Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow bootup, won't wake up from sleep


  • This topic is locked This topic is locked
22 replies to this topic

#1 slamzee

slamzee

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 12 July 2011 - 12:09 PM

Hello All -

I started on another post - but was asked to bring my problem here. This is the orginal thread
http://www.bleepingcomputer.com/forums/topic407870.html

Here is the DDS log, the Attach.txt and and older gmer log are attached. Running Gmer now always results in a blue screen of death.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Scott at 11:21:59 on 2011-07-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1087 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AirPrint\airprint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\AppData\Local\Temp\_iu14D2N.tmp
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe
C:\Windows\system32\rundll32.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [Google Update] "c:\users\scott\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [4C1D31FDF3597EACE1250555646D3F025973DBC4._service_run] "c:\users\scott\appdata\local\google\chrome\application\chrome.exe" --type=service
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [ASUS Ai Charger] c:\program files\asus\asus ai charger\AiChargerAP.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional CM1410 Series Fax] c:\program files\hp\hp laserjet professional cm1410 series\fax driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\scott\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungle disk desktop\JungleDiskMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{67198979-3ED5-4B86-A234-756290816FF7} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\quy000px.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/a/zerby.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\quy000px.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: c:\users\scott\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\scott\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [2010-6-1 13224]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-18 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-18 66616]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\drivers\applebmt.sys [2010-1-25 34304]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
.
=============== Created Last 30 ================
.
2011-07-12 11:09:42 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40b37276-d683-443e-8469-cc663de4e1e7}\mpengine.dll
2011-07-11 18:58:12 -------- d-----w- c:\program files\iPod
2011-07-11 18:58:11 -------- d-----w- c:\program files\iTunes
2011-06-29 16:39:31 -------- d-----w- c:\program files\AirPort
2011-06-29 16:13:05 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 16:13:05 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 16:13:04 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 16:13:04 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 16:13:04 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 16:13:02 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 16:13:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 16:13:02 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 16:13:02 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 15:56:39 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 16:12:59 -------- d-----w- c:\users\scott\appdata\roaming\yWorks
2011-06-27 16:34:47 -------- d-----w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-06-25 17:45:15 -------- d-----w- c:\programdata\SecTaskMan
2011-06-25 17:45:00 -------- d-----w- c:\program files\Security Task Manager
2011-06-24 17:29:07 -------- d-----w- c:\program files\AMD APP
2011-06-24 17:28:59 -------- d-----w- c:\program files\common files\ATI Technologies
2011-06-24 17:27:08 -------- d-----w- c:\program files\ATI Technologies
2011-06-24 17:27:06 -------- d-----w- c:\program files\ATI
2011-06-24 16:59:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-24 14:54:41 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-17 17:35:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-17 17:35:15 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-17 17:35:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-17 17:35:15 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-17 17:35:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-17 17:35:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-17 17:35:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-17 17:35:12 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-17 15:56:06 -------- d-----w- c:\users\scott\appdata\roaming\TweakNow RegCleaner 2011
2011-06-17 15:56:06 -------- d-----w- c:\program files\TweakNow RegCleaner 2011
2011-06-17 15:15:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 15:15:32 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-17 15:15:31 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 09:51:41 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 09:51:41 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 09:51:41 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 09:51:37 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 09:51:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 09:51:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 09:51:01 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 09:49:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 09:49:15 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 09:49:15 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
==================== Find3M ====================
.
2011-06-30 18:15:30 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-28 12:56:24 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-20 07:43:42 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 07:09:20 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 07:09:06 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-20 07:07:04 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 07:05:08 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 07:04:38 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 07:04:08 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 07:02:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-20 07:02:44 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 07:02:32 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 07:02:24 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 07:02:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 06:59:22 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-20 06:46:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 06:46:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 06:42:06 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 06:40:16 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-20 06:38:06 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-20 06:30:38 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-20 06:27:00 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 06:23:06 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 06:22:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 06:22:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-20 06:22:10 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 06:21:40 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-20 06:21:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-20 06:21:02 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-20 06:20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 06:13:30 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 06:13:30 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 03:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 03:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-20 03:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 11:29:07.87 ===============

bump.

Is there something else I need to post?

EDIT: Please be patient. There are over 370 unanswered topics in this forum at present and the current average wait time to receive help is 14 days. ~Budapest

Attached Files


Edited by Budapest, 18 July 2011 - 04:59 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 29 July 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409128 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 03 August 2011 - 11:30 AM

I can not get GMER to finish a complete run. I get a BSOD. It says PWLDQPOC.SYS is the problem.

Here is the DDS Report. I also ran a RUnhooker report. I don't like the issues at the top bottom GMER and Runhooker see. Is something wrong with ntkrnla.exe and win32k.sys?

DDS:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Scott at 11:21:59 on 2011-07-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1087 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AirPrint\airprint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\AppData\Local\Temp\_iu14D2N.tmp
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe
C:\Windows\system32\rundll32.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [Google Update] "c:\users\scott\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [4C1D31FDF3597EACE1250555646D3F025973DBC4._service_run] "c:\users\scott\appdata\local\google\chrome\application\chrome.exe" --type=service
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [ASUS Ai Charger] c:\program files\asus\asus ai charger\AiChargerAP.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional CM1410 Series Fax] c:\program files\hp\hp laserjet professional cm1410 series\fax driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\scott\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungle disk desktop\JungleDiskMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{67198979-3ED5-4B86-A234-756290816FF7} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\quy000px.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/a/zerby.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\users\scott\appdata\roaming\mozilla\firefox\profiles\quy000px.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: c:\users\scott\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\scott\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\scott\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [2010-6-1 13224]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-18 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-18 66616]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\drivers\applebmt.sys [2010-1-25 34304]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
.
=============== Created Last 30 ================
.
2011-07-12 11:09:42 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40b37276-d683-443e-8469-cc663de4e1e7}\mpengine.dll
2011-07-11 18:58:12 -------- d-----w- c:\program files\iPod
2011-07-11 18:58:11 -------- d-----w- c:\program files\iTunes
2011-06-29 16:39:31 -------- d-----w- c:\program files\AirPort
2011-06-29 16:13:05 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 16:13:05 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 16:13:04 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 16:13:04 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 16:13:04 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 16:13:02 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 16:13:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 16:13:02 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 16:13:02 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 15:56:39 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 16:12:59 -------- d-----w- c:\users\scott\appdata\roaming\yWorks
2011-06-27 16:34:47 -------- d-----w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-06-25 17:45:15 -------- d-----w- c:\programdata\SecTaskMan
2011-06-25 17:45:00 -------- d-----w- c:\program files\Security Task Manager
2011-06-24 17:29:07 -------- d-----w- c:\program files\AMD APP
2011-06-24 17:28:59 -------- d-----w- c:\program files\common files\ATI Technologies
2011-06-24 17:27:08 -------- d-----w- c:\program files\ATI Technologies
2011-06-24 17:27:06 -------- d-----w- c:\program files\ATI
2011-06-24 16:59:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-24 14:54:41 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-17 17:35:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-17 17:35:15 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-17 17:35:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-17 17:35:15 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-17 17:35:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-17 17:35:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-17 17:35:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-17 17:35:12 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-17 15:56:06 -------- d-----w- c:\users\scott\appdata\roaming\TweakNow RegCleaner 2011
2011-06-17 15:56:06 -------- d-----w- c:\program files\TweakNow RegCleaner 2011
2011-06-17 15:15:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 15:15:32 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-17 15:15:31 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 09:51:41 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 09:51:41 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 09:51:41 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 09:51:37 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 09:51:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 09:51:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 09:51:01 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 09:49:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 09:49:15 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 09:49:15 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
==================== Find3M ====================
.
2011-06-30 18:15:30 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-28 12:56:24 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-20 07:43:42 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 07:09:20 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 07:09:06 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-20 07:07:04 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 07:05:08 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 07:04:38 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 07:04:08 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 07:02:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-20 07:02:44 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 07:02:32 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 07:02:24 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 07:02:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 06:59:22 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-20 06:46:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 06:46:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 06:42:06 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 06:40:16 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-20 06:38:06 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-20 06:30:38 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-20 06:27:00 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 06:23:06 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 06:22:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 06:22:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-20 06:22:10 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 06:21:40 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-20 06:21:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-20 06:21:02 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-20 06:20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 06:13:30 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 06:13:30 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 03:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 03:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-20 03:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 11:29:07.87 ===============


RUnhooker:


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #4
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x83C72F1B-->91C684AE [Unknown module filename]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x83D2CD35-->91C684B3 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x83CAA9C3-->91C6844F [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x94728473-->91C684B8 [Unknown module filename]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0x947251C5-->91C684BD [Unknown module filename]
==============================================
>Processes
==============================================
0x886AF6E8 [3108] C:\Program Files\AirPrint\airprint.exe (Apple Inc., AirPrint For Windows)
0x896BBCF8 [2128] C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x8970CD40 [2228] C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH, AntiVir shadow copy service)
0x89649D40 [1732] C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x8974FD40 [2272] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x89700D40 [2176] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0x8637B030 [5064] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x89799200 [2500] C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe (Jungle Disk, Inc., Jungle Disk Desktop Monitor)
0x89465030 [2372] C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc., Hamachi2 Client Tunneling Engine)
0x897BB4A8 [2632] C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc., LMIGuardianSvc)
0x897ECD40 [2688] C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc., LogMeIn)
0x88C96D40 [3568] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc., LogMeIn Desktop Application)
0x897E7D40 [2664] C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc., LogMeIn Maintenance Service)
0x886D6D40 [3020] C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo, MemeoDashboardService)
0x862E9C10 [4668] C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation., Bluetooth Support Server)
0x863BFD40 [5564] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x86AE7030 [1860] C:\Users\Scott\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x86AD8B20 [1660] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x896D9150 [4664] C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation, Windows Modules Installer)
0x890B7C20 [1540] C:\Windows\System32\atieclxx.exe (AMD, AMD External Events Client Module)
0x89200030 [1000] C:\Windows\System32\atiesrxx.exe (AMD, AMD External Events Service Module)
0x89753D40 [2240] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x881E1708 [544] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89096D40 [668] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89562A90 [1912] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x890D7608 [724] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x89099AE0 [732] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x890B7930 [708] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x86AA96E0 [344] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x861ABD40 [1384] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x892E2D40 [1228] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x892CB698 [1148] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x895D24F0 [488] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x892D3030 [1184] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8964BD40 [1532] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89274D40 [776] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x891BCD40 [856] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x891E8C88 [940] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x896E6468 [3508] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x892EBD40 [1392] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x896F8A58 [2156] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88573D40 [3068] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89697D40 [4520] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89828D40 [2996] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x899AC950 [3676] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x89666D40 [1528] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x894BBAF0 [3988] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x865889C8 [480] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x88C54548 [656] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x892A2C18 [1068] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x8958DD40 [2024] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x89575D40 [1972] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x87F44A38 [4220] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
0x86143938 [4] System
==============================================
>Drivers
==============================================
0x9260B000 C:\Windows\system32\DRIVERS\atikmdag.sys 8093696 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x90C2F000 C:\Windows\system32\DRIVERS\lvuvc.sys 4329472 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x83A4F000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x83A4F000 PnpManager 4268032 bytes
0x83A4F000 RAW 4268032 bytes
0x83A4F000 WMIxWDM 4268032 bytes
0x946B0000 Win32k 2416640 bytes
0x946B0000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9F23E000 C:\Windows\system32\DRIVERS\btwampfl.sys 2277376 bytes (Broadcom Corporation., Broadcom Bluetooth USB AMP Filter for Windows Vista)
0x8C436000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C20F000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8C67B000 C:\Windows\System32\Drivers\dump_iaStorV.sys 897024 bytes
0x8C008000 C:\Windows\system32\drivers\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x91E33000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C131000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8BCEC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xABE12000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA621F000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8BC0C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9114D000 C:\Windows\system32\drivers\btwaudio.sys 540672 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x9F54D000 C:\Windows\system32\DRIVERS\btwavdt.sys 483328 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8BE3C000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9F47C000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x91A3B000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C37C000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8F82F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xABF31000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x92F23000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xABEE1000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x94940000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91F85000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BF7D000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BEBB000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91064000 C:\Windows\system32\DRIVERS\lvrs.sys 286720 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x92E6A000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8BCAA000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x91AB7000 C:\Windows\system32\drivers\cbfs3.sys 266240 bytes (EldoS Corporation, Callback File System Driver)
0x8F976000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x91B62000 C:\Windows\system32\DRIVERS\atikmpag.sys 262144 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8C5BA000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BD97000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA62F2000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91EEA000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x91F42000 C:\Windows\system32\DRIVERS\e1e6232.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x83A18000 ACPI_HAL 225280 bytes
0x83A18000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8F902000 C:\Windows\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x8C0EC000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x92E28000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C60F000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8F889000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C580000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x92EDB000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x91E00000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8C408000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8C33E000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xABF83000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8BF14000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8BE00000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x91B06000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8F800000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C652000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BDD5000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9F501000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xA62CF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91BA2000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8F94E000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xABEB3000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91B2F000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C7AD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x910C2000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8C774000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91F23000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8F8C2000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94990000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x92EBF000 C:\Windows\system32\drivers\AtihdW73.sys 114688 bytes (Advanced Micro Devices, AMD High Definition Audio Function Driver)
0x9F532000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x9F5D0000 C:\Windows\system32\DRIVERS\hidbth.sys 110592 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0x9F200000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA632D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x911D1000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA62A4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92F0A000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0xABFB6000 C:\Users\Scott\AppData\Local\Temp\pwldqpoc.sys 102400 bytes
0x91A9F000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92DDD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91BC4000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9F21B000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x91BDC000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91A00000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C1E8000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x92F73000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9F4E0000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8BFCA000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x91050000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x910F7000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C369000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x90C00000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F8EF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BE2A000 00000142 73728 bytes
0x92DCB000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9F46A000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x91B50000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA62BD000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BE2A000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8C641000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9113C000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C120000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x92EAE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8BF49000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8BC91000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8F937000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x911EB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C3F0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8BF6D000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91FD0000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91AF8000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8F8E1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C600000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C3D9000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x92E5C000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8BEAD000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9F5C3000 C:\Windows\system32\DRIVERS\applebmt.sys 53248 bytes (Apple Inc., Apple Wireless Mouse)
0x9F525000 C:\Windows\system32\drivers\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x91FEC000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9112F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91A23000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91BF3000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xABED4000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C7CE000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x9F5EB000 C:\Windows\system32\DRIVERS\btwl2cap.sys 49152 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)
0x8F9D0000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x91111000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x91A17000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x8BFE0000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8C7A1000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BF62000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x910EC000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91124000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C7F3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92DF5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x91F7A000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x91A30000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x8BF3E000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x910AA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9F4F7000 C:\Windows\system32\DRIVERS\HidBatt.sys 40960 bytes (Microsoft Corporation, Hid Battery Driver)
0xA6362000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x8F9C1000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8F9B7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x92600000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xABEA9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C0E3000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xABFAD000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xABFCF000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8C3E7000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x94910000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C5B1000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x9F232000 C:\Windows\system32\DRIVERS\WinUsb.sys 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x8BF03000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8BCA2000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BF5A000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C200000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8BF0C000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C7DB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C7E3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C7EB000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x92DC3000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x8C400000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C79A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91FDF000 C:\Windows\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0x9110A000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C793000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9111D000 C:\Windows\system32\DRIVERS\radpms.sys 28672 bytes (LogMeIn, Inc., RemotelyAnywhereDpmsSecure Device Driver)
0x8F8BB000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x91FE6000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F970000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8F948000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8F9CB000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x91FFA000 C:\Windows\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0x8C677000 C:\Windows\System32\Drivers\BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)
0x9F5F7000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x8BFC8000 C:\Windows\system32\DRIVERS\AiCharger.sys 8192 bytes (ASUSTek Computer Inc., ASUS Charger driver)
0x91B2D000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xA6360000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x91E2D000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x92F8A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x91FF9000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:57 PM

Posted 04 August 2011 - 04:28 PM

Hi,

I'm not sure your problems are malware related, but let's have a deeper look.

Whilst we work on the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.


Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 05 August 2011 - 02:07 PM

Hi Casey -

Here is the ComboFix Log - things are running better, but I am still finding some random named folders appearing in my external drive directories.


ComboFix 11-08-03.02 - Scott 08/03/2011 12:16:42.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1748 [GMT -5:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
C:\DSC00417.JPG
c:\users\Scott\AppData\Roaming\chrtmp
c:\users\Scott\AppData\Roaming\inst.exe
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Recent\WATCH IT.url
c:\users\Scott\g2mdlhlpx.exe
c:\windows\iun6002.exe
c:\windows\pthreadGC2.dll
c:\windows\system32\Codejock.Controls.v12.0.1.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 17:37 . 2011-08-03 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-02 15:57 . 2011-08-02 15:58 -------- d-----w- c:\program files\Sally's Studio Collector's Edition
2011-08-02 15:42 . 2011-08-02 15:44 -------- d-----w- c:\program files\Unlocker
2011-08-02 09:48 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B2A1E71-8700-4F65-8290-03449F9FFEDD}\mpengine.dll
2011-07-29 15:32 . 2011-07-29 15:32 -------- d-----w- c:\program files\NoLimits Coasters Demo v1.8
2011-07-26 15:21 . 2011-07-27 11:41 -------- d-----w- c:\users\Scott\AppData\Roaming\Spotify
2011-07-26 15:21 . 2011-07-26 15:23 -------- d-----w- c:\users\Scott\AppData\Local\Spotify
2011-07-26 15:21 . 2011-07-26 15:21 -------- d-----w- c:\program files\Spotify
2011-07-25 18:21 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 18:21 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 18:21 . 2011-07-25 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 15:58 . 2011-07-25 16:36 -------- d-----w- c:\users\Scott\AppData\Local\NPE
2011-07-25 15:58 . 2011-07-25 15:58 -------- d-----w- c:\programdata\Norton
2011-07-11 18:58 . 2011-07-11 18:58 -------- d-----w- c:\program files\iPod
2011-07-11 18:58 . 2011-07-11 18:58 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-18 15:04 . 2010-10-08 14:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-18 15:04 . 2010-10-08 14:22 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-18 15:04 . 2010-10-08 14:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-18 15:04 . 2010-10-08 14:22 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-30 18:15 . 2010-01-18 23:47 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 18:15 . 2010-01-18 23:47 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-25 00:14 . 2011-06-24 16:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44 . 2011-06-29 15:56 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-10 13:06 . 2011-05-10 13:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 13:06 . 2011-05-10 13:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-06-17 17:35 . 2011-06-17 17:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 16:03 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDisk1_Complete]
@="{78061A12-1E91-4446-8B65-8ED2FF328D4A}"
[HKEY_CLASSES_ROOT\CLSID\{78061A12-1E91-4446-8B65-8ED2FF328D4A}]
2011-05-17 21:10 828928 ----a-w- c:\program files\Jungle Disk Desktop\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDisk2_InProgress]
@="{700AD13D-E86F-41C9-9A8F-39B4C438806F}"
[HKEY_CLASSES_ROOT\CLSID\{700AD13D-E86F-41C9-9A8F-39B4C438806F}]
2011-05-17 21:10 828928 ----a-w- c:\program files\Jungle Disk Desktop\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDisk3_Conflicted]
@="{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}"
[HKEY_CLASSES_ROOT\CLSID\{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}]
2011-05-17 21:10 828928 ----a-w- c:\program files\Jungle Disk Desktop\monitor_shellext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2011-05-20 1949088]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2011-05-09 4944984]
"4C1D31FDF3597EACE1250555646D3F025973DBC4._service_run"="c:\users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-07-27 1017912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 2460472]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-06 421736]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Jungle Disk Desktop.lnk - c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [2011-5-17 7343432]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-1-11 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 21:17 771360 ----a-w- c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 22:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2011-06-15 21:38 12817920 ----a-w- c:\users\Scott\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 136176]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys [2009-10-16 34304]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-07 25864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cancel;cancel;c:\program files\MSI\i-Charger\cancel.sys [2010-05-21 4864]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 136176]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-04-22 20504]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2010-04-22 21528]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-07 23048]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\DRIVERS\libusb0.sys [2010-08-05 20992]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 mvvideoexta;MaxiVista Virtual Video ExtA;c:\windows\system32\DRIVERS\mvvideoexta.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-22 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-05 13224]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-07 20104]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-11-30 273552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [2010-10-07 234784]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 JungleDiskService;JungleDiskService;c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [2011-05-17 7343432]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-07-18 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-05-31 13408]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 20:04]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 20:04]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313591362-1084847855-2212411745-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-25 20:04]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313591362-1084847855-2212411745-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-25 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\quy000px.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/a/zerby.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
MSConfigStartUp-StormCodec_Helper - c:\program files\Ringz Studio\Storm Codec\StormSet.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2313591362-1084847855-2212411745-1000\Software\񇥌0񵴆򈎄0 *񓰤򅌞0g0ubU00_000񣔌 *񇥌0񵴆򈎄0]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2313591362-1084847855-2212411745-1000\Software\񇥌0񵴆򈎄0 *񓰤򅌞0g0ubU00_000񣔌 *񇥌0񵴆򈎄0\Rolly Remote\Rolly Remote]
"102"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,64,00,00,00,64,00,00,00,76,02,00,00,57,02,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-03 12:51:42
ComboFix-quarantined-files.txt 2011-08-03 17:51
ComboFix2.txt 2010-01-18 17:17
.
Pre-Run: 50,455,060,480 bytes free
Post-Run: 50,232,717,312 bytes free
.
- - End Of File - - BC8B5CA79FB553E45CE24455EEA3BB29

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:57 PM

Posted 06 August 2011 - 01:41 PM

Hi slamzee,

:step1: One of the files ComboFix deleted is linked to a keylogger program. The iun6002.exe file is listed as part of the Wiretap infection. I'm not convinced you were actually infected with this spyware because there are no other signs of it in your log, however, we should take extra precaution because of it.

Spyware and keyloggers are able to monitor the key strokes on your keyboard and send these to a remote server. As such anything you've done on your PC could have been recorded and transmitted. As such, I strongly recommend that you change all of your passwords (i.e. email/banking etc).

:step2: The rest of the log looks OK. With regards to your random named folders on your external drives, I recommend the following:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

When done, reinsert your drives and either reformat them or scan them with MalwareByte's AntiMalware or AntiVir.

:step3: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:57 PM

Posted 11 August 2011 - 05:38 AM

Hi,

This is a 3 day bump.

Hopefully you're still with us but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

Edited by Casey_boy, 11 August 2011 - 05:39 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:57 PM

Posted 15 August 2011 - 05:13 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:57 PM

Posted 16 August 2011 - 11:02 AM

This topic has been re-opened at the request of the person who originally posted.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 17 August 2011 - 01:06 PM

Flash_Disinfector.exe does not seem to run. I double-click to launch it and nothing happens.

When I run RUnhooker there looks like there is something wierd happening. I've will post a screen shot.

Here is my ESet log.


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d8e00b48e656e14ab50f254a63727088
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-11 09:37:28
# local_time=2011-08-11 04:37:28 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 0 49486252 0 0
# compatibility_mode=5893 16776573 100 94 65693 64627543 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=750847
# found=0
# cleaned=0
# scan_time=15916
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d8e00b48e656e14ab50f254a63727088
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-17 01:52:54
# local_time=2011-08-16 08:52:54 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 0 49924561 0 0
# compatibility_mode=5893 16776573 100 94 0 65065852 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=751173
# found=0
# cleaned=0
# scan_time=24933

#11 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 17 August 2011 - 01:08 PM

Here is the odd driver issue I am seeing...

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:57 PM

Posted 18 August 2011 - 07:53 AM

Hi,

It doesn't look as though you attached the screenshot to your post. Could you try again please?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 18 August 2011 - 10:28 AM

Attempt#2 - this is a png file. Maybe the BBS doesn't like that format?

Attached Files



#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:57 PM

Posted 18 August 2011 - 11:48 AM

What happens when you click on the report tab?

What are your current symptoms?

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 slamzee

slamzee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 18 August 2011 - 01:42 PM

My machine freezes after being left idle for a couple hours consistantly.

Here is the RKUnhooker report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #4
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x84229F75-->8DE53AEE [Unknown module filename]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x842E3DCF-->8DE53AF3 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x84261A65-->8DE53A8F [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x834C8473-->8DE53AF8 [Unknown module filename]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0x834C51C5-->8DE53AFD [Unknown module filename]
==============================================
>Processes
==============================================
0x88FFC848 [120] C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH, AntiVir shadow copy service)
0x893C3030 [256] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x872AA270 [304] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x89001400 [316] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x889DED40 [452] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x88D5AD40 [580] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x890E3D40 [584] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x88D57458 [588] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x890D2D40 [616] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x88E04448 [660] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x88DB3D40 [708] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x88787030 [716] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x89069420 [720] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc., LogMeIn Desktop Application)
0x887A2030 [724] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x887BAA28 [844] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8718C868 [916] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x887F1A28 [932] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8881ED40 [1028] C:\Windows\System32\atiesrxx.exe (AMD, AMD External Events Service Module)
0x88E4CD40 [1080] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88E54318 [1116] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88E2FD40 [1144] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8817EA48 [1232] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc., Hamachi Client Application)
0x88E66D40 [1288] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x893BCA70 [1480] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x88E78A28 [1516] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89097518 [1536] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x88E95030 [1560] C:\Windows\System32\atieclxx.exe (AMD, AMD External Events Client Module)
0x88CCB030 [1572] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8909B0E0 [1600] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88F79030 [1744] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x88F85D40 [1776] C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x88F89030 [1796] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88DDB030 [1932] C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc., Hamachi Client Tunneling Engine)
0x88EFED40 [1960] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x88FBC1A8 [1968] C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x88FE6458 [1996] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88FE4D40 [2020] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0x87162D40 [2472] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x891E1328 [2492] C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe (Jungle Disk, Inc., Jungle Disk Desktop Monitor)
0x86C82C20 [2604] C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation, GoFlex Home Agent Application)
0x89213578 [2616] C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe (Google Inc., Google Installer)
0x88326D40 [2660] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x89230C88 [2680] C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc., LMIGuardianSvc)
0x8923FD40 [2728] C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc., LogMeIn Maintenance Service)
0x871F0748 [2772] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x8925B7A0 [2804] C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc., LogMeIn)
0x8925B4B0 [2820] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x892A2400 [3252] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x892C9710 [3284] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x890AC840 [3308] C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo, MemeoDashboardService)
0x8832F340 [3392] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x88E26708 [3580] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x89247578 [3636] C:\Program Files\AirPrint\airprint.exe (Apple Inc., AirPrint For Windows)
0x8760E560 [3648] C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe (-, -)
0x86BEC030 [3692] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8932AD40 [3820] C:\Program Files\AirPort\APAgent.exe (Apple Inc., AirPort Base Station Agent)
0x89058708 [3868] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)
0x89383030 [3916] C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo, Seagate Dashboard)
0x88D9DD40 [3948] C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc., AiChargerAP MFC Application)
0x893C1A30 [4048] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8718ABB8 [4108] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x86C09030 [4260] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x892264A0 [4488] C:\Program Files\AirVideoServer\AirVideoServer.exe
0x890213F8 [4508] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x89028A28 [4528] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x88E83030 [4572] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8931D030 [4596] C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe (Jungle Disk, Inc., Jungle Disk Desktop Monitor)
0x86BA3A58 [4616] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86B3FD40 [4704] C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc., Dropbox)
0x86C81030 [4796] C:\Users\Scott\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x86BEFA28 [5004] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x8764B538 [5080] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x86B0F1A8 [5124] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x87238030 [5488] C:\Program Files\Task Killer\TaskKiller.exe
0x86CD3920 [5748] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x86BC8D40 [6020] C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x871C4B20 [6056] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86943938 [4] System
0x872FE1F8 [868] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x92612000 C:\Windows\system32\DRIVERS\atikmdag.sys 8634368 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x97A1E000 C:\Windows\system32\DRIVERS\lvuvc.sys 4329472 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x84006000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x84006000 PnpManager 4268032 bytes
0x84006000 RAW 4268032 bytes
0x84006000 WMIxWDM 4268032 bytes
0x83450000 Win32k 2416640 bytes
0x83450000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C608000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x84628000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9122D000 C:\Windows\System32\Drivers\dump_iaStorV.sys 897024 bytes
0x83E3D000 C:\Windows\system32\drivers\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x92E4E000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C405000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83AEF000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA9A38000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9DC8A000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83A0F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83C30000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x97F3D000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x91C27000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x84795000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x83F66000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA9B57000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x95B56000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA9B07000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x83700000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92FA0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83D71000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83CAF000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x97E53000 C:\Windows\system32\DRIVERS\lvrs.sys 286720 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x95A9D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83AAD000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x91CA3000 C:\Windows\system32\drivers\cbfs3.sys 266240 bytes (EldoS Corporation, Callback File System Driver)
0x83B9A000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x91D4E000 C:\Windows\system32\DRIVERS\atikmpag.sys 262144 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8C78C000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C4BC000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9DD5D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x92F05000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x92F5D000 C:\Windows\system32\DRIVERS\e1e6232.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x84418000 ACPI_HAL 225280 bytes
0x84418000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83FC0000 C:\Windows\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x83F21000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x95A5B000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C52F000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8C5A8000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C752000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x95B0E000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x91D8E000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8C7D3000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x84757000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA9BA9000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x83D08000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x83DD4000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x91CF2000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x95A33000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C572000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C4FA000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x97FA1000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x9DD3A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x83BDB000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x83E00000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA9AD9000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91D1B000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x91354000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xBA498000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x9131B000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92F3E000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x913DD000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x836E0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x95AF2000 C:\Windows\system32\drivers\AtihdW73.sys 114688 bytes (Advanced Micro Devices, AMD High Definition Audio Function Driver)
0x97FD2000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x97A00000 C:\Windows\system32\DRIVERS\hidbth.sys 110592 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0x97EEC000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9DD98000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9DC23000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9DD0F000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x95B3D000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91C8B000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91DE2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91C0B000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9DC0C000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x83E22000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x83C12000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x913B3000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x95A00000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x97ED5000 C:\Windows\system32\drivers\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA4B9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x83DBE000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x97E3F000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x95BCF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x84782000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9DC77000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9120E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x83C00000 00000143 73728 bytes
0x91DD0000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x97F2B000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x91D3C000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9DD28000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x83C00000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8C561000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x95BB3000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83F55000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x95AE1000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83D3D000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83A94000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C5DA000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x9DC67000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C51F000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x83D61000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x92FEB000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91CE4000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x91200000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x913A5000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x847F2000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x95A8F000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x97E99000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x83CA1000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x97FED000 C:\Windows\system32\DRIVERS\applebmt.sys 53248 bytes (Apple Inc., Apple Wireless Mouse)
0x97FC5000 C:\Windows\system32\drivers\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x91DBB000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x95BA6000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x83A00000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x95A1B000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA9AFA000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91375000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x84609000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x95BEB000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x84615000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x913CA000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x91348000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83D56000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x95BC4000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x97EBB000 C:\Windows\system32\drivers\hppcgenio.sys 45056 bytes (Hewlett Packard, LEDM USB Composite Support Driver)
0x97F16000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x9139A000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91C00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x97EA7000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x92F95000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x95A28000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x83D32000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x91308000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x97F21000 C:\Windows\system32\DRIVERS\HidBatt.sys 40960 bytes (Microsoft Corporation, Hid Battery Driver)
0x9DDCD000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x8C5F5000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C5EB000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x83FF5000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA9ACF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x83F18000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xBA478000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4CF000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x84600000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x97EB2000 C:\Windows\system32\drivers\hppcfaxio.sys 36864 bytes (Hewlett Packard, LEDM FAX)
0x836B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C783000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0xBA48F000 C:\Windows\system32\DRIVERS\WinUsb.sys 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x83CF7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83AA5000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83D4E000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x97EC6000 C:\Windows\system32\drivers\hppcbulkio.sys 32768 bytes (Hewlett Packard, LEDM BULK)
0x8C600000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83D00000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x91382000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x9138A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x91392000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x91DC8000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x8C7CB000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x91341000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92600000 C:\Windows\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0x95BE2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9133A000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x97ECE000 C:\Windows\system32\DRIVERS\radpms.sys 28672 bytes (LogMeIn, Inc., RemotelyAnywhereDpmsSecure Device Driver)
0x913D6000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92607000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x91227000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x91221000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8C400000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x92FFA000 C:\Windows\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0x8C597000 C:\Windows\System32\Drivers\BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)
0x83DBC000 C:\Windows\system32\DRIVERS\AiCharger.sys 8192 bytes (ASUSTek Computer Inc., ASUS Charger driver)
0x91D19000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0x9DDCB000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x95A59000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x95BE9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9260D000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
[1480]chrome.exe-->kernel32.dll+0x000B5474, Type: Inline - RelativeJump 0x77215474-->77215400 [kernel32.dll]
[1480]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 6 [28 00 07 00]
[1480]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 6 [28]
[1480]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 8 [07 00]
[1480]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 6 [68 00 07 00]
[1480]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 6 [A8 01 07 00]
[1480]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77055D9E-->760564A4 [shell32.dll]
[1480]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x77055D98 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 6 [A8 02 07 00]
[1480]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 6 [68 01 07 00]
[1480]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 6 [68 02 07 00]
[1480]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77055E2E-->76056535 [shell32.dll]
[1480]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x77055E28 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 6 [A8 00 07 00]
[1480]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77055FEE-->760566F3 [shell32.dll]
[1480]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x77055FE8 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 6 [28 01 07 00]
[1480]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 6 [28 02 07 00]
[1480]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 11 [E2]
[1480]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 6 [68]
[1480]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 8 [07 00]
[1480]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 11 [E2]
[2472]chrome.exe-->kernel32.dll+0x000B5474, Type: Inline - RelativeJump 0x77215474-->77215400 [kernel32.dll]
[2472]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 6 [28 00 07 00]
[2472]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 6 [28]
[2472]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 8 [07 00]
[2472]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 6 [68 00 07 00]
[2472]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 6 [A8 01 07 00]
[2472]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77055D9E-->760564A4 [shell32.dll]
[2472]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x77055D98 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 6 [A8 02 07 00]
[2472]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 6 [68 01 07 00]
[2472]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 6 [68 02 07 00]
[2472]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77055E2E-->76056535 [shell32.dll]
[2472]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x77055E28 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 6 [A8 00 07 00]
[2472]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77055FEE-->760566F3 [shell32.dll]
[2472]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x77055FE8 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 6 [28 01 07 00]
[2472]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 6 [28 02 07 00]
[2472]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 11 [E2]
[2472]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 6 [68]
[2472]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 8 [07 00]
[2472]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 11 [E2]
[2604]HipServAgent.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->750BFFF6 [apphelp.dll]
[2604]HipServAgent.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->750BFFF6 [apphelp.dll]
[2604]HipServAgent.exe-->kernel32.dll-->CreateProcessA, Type: IAT modification 0x0053D23C-->670A241B [AcLayers.dll]
[2604]HipServAgent.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0053D21C-->750BFFF6 [apphelp.dll]
[2604]HipServAgent.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->750BFFF6 [apphelp.dll]
[3392]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->750BFFF6 [apphelp.dll]
[3392]rundll32.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B14F4-->750BFFF6 [apphelp.dll]
[3392]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->750BFFF6 [apphelp.dll]
[3392]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->750BFFF6 [apphelp.dll]
[3392]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x630013FC-->750BFFF6 [apphelp.dll]
[3692]chrome.exe-->kernel32.dll+0x000B5474, Type: Inline - RelativeJump 0x77215474-->77215400 [kernel32.dll]
[3692]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 6 [28 00 17 00]
[3692]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 6 [28]
[3692]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 8 [17 00]
[3692]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 6 [68 00 17 00]
[3692]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 6 [A8 01 17 00]
[3692]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77055D9E-->760574A4 [shell32.dll]
[3692]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x77055D98 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 6 [A8 02 17 00]
[3692]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 6 [68 01 17 00]
[3692]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 6 [68 02 17 00]
[3692]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77055E2E-->76057535 [shell32.dll]
[3692]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x77055E28 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 6 [A8 00 17 00]
[3692]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77055FEE-->760576F3 [shell32.dll]
[3692]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x77055FE8 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 6 [28 01 17 00]
[3692]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 6 [28 02 17 00]
[3692]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 11 [E2]
[3692]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 6 [68]
[3692]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 8 [17 00]
[3692]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 11 [E2]
[3916]MemeoDashboard.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->750BFFF6 [apphelp.dll]
[3916]MemeoDashboard.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B14F4-->750BFFF6 [apphelp.dll]
[3916]MemeoDashboard.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611BC-->750BFFF6 [apphelp.dll]
[3916]MemeoDashboard.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->750BFFF6 [apphelp.dll]
[3916]MemeoDashboard.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x630013FC-->750BFFF6 [apphelp.dll]
[4572]chrome.exe-->kernel32.dll+0x000B5474, Type: Inline - RelativeJump 0x77215474-->77215400 [kernel32.dll]
[4572]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 6 [28 00 07 00]
[4572]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 6 [28]
[4572]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 8 [07 00]
[4572]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 6 [68 00 07 00]
[4572]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 6 [A8 01 07 00]
[4572]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77055D9E-->760564A4 [shell32.dll]
[4572]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x77055D98 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 6 [A8 02 07 00]
[4572]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 6 [68 01 07 00]
[4572]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 6 [68 02 07 00]
[4572]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77055E2E-->76056535 [shell32.dll]
[4572]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x77055E28 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 6 [A8 00 07 00]
[4572]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77055FEE-->760566F3 [shell32.dll]
[4572]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x77055FE8 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 6 [28 01 07 00]
[4572]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 6 [28 02 07 00]
[4572]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 11 [E2]
[4572]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 6 [68]
[4572]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 8 [07 00]
[4572]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 11 [E2]
[5328]chrome.exe-->kernel32.dll+0x000B5474, Type: Inline - RelativeJump 0x77215474-->77215400 [kernel32.dll]
[5328]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 6 [28 00 07 00]
[5328]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 6 [28]
[5328]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 8 [07 00]
[5328]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 6 [68 00 07 00]
[5328]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 6 [A8 01 07 00]
[5328]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77055D9E-->760564A4 [shell32.dll]
[5328]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x77055D98 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 6 [A8 02 07 00]
[5328]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 6 [68 01 07 00]
[5328]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 6 [68 02 07 00]
[5328]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77055E2E-->76056535 [shell32.dll]
[5328]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x77055E28 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 6 [A8 00 07 00]
[5328]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77055FEE-->760566F3 [shell32.dll]
[5328]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x77055FE8 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 6 [28 01 07 00]
[5328]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 6 [28 02 07 00]
[5328]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 11 [E2]
[5328]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 6 [68]
[5328]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 8 [07 00]
[5328]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 11 [E2]
[5748]chrome.exe-->kernel32.dll+0x000B5474, Type: Inline - RelativeJump 0x77215474-->77215400 [kernel32.dll]
[5748]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 6 [28 00 07 00]
[5748]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 6 [28]
[5748]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 8 [07 00]
[5748]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 6 [68 00 07 00]
[5748]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 6 [A8 01 07 00]
[5748]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77055D9E-->760564A4 [shell32.dll]
[5748]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x77055D98 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 6 [A8 02 07 00]
[5748]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 6 [68 01 07 00]
[5748]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 6 [68 02 07 00]
[5748]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77055E2E-->76056535 [shell32.dll]
[5748]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x77055E28 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 6 [A8 00 07 00]
[5748]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77055FEE-->760566F3 [shell32.dll]
[5748]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x77055FE8 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 6 [28 01 07 00]
[5748]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 6 [28 02 07 00]
[5748]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 11 [E2]
[5748]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 6 [68]
[5748]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 8 [07 00]
[5748]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 11 [E2]
[6020]chrome.exe-->kernel32.dll+0x000B5474, Type: Inline - RelativeJump 0x77215474-->77215400 [kernel32.dll]
[6020]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 6 [28 00 07 00]
[6020]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x770555C8 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 6 [28]
[6020]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 8 [07 00]
[6020]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x77055C28 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 6 [68 00 07 00]
[6020]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x77055CD8 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 6 [A8 01 07 00]
[6020]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x77055D88 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77055D9E-->760564A4 [shell32.dll]
[6020]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x77055D98 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 6 [A8 02 07 00]
[6020]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x77055DA8 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 6 [68 01 07 00]
[6020]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x77055E08 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 6 [68 02 07 00]
[6020]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x77055E18 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77055E2E-->76056535 [shell32.dll]
[6020]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x77055E28 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 6 [A8 00 07 00]
[6020]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x77055F38 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77055FEE-->760566F3 [shell32.dll]
[6020]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x77055FE8 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 6 [28 01 07 00]
[6020]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x77056638 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 6 [28 02 07 00]
[6020]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x77056698 + 11 [E2]
[6020]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 6 [68]
[6020]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 8 [07 00]
[6020]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x770569B8 + 11 [E2]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users