Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIN XP SP3 - No Internet Connection IE8


  • Please log in to reply
10 replies to this topic

#1 ChiliMon

ChiliMon

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lancaster County
  • Local time:03:33 AM

Posted 05 September 2011 - 11:35 AM

Ok, here is my problem and I read of others in this forum and others who had the same problem but still cannot get it to work. This problem started about a year ago but I kept putting it off because of my work schedule which keeps getting busier but finally, a 3 day weekend to catch up on my honey do list.

I am running a Dell Dimension 8200 WIN XP SP3. I have few programs running in the background and Windows Firewall is enabled, currently no virus protection running (out of date). Computer runs pretty good for being 8 years old, still all original except for the one CD drive, replaced with a 52X. All rograms run find on this machine except for being able to access the internet through Firefox or IE 8 even in Safe Mode, fresh reinstall of IE 8. One thing I will mention, there are still 39KB of Zone Alarm files under Program files that I cannot delete, even in Safe mode, it won't even allow me to rename them.

I tried going into the C:\ prompt and reset Winsock and TCP/IP which did not help. I ran Super AntiSpyware twice and no infections of spyware or malware that it could find. Funny thing is, my computer updated Windows yesterday with 9 upgrades from Microsoft ?????

I get the following diagnostic report when I try to connect; only part of the report, if you need the whole report which is a lot of duplication, let me know.

Highlighted in red - Error attempting to validate all Winsock base providors, not all base providers could be found.

Highlighted in green - Network Connection status - Connected

Highlighted in Red - Could not make HTTP connection to www.microsoft.com & others
Could not make HTTP connection
Could not make HTTPS connection
Couldnot make ftp connection

Edited by hamluis, 08 September 2011 - 05:12 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:33 AM

Posted 05 September 2011 - 11:58 AM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#3 ChiliMon

ChiliMon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lancaster County
  • Local time:03:33 AM

Posted 05 September 2011 - 12:52 PM

MiniToolBox by Farbar
Ran by Ken (administrator) on 05-09-2011 at 13:46:38
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: %3clocal%3e:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : ken Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : BelkinEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : CNet PRO200WL PCI Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-80-AD-C0-B6-83 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 68.87.75.198 68.87.64.150 Lease Obtained. . . . . . . . . . : Monday, September 05, 2011 12:09:33 PM Lease Expires . . . . . . . . . . : Wednesday, September 07, 2011 12:09:33 AMServer: UnKnown
Address: 68.87.75.198

Pinging google.com [74.125.115.147] with 32 bytes of data:PING: transmit failed, error code 65.PING: transmit failed, error code 65.Ping statistics for 74.125.115.147: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Server: UnKnown
Address: 68.87.75.198

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:PING: transmit failed, error code 65.PING: transmit failed, error code 65.Ping statistics for 72.30.2.43: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 80 ad c0 b6 83 ...... CNet PRO200WL PCI Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.10 192.168.2.10 20
192.168.2.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.10 192.168.2.10 20
224.0.0.0 240.0.0.0 192.168.2.10 192.168.2.10 20
255.255.255.255 255.255.255.255 192.168.2.10 192.168.2.10 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2011 00:06:51 PM) (Source: Ci) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.

Error: (09/05/2011 00:06:51 PM) (Source: Ci) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (09/04/2011 07:06:26 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:26 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/04/2011 07:06:26 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (09/05/2011 11:59:40 AM) (Source: Print) (User: SYSTEM)
Description: Document file://C:\WINDOWS\network diagnostic\xpnetdiag.xml was corrupted and has been deleted. The associated driver is: HP Deskjet D4100 series.

Error: (09/05/2011 11:58:18 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/05/2011 11:52:54 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/05/2011 11:49:17 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/05/2011 11:45:57 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/05/2011 11:44:40 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/05/2011 11:44:26 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/05/2011 11:44:10 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/05/2011 11:40:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
KLIF
OMCI
Processor
SASDIFSV
SASKUTIL

Error: (09/05/2011 11:39:45 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (09/05/2011 00:06:51 PM) (Source: Ci)(User: )
Description: c:\system volume information\catalog.wci

Error: (09/05/2011 00:06:51 PM) (Source: Ci)(User: )
Description: c:\system volume information\catalog.wci

Error: (09/04/2011 07:06:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/04/2011 07:06:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/04/2011 07:06:25 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 8.1.4 (Version: 8.1.4)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.0.1)
Adobe® Photoshop® Album Starter Edition 3.0.1 (Version: 3.0.1)
America Online (Choose which version to remove)
Backup Dell-Installed Programs (Version: 2.01.0000)
D4100 (Version: 70.0.185.000)
D4100_Help (Version: 70.0.185.000)
Dell ResourceCD
DeviceManagementQFolder (Version: 1.00.0000)
Easy CD Creator 5 Basic (Version: 5.0.0.0000)
ESET Online Scanner
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0 Software (Version: 7.1)
HP Photosmart Essential (Version: 1.9.1.3)
HP Software Update (Version: 3.0.7.014)
HP Solution Center 7.0 (Version: 7.0)
hph_ProductContext (Version: 70.0.185.000)
hph_software (Version: 70.0.185.000)
hph_software_req (Version: 70.0.185.000)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® PROSet II
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java DB 10.2.2.0 (Version: 10.2.2.0)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ SE Development Kit 6 Update 2 (Version: 1.6.0.20)
Labtec WebCam Software (Version: 8.43.0000)
Labtec® Camera Driver
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 5.2 (Version: 5.20.413.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.6361.0)
Microsoft Office Sounds (Version: 1.0.0.0)
Microsoft Picture It! Publishing 2001 (Version: 5.0.0.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.1829)
MSN Music Assistant
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Office Animation Runtime (Version: 11.0.5510.0)
OneTouch Version 3.0 (Version: Version 3.0)
PanoStandAlone (Version: 70.0.170.000)
PaperPort 7.0
PRO200WL
SolutionCenter (Version: 70.0.170.000)
Status (Version: 70.0.170.000)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
VC 9.0 Runtime (Version: 1.0.0)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.5318)
WebReg (Version: 70.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip (Version: 9.0 (6028))
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)

========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 767.01 MB
Available physical RAM: 263.12 MB
Total Pagefile: 1875.32 MB
Available Pagefile: 1517.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.96 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.24 GB) (Free:20.29 GB) NTFS
3 Drive d: (XP2_PER_ENG) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
5 Drive f: () (Removable) (Total:124.98 GB) (Free:124.7 GB) FAT32

========================= Users: ========================================

User accounts for \\KEN

Administrator Guest HelpAssistant
Ken SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini050806-01.dmp

**** End of log ****

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:33 AM

Posted 05 September 2011 - 01:02 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#5 ChiliMon

ChiliMon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lancaster County
  • Local time:03:33 AM

Posted 05 September 2011 - 03:34 PM

Ran the Malware, found one Trojan, quarantined and removed successfully.

Ran Super Antispyware - Nothing

Running GMER now, its going to be a rather large text document, are you sure you want me to paste it in the thread ?

Not sure if I can insert a file into the thread though. Computer is 8 years old so there is a lot there plus it is the free for all computer.

#6 ChiliMon

ChiliMon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lancaster County
  • Local time:03:33 AM

Posted 05 September 2011 - 05:58 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-05 18:03:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340016A rev.3.10
Running: 0ciqh00e.exe; Driver: C:\DOCUME~1\KEN~1\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF5C276E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF5C34490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF5C31C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF5C31E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF5C35D50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF5C27C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF5C34D10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF5C34AC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF5C31600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF5C35230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF5C352B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF5C27AD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF5C334F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF5C332B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF5C35970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF5C353D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF5C357C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF5C2AAA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF5C27EA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF5C34800]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF5C32580]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF47510B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 24C 804E28B8 1 Byte [B0]
.text KSecDD.sys!UnsealMessage F76CF380 44 Bytes [00, 00, 00, 00, 00, 00, 8B, ...]
.text KSecDD.sys!UnsealMessage F76CF3AD 214 Bytes [1C, 83, F8, 0F, 75, 0D, 8D, ...]
.text KSecDD.sys!UnsealMessage F76CF484 26 Bytes [49, 04, 6A, 01, 50, 89, 48, ...]
.text KSecDD.sys!UnsealMessage F76CF49F 46 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text KSecDD.sys!UnsealMessage F76CF4CE 29 Bytes [FF, F3, AB, 8B, 45, 08, 89, ...]
.text ...
.text KSecDD.sys!InitSecurityInterfaceW + 11 F76CF8BF 102 Bytes [7C, 0E, 8B, 45, 08, 85, C0, ...]
.text KSecDD.sys!SecLookupAccountSid + 4C F76CF926 15 Bytes [55, 8B, EC, 5D, FF, 25, 6C, ...] {PUSH EBP; MOV EBP, ESP; POP EBP; JMP [0xf76d1c6c]; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 }
.text KSecDD.sys!SecLookupAccountName F76CF936 11 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x10; PUSH EDI; XOR EAX, EAX}
.text KSecDD.sys!SecLookupAccountName + C F76CF942 65 Bytes [C9, 66, 89, 4D, F8, 8D, 7D, ...]
.text KSecDD.sys!KSecRegisterSecurityProvider + 10 F76CF984 192 Bytes [75, 0C, 52, FF, 75, 08, E8, ...]
.text KSecDD.sys!KSecRegisterSecurityProvider + D1 F76CFA45 1 Byte [6A]
.text KSecDD.sys!KSecRegisterSecurityProvider + D1 F76CFA45 69 Bytes [6A, 00, F3, A4, FF, 35, A4, ...]
.text KSecDD.sys!KSecRegisterSecurityProvider + 117 F76CFA8B 1 Byte [00]
.text KSecDD.sys!KSecRegisterSecurityProvider + 12B F76CFA9F 105 Bytes [00, 00, C0, 23, C6, 3B, C6, ...]
.text ...
.text KSecDD.sys!KSecValidateBuffer + 6 F76CFB5C 51 Bytes [07, B8, 01, 00, 00, C0, EB, ...]
.text KSecDD.sys!KSecValidateBuffer + 3A F76CFB90 67 Bytes [6D, F7, 73, 11, 8B, 0E, 8B, ...]
.text KSecDD.sys!KSecValidateBuffer + 7E F76CFBD4 13 Bytes [7D, 0C, 00, 75, 04, 33, C0, ...] {JGE 0xe; ADD [EBP+0x4], DH; XOR EAX, EAX; JMP 0x6c; CMP DWORD [EBP+0xc], 0x8}
.text KSecDD.sys!KSecValidateBuffer + 8C F76CFBE2 286 Bytes [55, 08, 56, 57, 72, 10, 6A, ...]
.text KSecDD.sys!SecSetPagingMode + 5D F76CFD01 118 Bytes [75, 18, 8B, 46, 08, 8D, 44, ...]
.text KSecDD.sys!SecSetPagingMode + D4 F76CFD78 109 Bytes [04, B0, 3B, C3, 74, 11, 8B, ...]
.text KSecDD.sys!GetSecurityUserInfo + 66 F76CFDE6 59 Bytes [3B, FB, 7C, 09, 46, 3B, 35, ...]
.text KSecDD.sys!GetSecurityUserInfo + A3 F76CFE23 44 Bytes [00, 52, 00, 49, 00, 54, 00, ...]
.text KSecDD.sys!GetSecurityUserInfo + D0 F76CFE50 68 Bytes [4E, 00, 5F, 00, 49, 00, 4E, ...]
.text KSecDD.sys!GetSecurityUserInfo + 116 F76CFE96 1 Byte [E0]
.text KSecDD.sys!GetSecurityUserInfo + 116 F76CFE96 25 Bytes [E0, 50, 68, 03, 00, 1F, 00, ...]
.text ...
.text KSecDD.sys!EfsGenerateKey + D F76CFF2D 180 Bytes [15, 98, 1C, 6D, F7, 85, FF, ...]
.text KSecDD.sys!SecMakeSPNEx + 8A F76CFFE2 103 Bytes [75, 1C, FF, 75, 18, FF, 75, ...]
.text KSecDD.sys!SecMakeSPNEx + F2 F76D004A 2 Bytes [4D, 0C]
.text KSecDD.sys!SecMakeSPNEx + F5 F76D004D 104 Bytes [55, 20, 89, 45, FC, 8B, 45, ...]
.text KSecDD.sys!SecMakeSPNEx + 15E F76D00B6 65 Bytes [8C, 75, 01, 00, 00, 0F, B7, ...]
.text KSecDD.sys!SecMakeSPNEx + 1A0 F76D00F8 64 Bytes [89, 38, 80, 7D, 28, 00, 74, ...]
.text ...
PAGE KSecDD.sys!CredMarshalTargetInfo + 35 F76D4EB5 8 Bytes [FF, 1C, 00, 66, C7, 85, FE, ...]
PAGE KSecDD.sys!CredMarshalTargetInfo + 3E F76D4EBE 6 Bytes [FF, 34, 00, 89, 9D, 18]
PAGE KSecDD.sys!CredMarshalTargetInfo + 45 F76D4EC5 1 Byte [FF]
PAGE KSecDD.sys!CredMarshalTargetInfo + 45 F76D4EC5 49 Bytes [FF, FF, C7, 85, 14, FF, FF, ...]
PAGE KSecDD.sys!CredMarshalTargetInfo + 77 F76D4EF7 20 Bytes [C1, E9, 02, C7, 85, 28, FF, ...]
PAGE ...
PAGE KSecDD.sys!AcquireCredentialsHandleW + 93 F76D5859 40 Bytes [8D, 38, FF, FF, FF, 89, 08, ...]
PAGE KSecDD.sys!AcquireCredentialsHandleW + BC F76D5882 43 Bytes [55, 8B, EC, 57, FF, 15, 2C, ...]
PAGE KSecDD.sys!AcquireCredentialsHandleW + E8 F76D58AE 122 Bytes [25, 74, 33, 6D, F7, 00, 80, ...]
PAGE KSecDD.sys!AddCredentialsW + 65 F76D5929 48 Bytes [00, 00, A1, AC, 24, 6D, F7, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + 18 F76D595A 192 Bytes [FF, 00, C7, 85, 5C, FF, FF, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + DA F76D5A1C 20 Bytes [85, 50, FF, FF, FF, 50, 8D, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + EF F76D5A31 62 Bytes [C9, 3B, C1, 89, 85, 64, FF, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + 12E F76D5A70 43 Bytes [8B, 85, 60, FF, FF, FF, 3B, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + 15A F76D5A9C 2 Bytes [FF, 36] {PUSH DWORD [ESI]}
PAGE ...
PAGE KSecDD.sys!DeleteSecurityContext + B F76D5D79 97 Bytes [FF, FF, 8B, 45, 14, 33, F6, ...]
PAGE KSecDD.sys!LsaGetLogonSessionData + 1F F76D5DDB 10 Bytes [00, 89, 0E, C7, 05, 8C, 33, ...]
PAGE KSecDD.sys!InitializeSecurityContextW + 4D F76D5E29 104 Bytes [48, 0F, 84, AF, 00, 00, 00, ...]
PAGE KSecDD.sys!InitializeSecurityContextW + B6 F76D5E92 89 Bytes [75, FC, 8D, 4D, 0C, 51, 50, ...]
PAGE KSecDD.sys!InitializeSecurityContextW + 111 F76D5EED 74 Bytes [C0, EB, 03, 89, 5E, 18, 89, ...]
PAGE KSecDD.sys!InitializeSecurityContextW + 15C F76D5F38 33 Bytes [75, 10, A1, 98, 33, 6D, F7, ...]
PAGE KSecDD.sys!InitializeSecurityContextW + 17F F76D5F5B 1 Byte [F8]
PAGE ...
PAGE KSecDD.sys!AcceptSecurityContext + 5 F76D601D 55 Bytes [83, EC, 10, 33, D2, 39, 55, ...]
PAGE KSecDD.sys!AcceptSecurityContext + 3D F76D6055 1 Byte [C2]
PAGE KSecDD.sys!AcceptSecurityContext + 3D F76D6055 4 Bytes [C2, 75, 03, 8D]
PAGE KSecDD.sys!AcceptSecurityContext + 42 F76D605A 40 Bytes [F8, 56, 8D, 75, 0C, 56, 51, ...]
PAGE KSecDD.sys!AcceptSecurityContext + 6B F76D6083 10 Bytes [CC, 8B, FF, 55, 8B, EC, FF, ...]
PAGE ...
PAGE KSecDD.sys!ImportSecurityContextW F76D657A 66 Bytes [CC, CC, 8B, FF, 55, 8B, EC, ...]
PAGE KSecDD.sys!ImportSecurityContextW + 43 F76D65BD 21 Bytes [89, 5D, C0, 89, 5D, C4, 89, ...]
PAGE KSecDD.sys!ImportSecurityContextW + 59 F76D65D3 16 Bytes [5D, E0, 89, 5D, E4, 88, 5D, ...]
PAGE KSecDD.sys!ImportSecurityContextW + 6A F76D65E4 36 Bytes [C7, 45, 08, 01, 03, 09, 80, ...]
PAGE KSecDD.sys!ImportSecurityContextW + 8F F76D6609 41 Bytes [89, 55, D4, 89, 4D, D8, 74, ...]
PAGE ...
PAGE KSecDD.sys!SecMakeSPN + 7 F76D697F 10 Bytes [FF, FF, 50, FF, 75, F8, E8, ...]
PAGE KSecDD.sys!SecMakeSPN + 12 F76D698A 14 Bytes [3B, C3, 7D, 03, 89, 45, 08, ...]
PAGE KSecDD.sys!SecMakeSPN + 21 F76D6999 193 Bytes [74, 3C, 39, 5E, 04, 74, 13, ...]
PAGE KSecDD.sys!SecMakeSPN + E3 F76D6A5B 186 Bytes [FF, 15, 08, 1C, 6D, F7, 8B, ...]
PAGE KSecDD.sys!SecMakeSPN + 19E F76D6B16 6 Bytes [45, FC, 8B, 0D, AC, 33]
PAGE ...
PAGEMSG KSecDD.sys!ImpersonateSecurityContext + 4C F76D8302 81 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
PAGEMSG KSecDD.sys!QuerySecurityContextToken + 26 F76D8354 10 Bytes [45, 08, 80, 08, 01, 5F, 5E, ...]
PAGEMSG KSecDD.sys!QuerySecurityContextToken + 31 F76D835F 18 Bytes [00, CC, CC, CC, CC, CC, 6A, ...] {ADD AH, CL; INT 3 ; INT 3 ; INT 3 ; INT 3 ; PUSH 0x18; PUSH 0xf76d1e60; CALL 0xffffffffffff83bd}
PAGEMSG KSecDD.sys!QuerySecurityContextToken + 44 F76D8372 99 Bytes [18, 58, 8B, 4D, 0C, 39, 01, ...]
PAGEMSG KSecDD.sys!QueryContextAttributesW + 4E F76D83D6 106 Bytes CALL F769D15E Ntfs.sys (NT File System Driver/Microsoft Corporation)
PAGEMSG KSecDD.sys!VerifySignature + 11 F76D8441 31 Bytes [EC, 83, 7D, 08, 00, 74, 0C, ...]
PAGEMSG KSecDD.sys!VerifySignature + 31 F76D8461 73 Bytes [55, 8B, EC, 83, EC, 44, A1, ...]
PAGEMSG KSecDD.sys!SealMessage + 3D F76D84AB 46 Bytes [00, 00, 89, 75, D4, C7, 45, ...]
PAGEMSG KSecDD.sys!UnsealMessage + 2E F76D84DA 2 Bytes [75, E8] {JNZ 0xffffffffffffffea}
PAGEMSG KSecDD.sys!UnsealMessage + 31 F76D84DD 285 Bytes [15, 0C, 1D, 6D, F7, 8B, F8, ...]
PAGEMSG KSecDD.sys!UnsealMessage + 14F F76D85FB 7 Bytes [57, 8D, 45, FC, 50, 56, FF]
PAGEMSG KSecDD.sys!UnsealMessage + 161 F76D860D 5 Bytes [8B, 45, FC, 7C, 05] {MOV EAX, [EBP-0x4]; JL 0xa}
PAGEMSG KSecDD.sys!UnsealMessage + 167 F76D8613 12 Bytes [4D, 10, 89, 01, 85, C0, 74, ...]
PAGEMSG ...
.text Ntfs.sys F7642300 41 Bytes [8B, 4D, F0, 64, 89, 0D, 00, ...]
.text Ntfs.sys F764232B 46 Bytes [50, 8B, 44, 24, 10, 89, 6C, ...]
.text Ntfs.sys F764235A 23 Bytes [C3, 90, 90, 90, 90, 90, FF, ...]
.text Ntfs.sys F7642372 44 Bytes [5D, 08, 83, C3, 78, 56, 8B, ...]
.text Ntfs.sys F764239F 47 Bytes [31, 80, 08, 0F, 85, 1B, 5A, ...]
.text ...
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3860] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT KSecDD.sys[ntoskrnl.exe!RtlCopyUnicodeString] 8D59C033
IAT KSecDD.sys[ntoskrnl.exe!RtlCopySid] ABF3BC7D
IAT KSecDD.sys[ntoskrnl.exe!RtlLengthSid] C18BCA8B
IAT KSecDD.sys[ntoskrnl.exe!RtlInitUnicodeString] 8B02E9C1
IAT KSecDD.sys[ntoskrnl.exe!LpcRequestWaitReplyPort] BC7D8DF3
IAT KSecDD.sys[ntoskrnl.exe!PsGetProcessSecurityPort] C88BA5F3
IAT KSecDD.sys[ntoskrnl.exe!PsGetCurrentProcess] F303E183
IAT KSecDD.sys[ntoskrnl.exe!ObReferenceObjectByHandle] 33106AA4
IAT KSecDD.sys[ntoskrnl.exe!ZwClose] BD8D59C0
IAT KSecDD.sys[ntoskrnl.exe!ObfDereferenceObject] FFFFFF7C
IAT KSecDD.sys[ntoskrnl.exe!PsSetProcessSecurityPort] CA8BABF3
IAT KSecDD.sys[ntoskrnl.exe!ZwConnectPort] E9C1C18B
IAT KSecDD.sys[ntoskrnl.exe!strncpy] 8DF38B02
IAT KSecDD.sys[ntoskrnl.exe!ObOpenObjectByPointer] FFFF7CBD
IAT KSecDD.sys[ntoskrnl.exe!ObfReferenceObject] 8BA5F3FF
IAT KSecDD.sys[ntoskrnl.exe!IofCompleteRequest] 03E183C8
IAT KSecDD.sys[ntoskrnl.exe!MmUserProbeAddress] C033A4F3
IAT KSecDD.sys[ntoskrnl.exe!KeInitializeEvent] BC057481
IAT KSecDD.sys[ntoskrnl.exe!IoCreateDevice] 36363636
IAT KSecDD.sys[ntoskrnl.exe!ZwAllocateVirtualMemory] 7C05B481
IAT KSecDD.sys[ntoskrnl.exe!ZwFreeVirtualMemory] 5CFFFFFF
IAT KSecDD.sys[ntoskrnl.exe!RtlMapSecurityErrorToNtStatus] 835C5C5C
IAT KSecDD.sys[ntoskrnl.exe!KeWaitForSingleObject] F88304C0
IAT KSecDD.sys[ntoskrnl.exe!KeSetEvent] 8DE57240
IAT KSecDD.sys[ntoskrnl.exe!RtlEqualUnicodeString] FFFEC085
IAT KSecDD.sys[ntoskrnl.exe!ExAllocatePoolWithTag] 41E850FF
IAT KSecDD.sys[ntoskrnl.exe!PsGetCurrentThread] 6A0000DA
IAT KSecDD.sys[ntoskrnl.exe!SeTokenImpersonationLevel] BC458D40
IAT KSecDD.sys[ntoskrnl.exe!NtDuplicateObject] C0858D50
IAT KSecDD.sys[ntoskrnl.exe!MmLockPagableDataSection] 50FFFFFE
IAT KSecDD.sys[ntoskrnl.exe!MmUnlockPagableImageSection] 00DA6FE8
IAT KSecDD.sys[ntoskrnl.exe!ZwOpenEvent] 0C7D8300
IAT KSecDD.sys[ntoskrnl.exe!NtClose] FF157400
IAT KSecDD.sys[ntoskrnl.exe!NtWaitForSingleObject] 858D0C75
IAT KSecDD.sys[ntoskrnl.exe!PsGetProcessId] FFFFFEC0
IAT KSecDD.sys[ntoskrnl.exe!PsGetThreadProcessId] FEBCB5FF
IAT KSecDD.sys[ntoskrnl.exe!KeLeaveCriticalRegion] E850FFFF
IAT KSecDD.sys[ntoskrnl.exe!ExReleaseResourceLite] 0000DA54
IAT KSecDD.sys[ntoskrnl.exe!ExAcquireResourceExclusiveLite] 00147D83
IAT KSecDD.sys[ntoskrnl.exe!KeEnterCriticalRegion] 75FF1574
IAT KSecDD.sys[ntoskrnl.exe!KeInitializeSpinLock] C0858D14
IAT KSecDD.sys[ntoskrnl.exe!ExInitializeResourceLite] FFFFFFFE
IAT KSecDD.sys[ntoskrnl.exe!RtlIntegerToUnicodeString] FFFEB8B5
IAT KSecDD.sys[ntoskrnl.exe!PsGetProcessCreateTimeQuadPart] 39E850FF
IAT KSecDD.sys[ntoskrnl.exe!SeReleaseSubjectContext] 8D0000DA
IAT KSecDD.sys[ntoskrnl.exe!SeUnlockSubjectContext] FFFEC085
IAT KSecDD.sys[ntoskrnl.exe!SeQueryAuthenticationIdToken] 6DE850FF
IAT KSecDD.sys[ntoskrnl.exe!SeLockSubjectContext] 6A0000DB
IAT KSecDD.sys[ntoskrnl.exe!SeCaptureSubjectContext] B58D5910
IAT KSecDD.sys[ntoskrnl.exe!_except_handler3] FFFFFF7C
IAT KSecDD.sys[ntoskrnl.exe!ExQueueWorkItem] FF2CBD8D
IAT KSecDD.sys[ntoskrnl.exe!KeStackAttachProcess] A5F3FFFF
IAT KSecDD.sys[ntoskrnl.exe!KeUnstackDetachProcess] FF18B58D
IAT KSecDD.sys[ntoskrnl.exe!PsImpersonateClient] BD8DFFFF
IAT KSecDD.sys[ntoskrnl.exe!ExFreePoolWithTag] FFFFFF6C
IAT KSecDD.sys[ntoskrnl.exe!ZwQuerySystemInformation] 8DA5A5A5
IAT KSecDD.sys[ntoskrnl.exe!KeTickCount] FFFEC085
IAT KSecDD.sys[ntoskrnl.exe!PsGetCurrentThreadId] E8A550FF
IAT KSecDD.sys[ntoskrnl.exe!PsGetCurrentProcessId] 0000D9C0
IAT KSecDD.sys[ntoskrnl.exe!ZwCreateKey] 858D506A
IAT KSecDD.sys[ntoskrnl.exe!ZwQueryValueKey] FFFFFF2C
IAT KSecDD.sys[ntoskrnl.exe!ZwSetValueKey] C0858D50
IAT KSecDD.sys[ntoskrnl.exe!ExDeleteResourceLite] 50FFFFFE
IAT KSecDD.sys[ntoskrnl.exe!ZwOpenKey] 00D9EBE8
IAT KSecDD.sys[ntoskrnl.exe!ExAcquireSharedWaitForExclusive] C0858D00
IAT KSecDD.sys[ntoskrnl.exe!ExGetPreviousMode] 50FFFFFE
IAT KSecDD.sys[ntoskrnl.exe!wcscpy] 00DB1FE8
IAT KSecDD.sys[ntoskrnl.exe!ZwSetInformationObject] B4BD8B00
IAT KSecDD.sys[ntoskrnl.exe!wcslen] 8BFFFFFE
IAT KSecDD.sys[ntoskrnl.exe!ZwQueryObject] B58DFC4D
IAT KSecDD.sys[ntoskrnl.exe!ExAllocatePool] FFFFFF18
IAT KSecDD.sys[ntoskrnl.exe!memmove] A5A5A5A5
IAT KSecDD.sys[ntoskrnl.exe!RtlFreeOemString] 5E01B05F
IAT KSecDD.sys[ntoskrnl.exe!RtlUnicodeStringToOemString] FFEE12E8
IAT KSecDD.sys[HAL.dll!KfReleaseSpinLock] 458BFFFF
IAT KSecDD.sys[HAL.dll!ExAcquireFastMutex] B4858918
IAT KSecDD.sys[HAL.dll!ExReleaseFastMutex] 76FFFFFE
IAT KSecDD.sys[HAL.dll!KfAcquireSpinLock] 5A406A03
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNormalizeNtstatus] F9E8DC45
IAT Ntfs.sys[ntoskrnl.exe!CcFlushCache] C2FFFEA9
IAT Ntfs.sys[ntoskrnl.exe!ExIsResourceAcquiredExclusiveLite] 9090000C
IAT Ntfs.sys[ntoskrnl.exe!RtlInitUnicodeString] 8B909090
IAT Ntfs.sys[ntoskrnl.exe!InterlockedPopEntrySList] 758B087D
IAT Ntfs.sys[ntoskrnl.exe!InterlockedPushEntrySList] 909090E0
IAT Ntfs.sys[ntoskrnl.exe!KeQuerySystemTime] C08B9090
IAT Ntfs.sys[ntoskrnl.exe!RtlCompareMemory] 7C15FF56
IAT Ntfs.sys[ntoskrnl.exe!FsRtlAreNamesEqual] 80F7659D
IAT Ntfs.sys[ntoskrnl.exe!FsRtlCheckLockForWriteAccess] C3FD0567
IAT Ntfs.sys[ntoskrnl.exe!FsRtlOplockIsFastIoPossible] 90909090
IAT Ntfs.sys[ntoskrnl.exe!FsRtlCheckOplock] 55FF8B90
IAT Ntfs.sys[ntoskrnl.exe!CcSetDirtyPinnedData] 5151EC8B
IAT Ntfs.sys[ntoskrnl.exe!MmSetAddressRangeModified] 085D8B53
IAT Ntfs.sys[ntoskrnl.exe!MmCanFileBeTruncated] FF335756
IAT Ntfs.sys[ntoskrnl.exe!RtlGenerate8dot3Name] 75207B39
IAT Ntfs.sys[ntoskrnl.exe!RtlUpcaseUnicodeString] E9C03207
IAT Ntfs.sys[ntoskrnl.exe!CcCopyWrite] 00000101
IAT Ntfs.sys[ntoskrnl.exe!CcCanIWrite] BA41C933
IAT Ntfs.sys[ntoskrnl.exe!CcPinRead] [F7662370] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!IoGetTopLevelIrp] 0FF0C033
IAT Ntfs.sys[ntoskrnl.exe!_aullshr] C73B0AB1
IAT Ntfs.sys[ntoskrnl.exe!_allshl] 00B9850F
IAT Ntfs.sys[ntoskrnl.exe!IoGetStackLimits] 4E680000
IAT Ntfs.sys[ntoskrnl.exe!RtlSetBits] 6A564674
IAT Ntfs.sys[ntoskrnl.exe!RtlClearBits] FF016A18
IAT Ntfs.sys[ntoskrnl.exe!FsRtlGetNextLargeMcbEntry] 65A01415
IAT Ntfs.sys[ntoskrnl.exe!RtlAreBitsSet] 3BF08BF7
IAT Ntfs.sys[ntoskrnl.exe!RtlFindLastBackwardRunClear] 087589F7
IAT Ntfs.sys[ntoskrnl.exe!RtlNumberOfClearBits] 009D840F
IAT Ntfs.sys[ntoskrnl.exe!_allmul] 066A0000
IAT Ntfs.sys[ntoskrnl.exe!RtlAreBitsClear] 8B59C033
IAT Ntfs.sys[ntoskrnl.exe!RtlFindClearBits] 8BABF3FE
IAT Ntfs.sys[ntoskrnl.exe!RtlFindClearRuns] C0850C45
IAT Ntfs.sys[ntoskrnl.exe!FsRtlRemoveLargeMcbEntry] C0835D74
IAT Ntfs.sys[ntoskrnl.exe!FsRtlLookupLargeMcbEntry] 15FF5030
IAT Ntfs.sys[ntoskrnl.exe!FsRtlAddLargeMcbEntry] [F7659E20] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!KeReleaseMutant] 4E68F88B
IAT Ntfs.sys[ntoskrnl.exe!ObfDereferenceObject] 83564674
IAT Ntfs.sys[ntoskrnl.exe!CcUninitializeCacheMap] 6A5730C7
IAT Ntfs.sys[ntoskrnl.exe!CcSetLogHandleForFile] 1415FF01
IAT Ntfs.sys[ntoskrnl.exe!CcInitializeCacheMap] 85F765A0
IAT Ntfs.sys[ntoskrnl.exe!IoCreateStreamFileObjectLite] 0C4689C0
IAT Ntfs.sys[ntoskrnl.exe!KeWaitForSingleObject] 56502175
IAT Ntfs.sys[ntoskrnl.exe!CcMapData] A01C15FF
IAT Ntfs.sys[ntoskrnl.exe!CcPinMappedData] 75FFF765
IAT Ntfs.sys[ntoskrnl.exe!CcPreparePinWrite] FFC03314
IAT Ntfs.sys[ntoskrnl.exe!CcMdlReadComplete] 438A1075
IAT Ntfs.sys[ntoskrnl.exe!CcMdlWriteComplete] 0C75FF14
IAT Ntfs.sys[ntoskrnl.exe!KeBugCheckEx] 73FF006A
IAT Ntfs.sys[ntoskrnl.exe!CcZeroData] 73FF5010
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIsNtstatusExpected] 8B75EB20
IAT Ntfs.sys[ntoskrnl.exe!DbgBreakPoint] CF8B0C75
IAT Ntfs.sys[ntoskrnl.exe!DbgPrint] C18BF88B
IAT Ntfs.sys[ntoskrnl.exe!KdDebuggerEnabled] F302E9C1
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNotifyVolumeEvent] 83C88BA5
IAT Ntfs.sys[ntoskrnl.exe!RtlDeleteElementGenericTableAvl] A4F303E1
IAT Ntfs.sys[ntoskrnl.exe!IoRemoveShareAccess] 8B08758B
IAT Ntfs.sys[ntoskrnl.exe!FsRtlAddToTunnelCache] 46891445
IAT Ntfs.sys[ntoskrnl.exe!FsRtlFastUnlockAll] 10458B14
IAT Ntfs.sys[ntoskrnl.exe!IoGetRequestorProcess] 8A104689
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNotifyFilterReportChange] 46881443
IAT Ntfs.sys[ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache] 10438B04
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNotifyCleanup] 08468956
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNotifyFilterChangeDirectory] 6820438B
IAT Ntfs.sys[ntoskrnl.exe!MmFlushImageSection] [F76C3E7D] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!KeLeaveCriticalRegion] 73FF0689
IAT Ntfs.sys[ntoskrnl.exe!IoSetTopLevelIrp] 0AE85320
IAT Ntfs.sys[ntoskrnl.exe!KeEnterCriticalRegion] B000063D
IAT Ntfs.sys[ntoskrnl.exe!IofCompleteRequest] FF32EB01
IAT Ntfs.sys[ntoskrnl.exe!ExQueueWorkItem] 4B8B1475
IAT Ntfs.sys[ntoskrnl.exe!IoGetCurrentProcess] 6C418B20
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIsNameInExpression] 06508B66
IAT Ntfs.sys[ntoskrnl.exe!FsRtlDoesNameContainWildCards] 831075FF
IAT Ntfs.sys[ntoskrnl.exe!IoCheckEaBufferValidity] 458918C0
IAT Ntfs.sys[ntoskrnl.exe!ExIsResourceAcquiredSharedLite] 458D57FC
IAT Ntfs.sys[ntoskrnl.exe!KeSetEvent] 73FF50F8
IAT Ntfs.sys[ntoskrnl.exe!IoSetInformation] 8AC03310
IAT Ntfs.sys[ntoskrnl.exe!FsRtlOplockFsctrl] 89661443
IAT Ntfs.sys[ntoskrnl.exe!IoUpdateShareAccess] 8966FA55
IAT Ntfs.sys[ntoskrnl.exe!IoSetShareAccess] 5150F855
IAT Ntfs.sys[ntoskrnl.exe!IoCheckShareAccess] 06C2B4E8
IAT Ntfs.sys[ntoskrnl.exe!FsRtlCurrentBatchOplock] 5B5E5F00
IAT Ntfs.sys[ntoskrnl.exe!ObReleaseObjectSecurity] 0010C2C9
IAT Ntfs.sys[ntoskrnl.exe!ObGetObjectSecurity] 90909090
IAT Ntfs.sys[ntoskrnl.exe!SePrivilegeCheck] 55FF8B90
IAT Ntfs.sys[ntoskrnl.exe!CcWaitForCurrentLazyWriterActivity] 8B56EC8B
IAT Ntfs.sys[ntoskrnl.exe!RtlGetOwnerSecurityDescriptor] 468B0875
IAT Ntfs.sys[ntoskrnl.exe!FsRtlFindInTunnelCache] 74C08520
IAT Ntfs.sys[ntoskrnl.exe!SeSinglePrivilegeCheck] 50016A33
IAT Ntfs.sys[ntoskrnl.exe!KeClearEvent] C4E0E856
IAT Ntfs.sys[ntoskrnl.exe!FsRtlDissectName] 7D830006
IAT Ntfs.sys[ntoskrnl.exe!_alloca_probe] 2474000C
IAT Ntfs.sys[ntoskrnl.exe!IoCancelIrp] 189D3D80
IAT Ntfs.sys[ntoskrnl.exe!KeSetKernelStackSwapEnable] 7500F766
IAT Ntfs.sys[ntoskrnl.exe!KeInitializeEvent] 147E801B
IAT Ntfs.sys[ntoskrnl.exe!IoIsOperationSynchronous] 8006750D
IAT Ntfs.sys[ntoskrnl.exe!IofCallDriver] 7401157E
IAT Ntfs.sys[ntoskrnl.exe!MmUnmapLockedPages] 1475FF0F
IAT Ntfs.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] FF1075FF
IAT Ntfs.sys[ntoskrnl.exe!IoBuildPartialMdl] E8560C75
IAT Ntfs.sys[ntoskrnl.exe!IoFreeMdl] FFFFE472
IAT Ntfs.sys[ntoskrnl.exe!MmProbeAndLockPages] 10C25D5E
IAT Ntfs.sys[ntoskrnl.exe!IoAllocateMdl] 90909000
IAT Ntfs.sys[ntoskrnl.exe!KeGetCurrentThread] FF8B9090
IAT Ntfs.sys[ntoskrnl.exe!RtlDecompressBuffer] 51EC8B55
IAT Ntfs.sys[ntoskrnl.exe!RtlDecompressFragment] 0C458B51
IAT Ntfs.sys[ntoskrnl.exe!RtlGetCompressionWorkSpaceSize] 708B5653
IAT Ntfs.sys[ntoskrnl.exe!IoFreeIrp] 144E8A1C
IAT Ntfs.sys[ntoskrnl.exe!ExReleaseResourceForThreadLite] 5712F980
IAT Ntfs.sys[ntoskrnl.exe!CcUnpinDataForThread] 74F87589
IAT Ntfs.sys[ntoskrnl.exe!CcSetBcbOwnerPointer] 02F98009
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIsTotalDeviceFailure] 01FF45C6
IAT Ntfs.sys[ntoskrnl.exe!IoMakeAssociatedIrp] 45C60475
IAT Ntfs.sys[ntoskrnl.exe!ObfReferenceObject] B60F00FF
IAT Ntfs.sys[ntoskrnl.exe!MmBuildMdlForNonPagedPool] FF502540
IAT Ntfs.sys[ntoskrnl.exe!ExGetExclusiveWaiterCount] 659EDC15
IAT Ntfs.sys[ntoskrnl.exe!KeDelayExecutionThread] 085D8BF7
IAT Ntfs.sys[ntoskrnl.exe!ObReferenceObjectByHandle] 00D88B8D
IAT Ntfs.sys[ntoskrnl.exe!IoFileObjectType] 15FF0000
IAT Ntfs.sys[ntoskrnl.exe!_local_unwind2] [F7659BA0] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!RtlCompressBuffer] 00FF7D80
IAT Ntfs.sys[ntoskrnl.exe!MmUnlockPages] 01008E8D
IAT Ntfs.sys[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 318B0000
IAT Ntfs.sys[ntoskrnl.exe!RtlLookupElementGenericTableAvl] 8904798B
IAT Ntfs.sys[ntoskrnl.exe!SeCaptureSubjectContext] 047E8937
IAT Ntfs.sys[ntoskrnl.exe!RtlUpperString] B38D1B75
IAT Ntfs.sys[ntoskrnl.exe!RtlCompareString] 000000C0
IAT Ntfs.sys[ntoskrnl.exe!RtlInitString] 39893E8B
IAT Ntfs.sys[ntoskrnl.exe!FsRtlLegalAnsiCharacterArray] 89047189
IAT Ntfs.sys[ntoskrnl.exe!NlsOemLeadByteInfo] 0E89044F
IAT Ntfs.sys[ntoskrnl.exe!NlsMbOemCodePageTag] C60C4D8B
IAT Ntfs.sys[ntoskrnl.exe!SeDeleteObjectAuditAlarm] EB002441
IAT Ntfs.sys[ntoskrnl.exe!ObQueryObjectAuditingByHandle] BC8BFF06
IAT Ntfs.sys[ntoskrnl.exe!CcCopyRead] 8A000000
IAT Ntfs.sys[ntoskrnl.exe!_allrem] D88B8DD0
IAT Ntfs.sys[ntoskrnl.exe!ExRaiseStatus] FF000000
IAT Ntfs.sys[ntoskrnl.exe!SeAuditingHardLinkEvents] 659B9015
IAT Ntfs.sys[ntoskrnl.exe!IoBuildDeviceIoControlRequest] FF7D80F7
IAT Ntfs.sys[ntoskrnl.exe!CcPrepareMdlWrite] 812D7400
IAT Ntfs.sys[ntoskrnl.exe!CcMdlRead] 0000BCBB
IAT Ntfs.sys[ntoskrnl.exe!KeNumberProcessors] 0003E800
IAT Ntfs.sys[ntoskrnl.exe!CcDeferWrite] 6A117300
IAT Ntfs.sys[ntoskrnl.exe!ZwClose] 81006A00
IAT Ntfs.sys[ntoskrnl.exe!ZwCreateFile] 0000C8C3
IAT Ntfs.sys[ntoskrnl.exe!ProbeForRead] 15FF5300
IAT Ntfs.sys[ntoskrnl.exe!IoBuildSynchronousFsdRequest] [F7659CFC] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!IoGetRelatedDeviceObject] 00012068
IAT Ntfs.sys[ntoskrnl.exe!MmPrefetchPages] 0C75FFC0
IAT Ntfs.sys[ntoskrnl.exe!ProbeForWrite] E8F875FF
IAT Ntfs.sys[ntoskrnl.exe!_alldiv] FFFEAADC
IAT Ntfs.sys[ntoskrnl.exe!RtlLengthSid] C95B5E5F
IAT Ntfs.sys[ntoskrnl.exe!SeReleaseSubjectContext] 8B0008C2
IAT Ntfs.sys[ntoskrnl.exe!SeUnlockSubjectContext] EC8B55FF
IAT Ntfs.sys[ntoskrnl.exe!SeAccessCheck] FC4D8951
IAT Ntfs.sys[ntoskrnl.exe!SeLockSubjectContext] 35FF006A
IAT Ntfs.sys[ntoskrnl.exe!RtlMapGenericMask] [F76617D4] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!IoGetFileObjectGenericMapping] 17D835FF
IAT Ntfs.sys[ntoskrnl.exe!CcSetAdditionalCacheAttributes] 75FFF766
IAT Ntfs.sys[ntoskrnl.exe!FsRtlBalanceReads] 00F768FC
IAT Ntfs.sys[ntoskrnl.exe!ObQueryNameString] 15FF0000
IAT Ntfs.sys[ntoskrnl.exe!wcslen] [F7659C90] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!IoCreateDevice] 90909090
IAT Ntfs.sys[ntoskrnl.exe!ExfInterlockedAddUlong] 9C25FF90
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIncrementCcFastReadResourceMiss] 90F7659C
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIncrementCcFastReadNotPossible] 90909090
IAT Ntfs.sys[ntoskrnl.exe!CcFastCopyRead] 9CA025FF
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIncrementCcFastReadNoWait] 9090F765
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIncrementCcFastReadWait] FF909090
IAT Ntfs.sys[ntoskrnl.exe!CcFastCopyWrite] 659D1825
IAT Ntfs.sys[ntoskrnl.exe!CcFastMdlReadWait] 909090F7
IAT Ntfs.sys[ntoskrnl.exe!FsRtlUninitializeLargeMcb] 25FF9090
IAT Ntfs.sys[ntoskrnl.exe!FsRtlInitializeLargeMcb] [F7659D1C] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!FsRtlPrivateLock] 90909090
IAT Ntfs.sys[ntoskrnl.exe!FsRtlFastUnlockSingle] 2425FF90
IAT Ntfs.sys[ntoskrnl.exe!FsRtlFastUnlockAllByKey] 90F7659D
IAT Ntfs.sys[ntoskrnl.exe!FsRtlProcessFileLock] 90909090
IAT Ntfs.sys[ntoskrnl.exe!ExDeleteResourceLite] 9DD825FF
IAT Ntfs.sys[ntoskrnl.exe!ExInitializeResourceLite] 9090F765
IAT Ntfs.sys[ntoskrnl.exe!KeInitializeSpinLock] FF909090
IAT Ntfs.sys[ntoskrnl.exe!FsRtlResetLargeMcb] 659DE825
IAT Ntfs.sys[ntoskrnl.exe!KeSetTimer] 909090F7
IAT Ntfs.sys[ntoskrnl.exe!ExAcquireSharedStarveExclusive] 25FF9090
IAT Ntfs.sys[ntoskrnl.exe!CcGetDirtyPages] [F7659E50] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!KeSetPriorityThread] 90909090
IAT Ntfs.sys[ntoskrnl.exe!FsRtlLookupLastLargeMcbEntry] 5425FF90
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNumberOfRunsInLargeMcb] 90F7659E
IAT Ntfs.sys[ntoskrnl.exe!FsRtlSplitLargeMcb] 90909090
IAT Ntfs.sys[ntoskrnl.exe!FsRtlTruncateLargeMcb] 9E5C25FF
IAT Ntfs.sys[ntoskrnl.exe!CcRemapBcb] 9090F765
IAT Ntfs.sys[ntoskrnl.exe!RtlFreeOemString] FF909090
IAT Ntfs.sys[ntoskrnl.exe!RtlUnicodeStringToCountedOemString] 659ED825
IAT Ntfs.sys[ntoskrnl.exe!FsRtlIsFatDbcsLegal] 909090F7
IAT Ntfs.sys[ntoskrnl.exe!FsRtlFastCheckLockForWrite] 25FF9090
IAT Ntfs.sys[ntoskrnl.exe!FsRtlFastCheckLockForRead] [F7659EE4] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!IoRaiseInformationalHardError] 90909090
IAT Ntfs.sys[ntoskrnl.exe!RtlAppendUnicodeStringToString] 55FF8B90
IAT Ntfs.sys[ntoskrnl.exe!RtlCopyUnicodeString] 458BEC8B
IAT Ntfs.sys[ntoskrnl.exe!IoVolumeDeviceToDosName] FF008B08
IAT Ntfs.sys[ntoskrnl.exe!IoReleaseCancelSpinLock] 9815FF30
IAT Ntfs.sys[ntoskrnl.exe!IoAcquireCancelSpinLock] F6F7659C
IAT Ntfs.sys[ntoskrnl.exe!CcMdlWriteAbort] F7C01BD8
IAT Ntfs.sys[ntoskrnl.exe!IoIsSystemThread] 04C25DD8
IAT Ntfs.sys[ntoskrnl.exe!RtlLengthSecurityDescriptor] 90909000
IAT Ntfs.sys[ntoskrnl.exe!SeAssignSecurity] FF8B9090
IAT Ntfs.sys[ntoskrnl.exe!RtlSetDaclSecurityDescriptor] 51EC8B55
IAT Ntfs.sys[ntoskrnl.exe!RtlCreateSecurityDescriptor] 8B575351
IAT Ntfs.sys[ntoskrnl.exe!RtlAddAccessAllowedAce] D233087D
IAT Ntfs.sys[ntoskrnl.exe!RtlCreateAcl] 001000B8
IAT Ntfs.sys[ntoskrnl.exe!RtlSubAuthoritySid] 2077F700
IAT Ntfs.sys[ntoskrnl.exe!RtlInitializeSid] C085DB33
IAT Ntfs.sys[ntoskrnl.exe!RtlLengthRequiredSid] 76084589
IAT Ntfs.sys[ntoskrnl.exe!ExInitializePagedLookasideList] B78D564E
IAT Ntfs.sys[ntoskrnl.exe!ExInitializeNPagedLookasideList] 0000015C
IAT Ntfs.sys[ntoskrnl.exe!MmIsThisAnNtAsSystem] C085068B
IAT Ntfs.sys[ntoskrnl.exe!MmQuerySystemSize] 488B4074
IAT Ntfs.sys[ntoskrnl.exe!ZwQueryValueKey] F84D8918
IAT Ntfs.sys[ntoskrnl.exe!ZwOpenKey] 891C488B
IAT Ntfs.sys[ntoskrnl.exe!RtlVerifyVersionInfo] 488DFC4D
IAT Ntfs.sys[ntoskrnl.exe!VerSetConditionMask] C0835138
IAT Ntfs.sys[ntoskrnl.exe!IoRegisterDriverReinitialization] 016A503C
IAT Ntfs.sys[ntoskrnl.exe!KeInitializeDpc] 8D2077FF
IAT Ntfs.sys[ntoskrnl.exe!KeInitializeTimer] FF50F845
IAT Ntfs.sys[ntoskrnl.exe!IoRegisterFileSystem] 15FF1477
IAT Ntfs.sys[ntoskrnl.exe!KeBugCheck] [F7659C84] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!KeInitializeMutant] 70FF068B
IAT Ntfs.sys[ntoskrnl.exe!FsRtlMdlWriteCompleteDev] 3C70FF58
IAT Ntfs.sys[ntoskrnl.exe!FsRtlMdlReadCompleteDev] 9D8815FF
IAT Ntfs.sys[ntoskrnl.exe!ExUuidCreate] 2683F765
IAT Ntfs.sys[ntoskrnl.exe!RtlDelete] C6834300
IAT Ntfs.sys[ntoskrnl.exe!RtlSplay] 085D3B04
IAT Ntfs.sys[ntoskrnl.exe!RtlValidSid] FF5EBA72
IAT Ntfs.sys[ntoskrnl.exe!RtlInsertElementGenericTableFullAvl] 15FF0C75
IAT Ntfs.sys[ntoskrnl.exe!RtlLookupElementGenericTableFullAvl] [F765A038] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!SeQueryInformationToken] C2C95B5F
IAT Ntfs.sys[ntoskrnl.exe!RtlEqualSid] 90900008
IAT Ntfs.sys[ntoskrnl.exe!SeExports] 8B909090
IAT Ntfs.sys[ntoskrnl.exe!IoCheckQuotaBufferValidity] EC8B55FF
IAT Ntfs.sys[ntoskrnl.exe!RtlInitializeGenericTableAvl] 8B1CEC83
IAT Ntfs.sys[ntoskrnl.exe!CcSetReadAheadGranularity] C9331445
IAT Ntfs.sys[ntoskrnl.exe!FsRtlCheckLockForReadAccess] 0C450399
IAT Ntfs.sys[ntoskrnl.exe!ExAcquireSharedWaitForExclusive] 10551353
IAT Ntfs.sys[ntoskrnl.exe!FsRtlPostStackOverflow] 83EC4589
IAT Ntfs.sys[ntoskrnl.exe!FsRtlPostPagingFileStackOverflow] 8B5601E8
IAT Ntfs.sys[ntoskrnl.exe!IoReleaseVpbSpinLock] 55890875
IAT Ntfs.sys[ntoskrnl.exe!IoAcquireVpbSpinLock] 57D11BF0
IAT Ntfs.sys[ntoskrnl.exe!SeValidSecurityDescriptor] FFF00025
IAT Ntfs.sys[ntoskrnl.exe!SeFreePrivileges] 100005FF
IAT Ntfs.sys[ntoskrnl.exe!SeDeassignSecurity] FA8B0000
IAT Ntfs.sys[ntoskrnl.exe!SeSetSecurityDescriptorInfo] F84D8956
IAT Ntfs.sys[ntoskrnl.exe!SeQuerySecurityDescriptorInfo] 13FF4D88
IAT Ntfs.sys[ntoskrnl.exe!SeOpenObjectAuditAlarm] E44589F9
IAT Ntfs.sys[ntoskrnl.exe!SeOpenObjectForDeleteAuditAlarm] FEC3FAE8
IAT Ntfs.sys[ntoskrnl.exe!SeAppendPrivileges] 909E8DFF
IAT Ntfs.sys[ntoskrnl.exe!SeAuditingFileEvents] 8B000000
IAT Ntfs.sys[ntoskrnl.exe!RtlEnumerateGenericTableWithoutSplayingAvl] 89C33B03
IAT Ntfs.sys[ntoskrnl.exe!FsRtlFreeFileLock] 63741445
IAT Ntfs.sys[ntoskrnl.exe!FsRtlAllocateFileLock] 015CC681
IAT Ntfs.sys[ntoskrnl.exe!ExReinitializeResourceLite] 75890000
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNotifyInitializeSync] 8B03EB10
IAT Ntfs.sys[ntoskrnl.exe!FsRtlInitializeTunnelCache] 708D1445
IAT Ntfs.sys[ntoskrnl.exe!RtlInsertElementGenericTableAvl] 1C4E8BF4
IAT Ntfs.sys[ntoskrnl.exe!FsRtlUninitializeOplock] 8BF04D3B
IAT Ntfs.sys[ntoskrnl.exe!FsRtlInitializeOplock] 3B7C1856
IAT Ntfs.sys[ntoskrnl.exe!FsRtlTeardownPerStreamContexts] 553B057F
IAT Ntfs.sys[ntoskrnl.exe!IoDeleteDevice] 3B3472EC
IAT Ntfs.sys[ntoskrnl.exe!FsRtlDeleteTunnelCache] 7C307FCF
IAT Ntfs.sys[ntoskrnl.exe!FsRtlNotifyUninitializeSync] E4553B05
IAT Ntfs.sys[ntoskrnl.exe!RtlEnumerateGenericTableAvl] 7E832973
IAT Ntfs.sys[ntoskrnl.exe!IoWriteErrorLogEntry] 2374003C
IAT Ntfs.sys[ntoskrnl.exe!IoAllocateErrorLogEntry] FF10458B
IAT Ntfs.sys[ntoskrnl.exe!IoSetDeviceToVerify] 4583F845
IAT Ntfs.sys[ntoskrnl.exe!_except_handler3] 30890410
IAT Ntfs.sys[ntoskrnl.exe!CcPurgeCacheSection] FF5876FF
IAT Ntfs.sys[ntoskrnl.exe!_abnormal_termination] 15FF3C76
IAT Ntfs.sys[ntoskrnl.exe!RtlFindNextForwardRunClear] [F7659D84] Ntfs.sys (NT File System Driver/Microsoft Corporation)
IAT Ntfs.sys[ntoskrnl.exe!ExAcquireFastMutexUnsafe] 003C6683
IAT Ntfs.sys[ntoskrnl.exe!ExAllocatePoolWithTag] C614458B
IAT Ntfs.sys[ntoskrnl.exe!RtlInitializeBitMap] 8B01FF45
IAT Ntfs.sys[ntoskrnl.exe!ExFreePoolWithTag] 89C33B00
IAT Ntfs.sys[ntoskrnl.exe!memmove] AB751445
IAT Ntfs.sys[ntoskrnl.exe!ExReleaseFastMutexUnsafe] 8D08758B
IAT Ntfs.sys[ntoskrnl.exe!ExReleaseResourceLite] 0000888E
IAT Ntfs.sys[ntoskrnl.exe!_allshr] 3B018B00
IAT Ntfs.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] 104D89C1
IAT Ntfs.sys[ntoskrnl.exe!ExAcquireResourceExclusiveLite] 74144589
IAT Ntfs.sys[ntoskrnl.exe!CcUnpinData] F84D8B64
IAT Ntfs.sys[ntoskrnl.exe!SeAuditHardLinkCreation] 5C8E9C8D
IAT Ntfs.sys[ntoskrnl.exe!CcSetFileSizes] EB000001
IAT Ntfs.sys[ntoskrnl.exe!RtlFillMemoryUlong] 14458B03
IAT Ntfs.sys[ntoskrnl.exe!IoPageRead] 8BFC708D
IAT Ntfs.sys[ntoskrnl.exe!IoFreeErrorLogEntry] 4D3B1C4E
IAT Ntfs.sys[ntoskrnl.exe!IoSynchronousPageWrite] 18568BF0
IAT Ntfs.sys[ntoskrnl.exe!ExDeletePagedLookasideList] 057F3A7C
IAT Ntfs.sys[ntoskrnl.exe!ExDeleteNPagedLookasideList] 72EC553B
IAT Ntfs.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] 7FCF3B33
IAT Ntfs.sys[ntoskrnl.exe!KeUnstackDetachProcess] 3B057C2F
IAT Ntfs.sys[ntoskrnl.exe!KeStackAttachProcess] 2873E455
IAT Ntfs.sys[ntoskrnl.exe!PsLookupProcessByProcessId] 025046F6
IAT Ntfs.sys[ntoskrnl.exe!ZwWaitForSingleObject] 7E832275
IAT Ntfs.sys[ntoskrnl.exe!PsCreateSystemThread] 1C74003C
IAT Ntfs.sys[ntoskrnl.exe!ZwCreateEvent] 76FF3389
IAT Ntfs.sys[ntoskrnl.exe!PoQueueShutdownWorkItem] 04C38358
IAT Ntfs.sys[ntoskrnl.exe!ZwFreeVirtualMemory] FF3C76FF
IAT Ntfs.sys[ntoskrnl.exe!PsRevertToSelf] 659D8415
IAT Ntfs.sys[ntoskrnl.exe!PsDereferenceImpersonationToken] 3C6683F7
IAT Ntfs.sys[ntoskrnl.exe!PsImpersonateClient] 14458B00
IAT Ntfs.sys[ntoskrnl.exe!PsReferenceImpersonationToken] 01FF45C6
IAT Ntfs.sys[ntoskrnl.exe!ZwAllocateVirtualMemory] 453B008B
IAT Ntfs.sys[ntoskrnl.exe!ObReferenceObjectByPointer] 14458910
IAT Ntfs.sys[HAL.dll!KeAcquireInStackQueuedSpinLock] FF7D8008
IAT Ntfs.sys[HAL.dll!ExAcquireFastMutex] 8B2A7400
IAT Ntfs.sys[HAL.dll!KeReleaseQueuedSpinLock] 00B9E445
IAT Ntfs.sys[HAL.dll!KeAcquireQueuedSpinLock] 2B000010
IAT Ntfs.sys[HAL.dll!KfReleaseSpinLock] EC4589C1
IAT Ntfs.sys[HAL.dll!ExTryToAcquireFastMutex] 50F4458D
IAT Ntfs.sys[HAL.dll!ExReleaseFastMutex] 8D1875FF
IAT Ntfs.sys[HAL.dll!KeReleaseInStackQueuedSpinLock] 016AEC45
IAT Ntfs.sys[HAL.dll!KfAcquireSpinLock] 76FF5051
IAT Ntfs.sys[ksecdd.sys!GenerateSessionKey] FFF07D89
IAT Ntfs.sys[ksecdd.sys!EfsGenerateKey] 659C7C15
IAT Ntfs.sys[ksecdd.sys!GenerateDirEfs] B1E856F7
IAT Ntfs.sys[ksecdd.sys!InitSecurityInterfaceW] 8AFFFEC2
IAT Ntfs.sys[ksecdd.sys!EfsDecryptFek] 5E5FFF45
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F5C2F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F5C2F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F5C2FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F5C2D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F5C2D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F5C2F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F5C2F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F5C2FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F5C2F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F5C2D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F5C2FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F5C2F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5C2FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5C2F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5C2F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F5C2D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F5C2F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5C2F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5C2FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F5C37870] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ksecdd.sys!GetSecurityUserInfo] [F76CFE0E] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!SecMakeSPN] [F76D71C0] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!CredMarshalTargetInfo] [F76D541A] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!SecMakeSPNEx] [F76D0032] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!AcquireCredentialsHandleW] [F76D5F12] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!InitializeSecurityContextW] [F76D65A2] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeContextBuffer] [F76D6554] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeCredentialsHandle] [F76D6084] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!DeleteSecurityContext] [F76D64EE] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!InitSecurityInterfaceW] [F76CF8F4] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!QueryContextAttributesW] [F76D9128] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!MapSecurityError] [F76CF924] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ksecdd.sys!GetSecurityUserInfo] [F76CFE0E] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5C2F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5C2D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5C2FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5C2F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ksecdd.sys!GetSecurityUserInfo] [F76CFE0E] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!QueryContextAttributesW] [F76D9128] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!FreeContextBuffer] [F76D6554] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!MapSecurityError] [F76CF924] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!ImpersonateSecurityContext] [F76D9044] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!DeleteSecurityContext] [F76D64EE] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!AcquireCredentialsHandleW] [F76D5F12] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!AddCredentialsW] [F76D6018] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!AcceptSecurityContext] [F76D67E6] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!InitSecurityInterfaceW] [F76CF8F4] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ksecdd.sys!KSecValidateBuffer] [F76CFBCE] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F5C28320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F5C284D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F5C28040] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F5C283D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by ChiliMon, 05 September 2011 - 05:59 PM.


#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:33 AM

Posted 08 September 2011 - 04:14 PM

Lets see what TDSSKiller does, so please run it but do not perform any fixes. Post the log here in your next post.

#8 cogs10

cogs10

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 08 September 2011 - 07:04 PM

i would uninstall zonealarm, reboot, then reinstall zonealarm. choose default setting, autolearn mode,
and choose trusted zone, not internet zone.

Edited by cogs10, 08 September 2011 - 07:29 PM.


#9 ChiliMon

ChiliMon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lancaster County
  • Local time:03:33 AM

Posted 09 September 2011 - 07:58 PM

Ok, I ran the TDSSKiller and No Threats were found so I have No Log to post

#10 ChiliMon

ChiliMon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lancaster County
  • Local time:03:33 AM

Posted 10 September 2011 - 07:07 PM

Does anyone know what I can do to restore my Windows ?

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:33 AM

Posted 10 September 2011 - 08:27 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users