-1E-C2-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1E-C9-4F-78-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b08e:1f62:748d:1732%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.197(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 06, 2011 10:39:59 AM
Lease Expires . . . . . . . . . . : Thursday, July 07, 2011 10:39:59 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 184557257
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-E6-B3-32-00-1E-C9-4F-78-9D
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-21-7B-43-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.57.124.218(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Wednesday, July 06, 2011 10:39:59 AM
Lease Expires . . . . . . . . . . : Thursday, July 05, 2012 10:42:06 AM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:347c:27ce:9ebf:3af5(Preferred)
Link-local IPv6 Address . . . . . : fe80::347c:27ce:9ebf:3af5%29(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{67198979-3ED5-4B86-A234-756290816FF7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7A6EC467-3850-48DB-9F1C-3E531F337210}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:539:7cda::539:7cda(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{5F8B2BA1-C6CF-436B-9BCE-BA354B761338}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.225.50
74.125.225.51
74.125.225.52
74.125.225.49
74.125.225.48


Pinging google.com [74.125.225.48] with 32 bytes of data:
Reply from 74.125.225.48: bytes=32 time=14ms TTL=55
Reply from 74.125.225.48: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.225.48:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=64ms TTL=50
Reply from 98.137.149.56: bytes=32 time=76ms TTL=50

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 76ms, Average = 70ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 4ms, Average = 2ms
===========================================================================
Interface List
22...00 02 76 1e c2 49 ......Bluetooth Device (Personal Area Network) #5
10...00 1e c9 4f 78 9d ......Intel® 82566DC-2 Gigabit Network Connection
26...7a 79 21 7b 43 52 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
29...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
27...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.57.124.218 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.197 20
5.0.0.0 255.0.0.0 On-link 5.57.124.218 9256
5.57.124.218 255.255.255.255 On-link 5.57.124.218 9256
5.255.255.255 255.255.255.255 On-link 5.57.124.218 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.197 276
192.168.0.197 255.255.255.255 On-link 192.168.0.197 276
192.168.0.255 255.255.255.255 On-link 192.168.0.197 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.197 276
224.0.0.0 240.0.0.0 On-link 5.57.124.218 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.197 276
255.255.255.255 255.255.255.255 On-link 5.57.124.218 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
27 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
29 58 2001::/32 On-link
29 306 2001:0:4137:9e76:347c:27ce:9ebf:3af5/128
On-link
27 1025 2002::/16 On-link
27 281 2002:539:7cda::539:7cda/128
On-link
10 276 fe80::/64 On-link
29 306 fe80::/64 On-link
29 306 fe80::347c:27ce:9ebf:3af5/128
On-link
10 276 fe80::b08e:1f62:748d:1732/128
On-link
1 306 ff00::/8 On-link
29 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/06/2011 10:41:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.7.397.0, time stamp: 0x4bc33882
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x630
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (07/06/2011 10:41:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/06/2011 10:41:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/05/2011 01:17:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.7.397.0, time stamp: 0x4bc33882
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x5f4
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (07/05/2011 01:17:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/05/2011 01:17:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/04/2011 09:45:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.7.397.0, time stamp: 0x4bc33882
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x820
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (07/04/2011 09:45:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/04/2011 09:45:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/03/2011 06:45:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.7.397.0, time stamp: 0x4bc33882
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x100
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3


System errors:
=============
Error: (07/06/2011 10:42:07 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/06/2011 10:39:44 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:02:34 AM on ?7/?6/?2011 was unexpected.

Error: (07/06/2011 07:45:19 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/06/2011 07:26:11 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/06/2011 04:23:20 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/06/2011 04:20:53 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/06/2011 02:03:08 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/06/2011 02:02:46 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/06/2011 01:54:38 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/06/2011 01:53:53 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.


Microsoft Office Sessions:
=========================
Error: (07/06/2011 10:41:30 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.3.0.244c9685d0c0000417000073bf63001cc3bf302dc53d9C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL6a75fb6d-a7e6-11e0-87df-0002761ec249

Error: (07/06/2011 10:41:16 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/06/2011 10:41:16 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/05/2011 01:17:25 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.3.0.244c9685d0c0000417000073bf5f401cc3b3fb53c9554C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL0806f542-a733-11e0-b9b9-0002761ec249

Error: (07/05/2011 01:17:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/05/2011 01:17:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2011 09:45:31 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.3.0.244c9685d0c0000417000073bf82001cc3a58fd68ba31C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL43781836-a64c-11e0-9ef1-0002761ec249

Error: (07/04/2011 09:45:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2011 09:45:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/03/2011 06:45:53 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.3.0.244c9685d0c0000417000073bf10001cc39db328e624dC:\Program Files\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL969f7ef8-a5ce-11e0-88d8-0002761ec249


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 51%
Total physical RAM: 3069.92 MB
Available physical RAM: 1500.18 MB
Total Pagefile: 6138.13 MB
Available Pagefile: 4132.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.41 MB

======================= Partitions: =======================================

1 Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:49.78 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.72 GB) NTFS
6 Drive h: (External SATA) (Fixed) (Total:931.51 GB) (Free:420.05 GB) NTFS
7 Drive j: (scott) (Removable) (Total:1024 GB) (Free:1024 GB) FAT32
8 Drive k: (Sierra) (Fixed) (Total:1863.01 GB) (Free:1055.33 GB) NTFS

================= Users: ==================================================

User accounts for \\GD-PC1

-------------------------------------------------------------------------------
Administrator Guest Scott
The command completed successfully.

================= End of Users ============================================

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-06 16:39:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 Hitachi_ rev.GM4O
Running: ewv9q3lh.exe; Driver: C:\Users\Scott\AppData\Local\Temp\pwldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 91CA8FE6 ZwCreateSection
SSDT 91CA8FEB ZwSetContextThread
SSDT 91CA8F87 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 83A7E339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83AB7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83ABEEEC 4 Bytes [E6, 8F, CA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 83ABF28C 4 Bytes [EB, 8F, CA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 83ABF364 4 Bytes [87, 8F, CA, 91]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9283F000, 0x38CD55, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[2320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[2320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[2320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[2320] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[2320] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [751BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[2320] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [751BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice cbfs3.sys

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\000000a6 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\000000a8 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c5b839
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c5b839@d49a204ed02b 0xA6 0xB7 0x06 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c5b839@00213c33cea7 0x25 0x9D 0x34 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c5b839@001694000a4d 0xF2 0xE9 0x59 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761ec249
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761ec249@000dfd157b3e 0x36 0xDA 0x2B 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761ec249@001a80ca2c5b 0x5F 0x1F 0x35 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761ec249@d49a204ed02b 0xA6 0xE9 0x32 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761ec249@001694000a4d 0xB0 0x0A 0xAA 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b41002558
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c5b839 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c5b839@d49a204ed02b 0xA6 0xB7 0x06 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c5b839@00213c33cea7 0x25 0x9D 0x34 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c5b839@001694000a4d 0xF2 0xE9 0x59 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761ec249 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761ec249@000dfd157b3e 0x36 0xDA 0x2B 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761ec249@001a80ca2c5b 0x5F 0x1F 0x35 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761ec249@d49a204ed02b 0xA6 0xE9 0x32 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761ec249@001694000a4d 0xB0 0x0A 0xAA 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b41002558 (not active ControlSet)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 07 July 2011 - 08:20 PM

I still need Security Check log.

Also....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 08 July 2011 - 11:26 AM

The Security Check log is at the top - just 2 lines of info - that is all that is in the report.

Here is the RKUnhooker report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x9343A000 C:\Windows\system32\DRIVERS\atikmdag.sys 8093696 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x9A406000 C:\Windows\system32\DRIVERS\lvuvc.sys 4329472 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x83A3A000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x83A3A000 PnpManager 4268032 bytes
0x83A3A000 RAW 4268032 bytes
0x83A3A000 WMIxWDM 4268032 bytes
0x9C0F0000 Win32k 2416640 bytes
0x9C0F0000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9C427000 C:\Windows\system32\DRIVERS\btwampfl.sys 2277376 bytes (Broadcom Corporation., Broadcom Bluetooth USB AMP Filter for Windows Vista)
0x8C625000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C207000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90C05000 C:\Windows\System32\Drivers\dump_iaStorV.sys 897024 bytes
0x8C034000 C:\Windows\system32\drivers\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9260F000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C422000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8BD0C000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA9C2F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA1C34000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8BC2C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9A95B000 C:\Windows\system32\drivers\btwaudio.sys 540672 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x9C71F000 C:\Windows\system32\DRIVERS\btwavdt.sys 483328 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8BE33000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9C665000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x91A14000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C374000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8C15D000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA9D4E000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x93107000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA9CFE000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9C3A0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92761000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BF74000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BEB2000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9A83B000 C:\Windows\system32\DRIVERS\lvrs.sys 286720 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x9304E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8BCCA000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8BDB7000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x91B3A000 C:\Windows\system32\DRIVERS\atikmpag.sys 262144 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x91A90000 C:\Windows\system32\drivers\cbfs3.sys 262144 bytes (EldoS Corporation, Callback File System Driver)
0x8C7A9000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C4D9000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA1D07000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x926C6000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x9271E000 C:\Windows\system32\DRIVERS\e1e6232.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x83A03000 ACPI_HAL 225280 bytes
0x83A03000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C1B7000 C:\Windows\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x8C118000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9300C000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C569000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90DAD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C76F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x930BF000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x927BB000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8C53C000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8C336000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA9DA0000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8BF0B000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8BE00000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x91ADE000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8BC00000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C59B000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C517000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9C6D3000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xA1CE4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91B7A000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C000000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA9CD0000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91B07000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90D2B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9A881000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x90CF2000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x926FF000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8C5CD000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9C380000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x930A3000 C:\Windows\system32\drivers\AtihdW73.sys 114688 bytes (Advanced Micro Devices, AMD High Definition Audio Function Driver)
0x9C704000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x9C7A2000 C:\Windows\system32\drivers\hidbth.sys 110592 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0x9C7D7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA1D42000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9A9DF000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA1CB9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x930EE000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91A78000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x93412000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91B9C000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9C400000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x91BB4000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91BCB000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90D8A000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x93157000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9A93A000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8BFC1000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9A827000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x9A8B6000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C361000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x93180000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C5EC000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BFD7000 00000104 73728 bytes
0x93400000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9C653000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x91B28000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA1CD2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BFD7000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8C608000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9A929000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C14C000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93092000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8BF40000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8BCB1000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C400000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x93170000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C7F0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8BF64000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x927AC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91AD0000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90DE6000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90D7C000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C3D1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x93040000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xA9DE0000 C:\Windows\System32\Drivers\usbaapl.sys 57344 bytes (Apple, Inc., Apple Mobile Device USB Driver)
0x9A8DC000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x8BEA4000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9C795000 C:\Windows\system32\DRIVERS\applebmt.sys 53248 bytes (Apple Inc., Apple Wireless Mouse)
0x9C6F7000 C:\Windows\system32\drivers\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x92600000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9A91C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91BEC000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91A00000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA9CF1000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90D4C000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x9C7BD000 C:\Windows\system32\DRIVERS\btwl2cap.sys 49152 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)
0x8C3F2000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x9A8D0000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x93BF2000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x90DA1000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x90D1F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BF59000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9A8AB000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9A8FE000 C:\Windows\system32\drivers\hppcgenio.sys 45056 bytes (Hewlett Packard, LEDM USB Composite Support Driver)
0x9C7CC000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x9A911000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x90D71000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9342A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9A8EA000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x92756000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C022000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x8BF35000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9A951000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9C6C9000 C:\Windows\system32\DRIVERS\HidBatt.sys 40960 bytes (Microsoft Corporation, Hid Battery Driver)
0xA1D77000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x8C3E8000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C411000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x91BE2000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA9CC6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C10F000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA9DCE000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA9DD7000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8C3DF000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9A8F5000 C:\Windows\system32\drivers\hppcfaxio.sys 36864 bytes (Hewlett Packard, LEDM FAX)
0x9C350000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C7A0000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x9C417000 C:\Windows\system32\DRIVERS\WinUsb.sys 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x8BEFA000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8BCC2000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BF51000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x9A909000 C:\Windows\system32\drivers\hppcbulkio.sys 32768 bytes (Hewlett Packard, LEDM BULK)
0x8C600000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8BF03000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90D59000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90D61000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x90D69000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x927F5000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x8C7E8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90D18000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x927E8000 C:\Windows\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0x9A8C9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x90D11000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x90DDF000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x927EF000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x90DFA000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x90DF4000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x90C00000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x93435000 C:\Windows\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0x8C619000 C:\Windows\System32\Drivers\BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)
0xA9DCA000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x9C7C9000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x8BFBF000 C:\Windows\system32\DRIVERS\AiCharger.sys 8192 bytes (ASUSTek Computer Inc., ASUS Charger driver)
0x91B05000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xA1D75000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x927FD000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9316E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9260D000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#6 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 08 July 2011 - 11:32 AM

I accidentally selected "code hooks" in the RKU - and it suggested rootkit activity at the end of that report - here is that info-

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x9343A000 C:\Windows\system32\DRIVERS\atikmdag.sys 8093696 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x9A406000 C:\Windows\system32\DRIVERS\lvuvc.sys 4329472 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x83A3A000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x83A3A000 PnpManager 4268032 bytes
0x83A3A000 RAW 4268032 bytes
0x83A3A000 WMIxWDM 4268032 bytes
0x9C0F0000 Win32k 2416640 bytes
0x9C0F0000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9C427000 C:\Windows\system32\DRIVERS\btwampfl.sys 2277376 bytes (Broadcom Corporation., Broadcom Bluetooth USB AMP Filter for Windows Vista)
0x8C625000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C207000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90C05000 C:\Windows\System32\Drivers\dump_iaStorV.sys 897024 bytes
0x8C034000 C:\Windows\system32\drivers\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9260F000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C422000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8BD0C000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA9C2F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA1C34000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8BC2C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9A95B000 C:\Windows\system32\drivers\btwaudio.sys 540672 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x9C71F000 C:\Windows\system32\DRIVERS\btwavdt.sys 483328 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8BE33000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9C665000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x91A14000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C374000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8C15D000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA9D4E000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x93107000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA9CFE000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9C3A0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92761000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BF74000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BEB2000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9A83B000 C:\Windows\system32\DRIVERS\lvrs.sys 286720 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x9304E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8BCCA000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8BDB7000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x91B3A000 C:\Windows\system32\DRIVERS\atikmpag.sys 262144 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x91A90000 C:\Windows\system32\drivers\cbfs3.sys 262144 bytes (EldoS Corporation, Callback File System Driver)
0x8C7A9000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C4D9000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA1D07000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x926C6000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x9271E000 C:\Windows\system32\DRIVERS\e1e6232.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x83A03000 ACPI_HAL 225280 bytes
0x83A03000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C1B7000 C:\Windows\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x8C118000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9300C000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C569000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90DAD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C76F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x930BF000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x927BB000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8C53C000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8C336000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA9DA0000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8BF0B000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8BE00000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x91ADE000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8BC00000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C59B000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C517000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9C6D3000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xA1CE4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91B7A000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C000000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA9CD0000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91B07000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90D2B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9A881000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x90CF2000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x926FF000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8C5CD000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9C380000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x930A3000 C:\Windows\system32\drivers\AtihdW73.sys 114688 bytes (Advanced Micro Devices, AMD High Definition Audio Function Driver)
0x9C704000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x9C7A2000 C:\Windows\system32\drivers\hidbth.sys 110592 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0x9C7D7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA1D42000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9A9DF000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA1CB9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x930EE000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91A78000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x93412000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91B9C000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9C400000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x91BB4000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91BCB000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90D8A000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x93157000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9A93A000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8BFC1000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9A827000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x9A8B6000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C361000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x93180000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C5EC000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BFD7000 00000104 73728 bytes
0x93400000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9C653000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x91B28000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA1CD2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BFD7000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8C608000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9A929000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C14C000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93092000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8BF40000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8BCB1000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C400000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x93170000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C7F0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8BF64000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x927AC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91AD0000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90DE6000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90D7C000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C3D1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x93040000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xA9DE0000 C:\Windows\System32\Drivers\usbaapl.sys 57344 bytes (Apple, Inc., Apple Mobile Device USB Driver)
0x9A8DC000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x8BEA4000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9C795000 C:\Windows\system32\DRIVERS\applebmt.sys 53248 bytes (Apple Inc., Apple Wireless Mouse)
0x9C6F7000 C:\Windows\system32\drivers\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x92600000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9A91C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91BEC000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91A00000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA9CF1000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90D4C000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x9C7BD000 C:\Windows\system32\DRIVERS\btwl2cap.sys 49152 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)
0x8C3F2000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x9A8D0000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x93BF2000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x90DA1000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x90D1F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BF59000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9A8AB000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9A8FE000 C:\Windows\system32\drivers\hppcgenio.sys 45056 bytes (Hewlett Packard, LEDM USB Composite Support Driver)
0x9C7CC000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x9A911000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x90D71000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9342A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9A8EA000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x92756000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C022000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x8BF35000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9A951000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9C6C9000 C:\Windows\system32\DRIVERS\HidBatt.sys 40960 bytes (Microsoft Corporation, Hid Battery Driver)
0xA1D77000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x8C3E8000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C411000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x91BE2000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA9CC6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C10F000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA9DCE000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA9DD7000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8C3DF000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9A8F5000 C:\Windows\system32\drivers\hppcfaxio.sys 36864 bytes (Hewlett Packard, LEDM FAX)
0x9C350000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C7A0000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x9C417000 C:\Windows\system32\DRIVERS\WinUsb.sys 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x8BEFA000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8BCC2000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BF51000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x9A909000 C:\Windows\system32\drivers\hppcbulkio.sys 32768 bytes (Hewlett Packard, LEDM BULK)
0x8C600000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8BF03000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90D59000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90D61000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x90D69000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x927F5000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x8C7E8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90D18000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x927E8000 C:\Windows\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0x9A8C9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x90D11000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x90DDF000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x927EF000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x90DFA000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x90DF4000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x90C00000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x93435000 C:\Windows\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0x8C619000 C:\Windows\System32\Drivers\BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)
0xA9DCA000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x9C7C9000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x8BFBF000 C:\Windows\system32\DRIVERS\AiCharger.sys 8192 bytes (ASUSTek Computer Inc., ASUS Charger driver)
0x91B05000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xA1D75000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x927FD000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9316E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9260D000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0007EEEC, Type: Inline - RelativeJump 0x83AB8EEC-->83AB8EFC [ntkrnlpa.exe]
[1868]MemeoDashboard.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->74F4FFF6 [apphelp.dll]
[1868]MemeoDashboard.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B14F4-->74F4FFF6 [apphelp.dll]
[1868]MemeoDashboard.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->74F4FFF6 [apphelp.dll]
[1868]MemeoDashboard.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->74F4FFF6 [apphelp.dll]
[1868]MemeoDashboard.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x630013FC-->74F4FFF6 [apphelp.dll]
[2884]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[2884]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[2884]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[2884]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[2884]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[2884]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[2884]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[2884]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[2884]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[2884]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[2884]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[2884]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[2884]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[2884]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[2884]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[2884]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[2884]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[2884]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[2884]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[3140]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[3140]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[3140]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[3140]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[3140]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[3140]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[3140]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[3140]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[3140]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[3140]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[3140]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[3140]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[3140]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[3140]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[3140]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[3140]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[3140]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[3140]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[3140]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[3168]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[3168]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[3168]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[3168]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[3168]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[3168]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[3168]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[3168]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[3168]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[3168]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[3168]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[3168]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[3168]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[3168]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[3168]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[3168]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[3168]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[3168]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[3168]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[4252]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[4252]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[4252]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[4252]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[4252]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[4252]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[4252]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[4252]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[4252]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[4252]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[4252]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[4252]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[4252]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[4252]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[4252]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[4252]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[4252]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[4252]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[4252]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[4672]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[4672]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 17 00]
[4672]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[4672]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [17 00]
[4672]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 17 00]
[4672]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 17 00]
[4672]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE74A4 [oleaut32.dll]
[4672]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 17 00]
[4672]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 17 00]
[4672]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 17 00]
[4672]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE7535 [oleaut32.dll]
[4672]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 17 00]
[4672]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE76F3 [oleaut32.dll]
[4672]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 17 00]
[4672]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 17 00]
[4672]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[4672]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[4672]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [17 00]
[4672]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[6216]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[6216]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[6216]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[6216]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[6216]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[6216]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[6216]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[6216]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[6216]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[6216]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[6216]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[6216]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[6216]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[6216]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[6216]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[6216]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[6216]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[6216]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[6216]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[6444]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->74F4FFF6 [apphelp.dll]
[6444]rundll32.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B14F4-->74F4FFF6 [apphelp.dll]
[6444]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->74F4FFF6 [apphelp.dll]
[6444]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->74F4FFF6 [apphelp.dll]
[6444]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x630013FC-->74F4FFF6 [apphelp.dll]
[6816]HipServAgent.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->74F4FFF6 [apphelp.dll]
[6816]HipServAgent.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->74F4FFF6 [apphelp.dll]
[6816]HipServAgent.exe-->kernel32.dll-->CreateProcessA, Type: IAT modification 0x0053D23C-->6723241B [AcLayers.dll]
[6816]HipServAgent.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0053D21C-->74F4FFF6 [apphelp.dll]
[6816]HipServAgent.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->74F4FFF6 [apphelp.dll]
[6948]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[6948]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[6948]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[6948]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[6948]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[6948]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[6948]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[6948]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[6948]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[6948]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[6948]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[6948]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[6948]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[6948]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[6948]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[6948]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[6948]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[6948]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[6948]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[7184]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[7184]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[7184]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[7184]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[7184]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[7184]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[7184]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[7184]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[7184]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[7184]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[7184]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[7184]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[7184]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[7184]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[7184]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[7184]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[7184]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[7184]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[7184]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]
[7876]chrome.exe-->kernel32.dll+0x000B5270, Type: Code Mismatch 0x75FB5270 + 742000 [10 00 11 8A]
[7876]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 6 [28 00 07 00]
[7876]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x76EE55C8 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 6 [28]
[7876]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 8 [07 00]
[7876]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x76EE5C28 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 6 [68 00 07 00]
[7876]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x76EE5CD8 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 6 [A8 01 07 00]
[7876]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x76EE5D88 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76EE5D9E-->75EE64A4 [oleaut32.dll]
[7876]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x76EE5D98 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 6 [A8 02 07 00]
[7876]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x76EE5DA8 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 6 [68 01 07 00]
[7876]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x76EE5E08 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 6 [68 02 07 00]
[7876]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x76EE5E18 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76EE5E2E-->75EE6535 [oleaut32.dll]
[7876]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x76EE5E28 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 6 [A8 00 07 00]
[7876]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x76EE5F38 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76EE5FEE-->75EE66F3 [oleaut32.dll]
[7876]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x76EE5FE8 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 6 [28 01 07 00]
[7876]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x76EE6638 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 6 [28 02 07 00]
[7876]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x76EE6698 + 11 [E2]
[7876]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 6 [68]
[7876]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 8 [07 00]
[7876]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x76EE69B8 + 11 [E2]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 08 July 2011 - 11:46 AM

..edited...

Edited by Broni, 08 July 2011 - 11:46 AM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 08 July 2011 - 11:48 AM

The Security Check log is at the top - just 2 lines of info - that is all that is in the report.

Please re-run it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 11 July 2011 - 10:43 AM

I have run securitycheck.exe multiple times - it scan folders looking for software - updates my Avira Antivirus - and opens a notepad window. This is all that is in there.

notcheckup25.txt
``````````End of Log````````````

I tried securitycheck > file.txt to capture the log, but the program opens a new window and the redirect doesn't work.

I have Avira Antivirus (free edition), , and Malware AntiMalware installed on my Windows 7 32 OS.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:06 PM

Posted 11 July 2011 - 07:16 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users