Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe process taking up all my memory


  • This topic is locked This topic is locked
24 replies to this topic

#1 deathx88

deathx88

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 10 December 2011 - 10:25 PM

I just recently had the vista security 2012 virus. I was able to get rid of it by running malwarebytes in safemode. Now it seems i have another problem. When i check my task manager i see a PING.exe process that's taking almost 100% of my cpu usage. I've searched all over but couldn't find a decent way to get rid of it. I tried using different virus scanning programs such as avast and trend micro, which found and removed a few threats, but didn't fix the problem.

Here are some of my recent scans. I couldn't get a DDS scan because it froze up, but I'm running 32bit Vista on an HP Pavilion if that helps. So here's just the malwarebytes and GMER for now. I'll try to get a DDS log if i can run it again without it freezing.




Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

12/10/2011 5:34:17 PM
mbam-log-2011-12-10 (17-34-17).txt

Scan type: Quick scan
Objects scanned: 174413
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-10 22:43:18
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\00000062 WDC_WD50 rev.05.0
Running: 8bwsu7xc.exe; Driver: C:\Users\Deathx\AppData\Local\Temp\fxdirpow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[888] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtProtectVirtualMemory 77AE4B84 5 Bytes JMP 0090000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtWriteVirtualMemory 77AE54C4 5 Bytes JMP 00A5000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!KiUserExceptionDispatcher 77AE5BF8 5 Bytes JMP 008F000A
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1224] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[1564] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2364] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Program Files\PC Tools Security\pctsGui.exe[2380] kernel32.dll!CreateThread + 1A 779EC928 4 Bytes CALL 0044BB9D C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools)
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[2840] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]
.text C:\Windows\System32\ping.exe[3464] ntdll.dll!NtCreateProcess 77AE42E4 5 Bytes JMP 006E000A
.text C:\Windows\System32\ping.exe[3464] ntdll.dll!NtCreateProcessEx 77AE42F4 5 Bytes JMP 006F000A
.text C:\Windows\System32\ping.exe[3464] ntdll.dll!NtProtectVirtualMemory 77AE4B84 5 Bytes JMP 001D000A
.text C:\Windows\System32\ping.exe[3464] ntdll.dll!NtWriteVirtualMemory 77AE54C4 5 Bytes JMP 0022000A
.text C:\Windows\System32\ping.exe[3464] ntdll.dll!NtCreateUserProcess 77AE5654 5 Bytes JMP 0070000A
.text C:\Windows\System32\ping.exe[3464] ntdll.dll!KiUserExceptionDispatcher 77AE5BF8 5 Bytes JMP 0018000A
.text C:\Windows\System32\ping.exe[3464] USER32.dll!WindowFromPoint 77C3884F 5 Bytes JMP 007D000A
.text C:\Windows\System32\ping.exe[3464] USER32.dll!GetForegroundWindow 77C432C4 5 Bytes JMP 007E000A
.text C:\Windows\System32\ping.exe[3464] USER32.dll!GetCursorPos 77C50B88 5 Bytes JMP 007C000A
.text C:\Windows\System32\ping.exe[3464] ole32.dll!CoCreateInstance 77799F3E 5 Bytes JMP 0077000A
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + 6 77AE422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + B 77AE422F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + 6 77AE497A 1 Byte [28]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + 6 77AE497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + B 77AE497F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + 6 77AE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + B 77AE4A0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + 6 77AE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + B 77AE4A8F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + B 77AE4A9F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + 6 77AE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + B 77AE4AAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + 6 77AE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + B 77AE4AFF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + 6 77AE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + B 77AE4B0F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + B 77AE4B1F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + 6 77AE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + B 77AE4BAF 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + B 77AE4C5F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + 6 77AE513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + B 77AE513F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + 6 77AE518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + B 77AE518F 1 Byte [E2]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 1 Byte [68]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + 6 77AE542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Deathx\AppData\Local\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + B 77AE542F 1 Byte [E2]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC8 0xB8 0x0F 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9F 0x82 0x11 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x26 0x7F 0xA6 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x91 0x63 0x5E 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x93 0x30 0xAC 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x93 0x30 0xAC 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0xA2 0x45 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0x77 0x87 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0xAA 0x2A 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC8 0xB8 0x0F 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9F 0x82 0x11 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x26 0x7F 0xA6 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x91 0x63 0x5E 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x93 0x30 0xAC 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x93 0x30 0xAC 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0xA2 0x45 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0x77 0x87 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0xAA 0x2A 0x8C ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x78 0x0E 0x5B 0x00 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB57375$\2690138183 0 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\@ 2048 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\bckfg.tmp 851 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\cfg.ini 208 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\keywords 155 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\L 0 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\L\qnbwvoto 66560 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\U 0 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB57375$\2690138183\U\80000032.@ 98304 bytes
File C:\Windows\$NtUninstallKB57375$\3510475107 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\black_default[1].xml 10561 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\icon_facebook[1].png 1114 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\icon_onescreen[1].png 323 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\icon_twitter[1].png 1342 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\1122060[1].txt 16490 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\1172080[1].xml 25619 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\netcruzeshop_com[1].txt 2351 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\mybuffalosports_com[1].txt 43582 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\mygreenbaysports_com[1].txt 50225 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\jquery-1.4.3.min[1].js 77746 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\main4[1].jpg 33101 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\images[1].css 1906 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\header[1].css 2137 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\ADTECH;loc=100;target=_blank;misc=1323574000208[1] 1857 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\session[1].js 1 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LSBQAXH\160x600_v2[1].gif 35127 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\base[1].js 3504 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\ifCAR57DW0.txt 980 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\contentPatternLeft[1].png 137 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\lg[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\beacon[2].js 1194 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\beacon[3].js 1194 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\sandbox[10].php 10001 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\offers[1].png 5727 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\load1[1].png 1967 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\b[2].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\C375781924R1[1] 7295 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\ca[1] 24890 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\blake-lively-030211-15[1].jpg 9078 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\blake-lively-030511-21[1].jpg 5395 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\blake-lively-042611-14[1].jpg 4203 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\blake-rachel-050911-2[1].jpg 6836 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\blake-rachel-050911-4[1].jpg 7455 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\blood-honey-120811-18[1].jpg 4613 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\blood-honey-120811-6[1].jpg 4562 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\borderMiddleRight[1].png 137 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\ajs[2].php 1797 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\ajs[3].php 1791 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\set[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\colorbox_ie[1].css 2321 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\color_black[1].css 3166 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\companions[1].js 10114 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\quant[1].js 5299 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\beacon[1].js 1194 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\site_images3[1].png 64163 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\sprite[1].png 3752 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\ctools[1].css 581 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\d9f211e8-4bc7-4acc-b193-f54e3d766170[1].swf 41709 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\glamadapt_jsrv[1].act 1914 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\par_hugo_728x90_main[1].swf 2164 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\eprize_button_howitworks1[1].gif 2644 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\eprize_stubs1[1].png 27044 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\back_h1[1].gif 285 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\banner_300x120[1].jpg 35465 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\angelina-120610-4[1].jpg 6974 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I1TEPKT\Assurance_FreeRevised_728x90[1].swf 25863 bytes

Edited by deathx88, 10 December 2011 - 10:46 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 14 December 2011 - 09:41 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 16 December 2011 - 03:30 PM

Thanks for replying, here's an update on what's going. Shortly after i made this thread i scanned my pc with avast again. It detected some threats and then it seemed like the ping.exe was gone, for a few days at least. Yesterday, avira alerted me something about c:\Windows\System32\drivers\cdrom.sys, then the ping.exe came back along with one of those fake virus scanning programs. Malwarebytes in quick scan didn't detect anything, but i ran it in full scan and i was able to remove that file, which i hope wasn't an important system file. So right now the ping.exe isn't starting up, but I'm sure it's still there somewhere.


Here's my unhooker log. DDS froze up again even after disabling avira. So I'm not sure how to proceed with that.



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F200000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10461184 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 266.58 )
0x81E03000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E03000 PnpManager 3907584 bytes
0x81E03000 RAW 3907584 bytes
0x81E03000 WMIxWDM 3907584 bytes
0x90405000 C:\Windows\system32\drivers\RTKVHDA.sys 2150400 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x98660000 Win32k 2113536 bytes
0x98660000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A201000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x89E75000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E235000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8E891000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1044480 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8A008000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8066D000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA245D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E337000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9E801000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8EA0C000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E804000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x89E04000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8074D000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9E908000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA240A000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x988B0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8A19B000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x89CA5000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90722000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x89C09000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8062C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x89D9B000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8A14E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E990000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x90AC9000 C:\Windows\system32\DRIVERS\wg111v2.sys 245760 bytes (Realtek Semiconductor Corporation , NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NDIS Driver)
0x89FAB000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x90B8C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A311000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8EBB6000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x821BD000 ACPI_HAL 208896 bytes
0x821BD000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807CC000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x906F0000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EAB7000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90612000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89F80000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E20B000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9E8C1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x90AA1000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8A3A2000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x90A09000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8A361000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x89C60000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x90A5E000 C:\Windows\system32\DRIVERS\Dot4.sys 151552 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x9063F000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90B1C000 C:\Windows\System32\Drivers\dump_nvstor32.sys 151552 bytes
0x89D76000 C:\Windows\system32\drivers\nvstor32.sys 151552 bytes (NVIDIA Corporation, NVIDIA« nForce™ Sata Performance Driver)
0x8EB13000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x907A7000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x89D2F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9E9AB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x90687000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9E9CC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x89D58000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA2545000 C:\Program Files\Sandboxie\SbieDrv.sys 122880 bytes (tzuk, Sandboxie Kernel Mode Driver)
0x9E975000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A0F2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90B5A000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x89D14000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA« nForce™ RAID Driver)
0x9E992000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90BC5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90B75000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x8E9CC000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EAF1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90A30000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9076A000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x906DA000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8EB59000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90A83000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA2577000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8EB45000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8A126000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9E8F5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9078E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA258C000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A388000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8EBEB000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80613000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A116000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x89DDC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x907E2000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9E8B1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89D04000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8A1E7000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8EB73000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8EB90000 C:\Windows\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0x90B4B000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A352000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x89C87000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8EB36000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A18C000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x89C96000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x89FE6000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x988A0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90780000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x906C3000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x89CF6000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x807BE000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90B05000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90A51000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x8E3EC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8EBA9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xA2563000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9067B000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EAAB000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8A139000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EB83000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x906B8000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EB08000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8EAE6000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A3DE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90B12000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x90B41000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8EA00000 C:\Windows\System32\Drivers\ElbyCDIO.sys 40960 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x8EB9F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9E8EB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x907CF000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x89DEC000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA253B000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A144000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x90A47000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xA259E000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8A399000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90A98000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x90664000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x907D9000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x906D1000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8A10D000 C:\Windows\system32\DRIVERS\scmndisp.sys 36864 bytes (Windows ® Codename Longhorn DDK provider, NDIS User mode I/O Driver)
0x98880000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A3E9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89C4F000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x89D50000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80624000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8E9E3000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x89C58000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x906A8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x906B0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A34A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA256F000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x90674000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x907F2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8060C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9066D000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x89CEF000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x907C9000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x907A1000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8EB6E000 C:\Windows\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0x8A3F2000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xA2459000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8FBFA000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 266.58 )
0x8EB8E000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x907F9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 16 December 2011 - 03:52 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 16 December 2011 - 09:11 PM

I ran combofix but it froze up. It seems like i always have a problem running it. I disabled antivir guard and also ran it in administrator mode. Something popped up and tood me i have a root kit and that it may take a while, but i ran it for a couple hours and still nothing happened.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 16 December 2011 - 09:56 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 18 December 2011 - 11:57 PM

ComboFix 11-12-16.03 - Deathx 12/18/2011 22:20:43.5.2 - x86
Microsoft« Windows VistaÖ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2091 [GMT -5:00]
Running from: c:\users\Deathx\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\getdislike
c:\program files\getdislike\chrome.crx
c:\program files\getdislike\GetDislike.dll
c:\program files\getdislike\GetDislike.xpi
c:\program files\getdislike\getdislike\chrome.crx
c:\program files\getdislike\getdislike\GetDislike.dll
c:\program files\getdislike\getdislike\GetDislike.xpi
c:\program files\getdislike\getdislike\Interop.MSHTML.dll
c:\program files\getdislike\getdislike\Interop.SHDocVw.dll
c:\program files\getdislike\getdislike\uninstall.exe
c:\program files\getdislike\Interop.MSHTML.dll
c:\program files\getdislike\Interop.SHDocVw.dll
c:\program files\getdislike\uninstall.exe
c:\program files\LP
c:\program files\LP\22FF\7293.tmp
c:\program files\LP\22FF\E91.tmp
c:\users\Deathx\AppData\Local\tuu.exe
c:\users\Deathx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\Deathx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\users\Deathx\AppData\Roaming\Microsoft\Windows\Templates\657405y0j711t125n073v2rlu0r2
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 03:32 . 2011-12-19 03:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-19 03:32 . 2011-12-19 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 03:32 . 2009-04-11 01:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-17 08:35 . 2011-12-17 08:35 -------- d-----w- c:\users\Deathx\riotsGamesLogs
2011-12-17 08:29 . 2011-12-17 08:29 -------- d-----w- c:\users\Deathx\AppData\Roaming\LolClient
2011-12-17 08:12 . 2008-07-12 13:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-12-17 08:12 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-12-17 08:12 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-12-15 21:05 . 2011-12-15 21:05 -------- d-----w- c:\program files\InboxDollars
2011-12-13 21:29 . 2011-12-13 21:29 -------- d-----w- c:\program files\FusionCash Toolbar
2011-12-13 19:57 . 2011-12-13 19:57 -------- d-----w- c:\users\Deathx\AppData\Roaming\RealNetworks
2011-12-12 22:07 . 2011-12-12 22:07 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-12 22:06 . 2011-12-12 22:06 -------- d-----w- c:\program files\Common Files\xing shared
2011-12-12 22:06 . 2011-12-12 22:06 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-12 22:06 . 2011-12-12 22:06 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-11 02:10 . 2011-12-11 02:11 607260 ----a-r- C:\dds.scr
2011-12-11 00:20 . 2011-12-11 03:54 -------- d-----w- c:\programdata\PC Tools
2011-12-10 22:17 . 2011-12-11 03:59 -------- d-----w- c:\programdata\AVAST Software
2011-12-10 22:17 . 2011-12-10 22:23 -------- d-----w- c:\program files\AVAST Software
2011-11-22 19:54 . 2011-11-22 19:54 -------- d-----w- c:\users\Deathx\AppData\Local\Skyrim
2011-11-22 09:28 . 2011-11-22 20:44 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 22:06 . 2010-05-07 02:49 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-12 19:30 . 2011-05-25 21:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 18:52 . 2011-08-21 18:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d422dd60-4d54-3314-798f-290bde2a1125}"= "c:\program files\FusionCash Toolbar\Helper.dll" [2011-12-13 361984]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files\InboxDollars\Helper.dll" [2011-12-15 361984]
.
[HKEY_CLASSES_ROOT\clsid\{d422dd60-4d54-3314-798f-290bde2a1125}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C6C71588-275A-FC24-0939-2E55886CAAFE}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BEB5E72-186B-A734-F9E4-32CD4D989157}]
2011-12-13 21:29 1612800 ----a-w- c:\program files\FusionCash Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2011-12-15 21:05 1612800 ----a-w- c:\program files\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Swag_Bucks\prxtbSwag.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
"{AA4230C4-6E9E-6654-EDAD-4AF6FDECB34B}"= "c:\program files\FusionCash Toolbar\Toolbar.dll" [2011-12-13 1612800]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2011-12-15 1612800]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{aa4230c4-6e9e-6654-edad-4af6fdecb34b}]
[HKEY_CLASSES_ROOT\FCTB000100611.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{0F980169-3D0A-60C4-0573-AE5EF5C9E68D}]
[HKEY_CLASSES_ROOT\FCTB000100611.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
"{AA4230C4-6E9E-6654-EDAD-4AF6FDECB34B}"= "c:\program files\FusionCash Toolbar\Toolbar.dll" [2011-12-13 1612800]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2011-12-15 1612800]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{aa4230c4-6e9e-6654-edad-4af6fdecb34b}]
[HKEY_CLASSES_ROOT\FCTB000100611.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{0F980169-3D0A-60C4-0573-AE5EF5C9E68D}]
[HKEY_CLASSES_ROOT\FCTB000100611.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-06-03 281768]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-12 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-05-08 13:33 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-28 19:34 136176 ----atw- c:\users\Deathx\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 22:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-07-03 19:44 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 18:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56 394984 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-12 22:06 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2008-01-21 02:23 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2639382710-2165961276-3469681303-1000]
"EnableNotificationsRef"=dword:00000002
.
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-05-22 20640]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-20 691696]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-18 21728]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-03 136360]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-02-07 206336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639382710-2165961276-3469681303-1000Core.job
- c:\users\Deathx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 19:34]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639382710-2165961276-3469681303-1000UA.job
- c:\users\Deathx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:58525
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{DAC44FBE-D014-413C-852E-13762E4A0290}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Deathx\AppData\Roaming\Mozilla\Firefox\Profiles\5u09ej01.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58525
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\s╗I■   9\Îw§˛ăw×BŇwîv|ř*P■*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\Ę W■   9\Bw§˛*w×B@wĄKv|ř*P■*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:78,0e,5b,00,15,ae,d2,75,1e,48,cf,de,29,74,dc,31,2d,8a,dc,b4,92,
70,64,c0,9e,80,2e,85,a6,26,9a,5a,ad,8a,df,3b,29,b9,0f,8c,99,04,89,52,c8,54,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:78,0e,5b,00,15,ae,d2,75,1e,48,cf,de,29,74,dc,31,2d,8a,dc,b4,92,
70,64,c0,9e,80,2e,85,a6,26,9a,5a,ad,8a,df,3b,29,b9,0f,8c,99,04,89,52,c8,54,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-18 22:35:34
ComboFix-quarantined-files.txt 2011-12-19 03:35
.
Pre-Run: 3,973,865,472 bytes free
Post-Run: 4,141,424,640 bytes free
.
- - End Of File - - CB9D5512784E38923A0A8FA1524305BA

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 19 December 2011 - 12:31 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 19 December 2011 - 01:26 AM

01:25:27.0004 5696 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
01:25:27.0500 5696 ============================================================
01:25:27.0500 5696 Current date / time: 2011/12/19 01:25:27.0500
01:25:27.0500 5696 SystemInfo:
01:25:27.0500 5696
01:25:27.0500 5696 OS Version: 6.0.6002 ServicePack: 2.0
01:25:27.0500 5696 Product type: Workstation
01:25:27.0500 5696 ComputerName: DEATHX-PC
01:25:27.0500 5696 UserName: Deathx
01:25:27.0500 5696 Windows directory: C:\Windows
01:25:27.0500 5696 System windows directory: C:\Windows
01:25:27.0501 5696 Processor architecture: Intel x86
01:25:27.0501 5696 Number of processors: 2
01:25:27.0501 5696 Page size: 0x1000
01:25:27.0501 5696 Boot type: Normal boot
01:25:27.0501 5696 ============================================================
01:25:28.0075 5696 Initialize success
01:25:36.0010 5744 ============================================================
01:25:36.0010 5744 Scan started
01:25:36.0011 5744 Mode: Manual;
01:25:36.0011 5744 ============================================================
01:25:36.0293 5744 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:25:36.0295 5744 ACPI - ok
01:25:36.0336 5744 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
01:25:36.0367 5744 adp94xx - ok
01:25:36.0393 5744 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
01:25:36.0418 5744 adpahci - ok
01:25:36.0444 5744 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
01:25:36.0464 5744 adpu160m - ok
01:25:36.0483 5744 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
01:25:36.0509 5744 adpu320 - ok
01:25:36.0571 5744 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
01:25:36.0586 5744 AFD - ok
01:25:36.0613 5744 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
01:25:36.0621 5744 agp440 - ok
01:25:36.0640 5744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:25:36.0664 5744 aic78xx - ok
01:25:36.0693 5744 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
01:25:36.0716 5744 aliide - ok
01:25:36.0742 5744 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
01:25:36.0751 5744 amdagp - ok
01:25:36.0775 5744 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
01:25:36.0780 5744 amdide - ok
01:25:36.0798 5744 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
01:25:36.0805 5744 AmdK7 - ok
01:25:36.0819 5744 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
01:25:36.0819 5744 AmdK8 - ok
01:25:36.0853 5744 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
01:25:36.0875 5744 AmdLLD - ok
01:25:36.0934 5744 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
01:25:36.0953 5744 arc - ok
01:25:36.0977 5744 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
01:25:37.0003 5744 arcsas - ok
01:25:37.0033 5744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:25:37.0056 5744 AsyncMac - ok
01:25:37.0084 5744 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:25:37.0084 5744 atapi - ok
01:25:37.0119 5744 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
01:25:37.0122 5744 avgntflt - ok
01:25:37.0149 5744 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
01:25:37.0167 5744 avipbb - ok
01:25:37.0194 5744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:25:37.0216 5744 Beep - ok
01:25:37.0241 5744 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
01:25:37.0265 5744 blbdrive - ok
01:25:37.0291 5744 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:25:37.0293 5744 bowser - ok
01:25:37.0314 5744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:25:37.0333 5744 BrFiltLo - ok
01:25:37.0353 5744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:25:37.0367 5744 BrFiltUp - ok
01:25:37.0391 5744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:25:37.0399 5744 Brserid - ok
01:25:37.0417 5744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:25:37.0424 5744 BrSerWdm - ok
01:25:37.0441 5744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:25:37.0463 5744 BrUsbMdm - ok
01:25:37.0486 5744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:25:37.0490 5744 BrUsbSer - ok
01:25:37.0509 5744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:25:37.0530 5744 BTHMODEM - ok
01:25:37.0602 5744 catchme - ok
01:25:37.0636 5744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:25:37.0638 5744 cdfs - ok
01:25:37.0677 5744 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:25:37.0698 5744 cdrom - ok
01:25:37.0727 5744 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
01:25:37.0746 5744 circlass - ok
01:25:37.0783 5744 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:25:37.0787 5744 CLFS - ok
01:25:37.0812 5744 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
01:25:37.0835 5744 cmdide - ok
01:25:37.0857 5744 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
01:25:37.0878 5744 Compbatt - ok
01:25:37.0891 5744 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
01:25:37.0892 5744 crcdisk - ok
01:25:37.0915 5744 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
01:25:37.0938 5744 Crusoe - ok
01:25:37.0983 5744 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
01:25:37.0985 5744 DfsC - ok
01:25:38.0040 5744 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:25:38.0042 5744 disk - ok
01:25:38.0089 5744 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
01:25:38.0108 5744 Dot4 - ok
01:25:38.0135 5744 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:25:38.0151 5744 Dot4Print - ok
01:25:38.0188 5744 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
01:25:38.0194 5744 dot4usb - ok
01:25:38.0230 5744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:25:38.0246 5744 drmkaud - ok
01:25:38.0285 5744 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
01:25:38.0292 5744 DXGKrnl - ok
01:25:38.0327 5744 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:25:38.0353 5744 E1G60 - ok
01:25:38.0378 5744 EagleXNt - ok
01:25:38.0418 5744 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:25:38.0421 5744 Ecache - ok
01:25:38.0473 5744 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
01:25:38.0492 5744 ElbyCDIO - ok
01:25:38.0525 5744 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
01:25:38.0547 5744 elxstor - ok
01:25:38.0588 5744 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
01:25:38.0591 5744 ErrDev - ok
01:25:38.0632 5744 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:25:38.0641 5744 exfat - ok
01:25:38.0664 5744 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:25:38.0667 5744 fastfat - ok
01:25:38.0689 5744 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
01:25:38.0711 5744 fdc - ok
01:25:38.0727 5744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:25:38.0729 5744 FileInfo - ok
01:25:38.0755 5744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:25:38.0778 5744 Filetrace - ok
01:25:38.0820 5744 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:25:38.0842 5744 flpydisk - ok
01:25:38.0872 5744 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:25:38.0875 5744 FltMgr - ok
01:25:38.0904 5744 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
01:25:38.0923 5744 Fs_Rec - ok
01:25:38.0948 5744 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
01:25:38.0956 5744 gagp30kx - ok
01:25:39.0018 5744 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
01:25:39.0024 5744 hamachi - ok
01:25:39.0080 5744 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:25:39.0086 5744 HDAudBus - ok
01:25:39.0109 5744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:25:39.0126 5744 HidBth - ok
01:25:39.0147 5744 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:25:39.0163 5744 HidIr - ok
01:25:39.0204 5744 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:25:39.0207 5744 HidUsb - ok
01:25:39.0238 5744 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
01:25:39.0257 5744 HpCISSs - ok
01:25:39.0319 5744 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
01:25:39.0351 5744 HSF_DP - ok
01:25:39.0373 5744 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
01:25:39.0403 5744 HSXHWBS2 - ok
01:25:39.0434 5744 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:25:39.0459 5744 HTTP - ok
01:25:39.0475 5744 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
01:25:39.0481 5744 i2omp - ok
01:25:39.0494 5744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:25:39.0501 5744 i8042prt - ok
01:25:39.0522 5744 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
01:25:39.0551 5744 iaStorV - ok
01:25:39.0576 5744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:25:39.0598 5744 iirsp - ok
01:25:39.0697 5744 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
01:25:39.0793 5744 IntcAzAudAddService - ok
01:25:39.0838 5744 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
01:25:39.0863 5744 intelide - ok
01:25:39.0883 5744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:25:39.0902 5744 intelppm - ok
01:25:39.0940 5744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:25:39.0946 5744 IpFilterDriver - ok
01:25:39.0954 5744 IpInIp - ok
01:25:39.0974 5744 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
01:25:39.0983 5744 IPMIDRV - ok
01:25:40.0005 5744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:25:40.0024 5744 IPNAT - ok
01:25:40.0051 5744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:25:40.0068 5744 IRENUM - ok
01:25:40.0086 5744 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
01:25:40.0094 5744 isapnp - ok
01:25:40.0126 5744 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:25:40.0128 5744 iScsiPrt - ok
01:25:40.0171 5744 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:25:40.0178 5744 iteatapi - ok
01:25:40.0193 5744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:25:40.0199 5744 iteraid - ok
01:25:40.0226 5744 JL2005C - ok
01:25:40.0298 5744 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\Windows\system32\DRIVERS\ctpdusb.sys
01:25:40.0305 5744 Jukebox3 - ok
01:25:40.0320 5744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:25:40.0347 5744 kbdclass - ok
01:25:40.0372 5744 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
01:25:40.0391 5744 kbdhid - ok
01:25:40.0431 5744 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
01:25:40.0438 5744 KSecDD - ok
01:25:40.0477 5744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:25:40.0501 5744 lltdio - ok
01:25:40.0535 5744 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
01:25:40.0553 5744 LSI_FC - ok
01:25:40.0574 5744 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
01:25:40.0593 5744 LSI_SAS - ok
01:25:40.0633 5744 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
01:25:40.0642 5744 LSI_SCSI - ok
01:25:40.0651 5744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:25:40.0653 5744 luafv - ok
01:25:40.0687 5744 MBAMSwissArmy - ok
01:25:40.0721 5744 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
01:25:40.0725 5744 mdmxsdk - ok
01:25:40.0740 5744 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
01:25:40.0762 5744 megasas - ok
01:25:40.0787 5744 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
01:25:40.0791 5744 MegaSR - ok
01:25:40.0815 5744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:25:40.0816 5744 Modem - ok
01:25:40.0842 5744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:25:40.0843 5744 monitor - ok
01:25:40.0864 5744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:25:40.0871 5744 mouclass - ok
01:25:40.0884 5744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:25:40.0901 5744 mouhid - ok
01:25:40.0925 5744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:25:40.0927 5744 MountMgr - ok
01:25:40.0952 5744 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
01:25:40.0963 5744 mpio - ok
01:25:40.0987 5744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:25:41.0008 5744 mpsdrv - ok
01:25:41.0032 5744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:25:41.0049 5744 Mraid35x - ok
01:25:41.0073 5744 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:25:41.0076 5744 MRxDAV - ok
01:25:41.0099 5744 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:25:41.0102 5744 mrxsmb - ok
01:25:41.0113 5744 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:25:41.0117 5744 mrxsmb10 - ok
01:25:41.0131 5744 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:25:41.0133 5744 mrxsmb20 - ok
01:25:41.0152 5744 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
01:25:41.0171 5744 msahci - ok
01:25:41.0188 5744 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
01:25:41.0197 5744 msdsm - ok
01:25:41.0230 5744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:25:41.0231 5744 Msfs - ok
01:25:41.0260 5744 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:25:41.0261 5744 msisadrv - ok
01:25:41.0301 5744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:25:41.0322 5744 MSKSSRV - ok
01:25:41.0360 5744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:25:41.0363 5744 MSPCLOCK - ok
01:25:41.0374 5744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:25:41.0377 5744 MSPQM - ok
01:25:41.0396 5744 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:25:41.0399 5744 MsRPC - ok
01:25:41.0418 5744 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:25:41.0419 5744 mssmbios - ok
01:25:41.0436 5744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:25:41.0440 5744 MSTEE - ok
01:25:41.0449 5744 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:25:41.0450 5744 Mup - ok
01:25:41.0513 5744 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:25:41.0523 5744 NativeWifiP - ok
01:25:41.0556 5744 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:25:41.0561 5744 NDIS - ok
01:25:41.0581 5744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:25:41.0596 5744 NdisTapi - ok
01:25:41.0620 5744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:25:41.0625 5744 Ndisuio - ok
01:25:41.0660 5744 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:25:41.0686 5744 NdisWan - ok
01:25:41.0710 5744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:25:41.0728 5744 NDProxy - ok
01:25:41.0769 5744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:25:41.0771 5744 NetBIOS - ok
01:25:41.0790 5744 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
01:25:41.0819 5744 netbt - ok
01:25:41.0878 5744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:25:41.0902 5744 nfrd960 - ok
01:25:41.0928 5744 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:25:41.0930 5744 Npfs - ok
01:25:41.0954 5744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:25:41.0958 5744 nsiproxy - ok
01:25:42.0003 5744 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:25:42.0017 5744 Ntfs - ok
01:25:42.0036 5744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:25:42.0041 5744 ntrigdigi - ok
01:25:42.0053 5744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:25:42.0057 5744 Null - ok
01:25:42.0128 5744 NVENETFD (de3fcf6a5aaca198b22998330c3c64d9) C:\Windows\system32\DRIVERS\nvmfdx32.sys
01:25:42.0157 5744 NVENETFD - ok
01:25:42.0349 5744 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:25:42.0506 5744 nvlddmkm - ok
01:25:42.0540 5744 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
01:25:42.0543 5744 nvraid - ok
01:25:42.0572 5744 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
01:25:42.0582 5744 nvrd32 - ok
01:25:42.0610 5744 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
01:25:42.0614 5744 nvsmu - ok
01:25:42.0636 5744 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
01:25:42.0659 5744 nvstor - ok
01:25:42.0681 5744 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\drivers\nvstor32.sys
01:25:42.0682 5744 nvstor32 - ok
01:25:42.0715 5744 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
01:25:42.0724 5744 nv_agp - ok
01:25:42.0732 5744 NwlnkFlt - ok
01:25:42.0743 5744 NwlnkFwd - ok
01:25:42.0779 5744 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:25:42.0780 5744 ohci1394 - ok
01:25:42.0812 5744 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:25:42.0831 5744 Parport - ok
01:25:42.0855 5744 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:25:42.0856 5744 partmgr - ok
01:25:42.0877 5744 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:25:42.0881 5744 Parvdm - ok
01:25:42.0958 5744 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (ba3ec919dd303ca6700348cca1d8f317) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
01:25:42.0992 5744 PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
01:25:43.0010 5744 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:25:43.0013 5744 pci - ok
01:25:43.0040 5744 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
01:25:43.0042 5744 pciide - ok
01:25:43.0061 5744 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:25:43.0073 5744 pcmcia - ok
01:25:43.0126 5744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:25:43.0172 5744 PEAUTH - ok
01:25:43.0230 5744 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
01:25:43.0252 5744 pgfilter - ok
01:25:43.0309 5744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:25:43.0316 5744 PptpMiniport - ok
01:25:43.0338 5744 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
01:25:43.0355 5744 Processor - ok
01:25:43.0395 5744 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
01:25:43.0417 5744 Ps2 - ok
01:25:43.0448 5744 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:25:43.0450 5744 PSched - ok
01:25:43.0473 5744 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
01:25:43.0475 5744 PxHelp20 - ok
01:25:43.0512 5744 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
01:25:43.0550 5744 ql2300 - ok
01:25:43.0582 5744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:25:43.0607 5744 ql40xx - ok
01:25:43.0629 5744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:25:43.0644 5744 QWAVEdrv - ok
01:25:43.0669 5744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:25:43.0673 5744 RasAcd - ok
01:25:43.0693 5744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:25:43.0715 5744 Rasl2tp - ok
01:25:43.0751 5744 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:25:43.0757 5744 RasPppoe - ok
01:25:43.0775 5744 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:25:43.0782 5744 RasSstp - ok
01:25:43.0811 5744 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:25:43.0815 5744 rdbss - ok
01:25:43.0832 5744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:25:43.0835 5744 RDPCDD - ok
01:25:43.0854 5744 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
01:25:43.0880 5744 rdpdr - ok
01:25:43.0903 5744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:25:43.0908 5744 RDPENCDD - ok
01:25:43.0936 5744 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
01:25:43.0960 5744 RDPWD - ok
01:25:44.0028 5744 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24\RivaTuner32.sys
01:25:44.0033 5744 RivaTuner32 - ok
01:25:44.0061 5744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:25:44.0068 5744 rspndr - ok
01:25:44.0111 5744 RTL8187 (a12a7665323c99958a208b6b31cfc624) C:\Windows\system32\DRIVERS\wg111v2.sys
01:25:44.0137 5744 RTL8187 - ok
01:25:44.0197 5744 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:25:44.0215 5744 SASDIFSV - ok
01:25:44.0233 5744 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:25:44.0257 5744 SASKUTIL - ok
01:25:44.0297 5744 SbieDrv (8767091e7b57c686b3f97754c30949be) C:\Program Files\Sandboxie\SbieDrv.sys
01:25:44.0307 5744 SbieDrv - ok
01:25:44.0331 5744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:25:44.0340 5744 sbp2port - ok
01:25:44.0380 5744 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
01:25:44.0381 5744 SCMNdisP - ok
01:25:44.0410 5744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:25:44.0432 5744 secdrv - ok
01:25:44.0459 5744 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:25:44.0463 5744 Serenum - ok
01:25:44.0488 5744 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:25:44.0496 5744 Serial - ok
01:25:44.0520 5744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:25:44.0525 5744 sermouse - ok
01:25:44.0584 5744 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
01:25:44.0602 5744 sffdisk - ok
01:25:44.0620 5744 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
01:25:44.0625 5744 sffp_mmc - ok
01:25:44.0635 5744 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
01:25:44.0641 5744 sffp_sd - ok
01:25:44.0655 5744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:25:44.0659 5744 sfloppy - ok
01:25:44.0688 5744 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
01:25:44.0696 5744 sisagp - ok
01:25:44.0715 5744 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
01:25:44.0734 5744 SiSRaid2 - ok
01:25:44.0753 5744 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
01:25:44.0779 5744 SiSRaid4 - ok
01:25:44.0814 5744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:25:44.0815 5744 spldr - ok
01:25:44.0873 5744 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
01:25:44.0922 5744 sptd - ok
01:25:44.0960 5744 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:25:44.0964 5744 srv - ok
01:25:44.0990 5744 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
01:25:44.0993 5744 srv2 - ok
01:25:45.0022 5744 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
01:25:45.0024 5744 srvnet - ok
01:25:45.0053 5744 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
01:25:45.0060 5744 ssmdrv - ok
01:25:45.0126 5744 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:25:45.0131 5744 swenum - ok
01:25:45.0155 5744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:25:45.0176 5744 Symc8xx - ok
01:25:45.0196 5744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:25:45.0213 5744 Sym_hi - ok
01:25:45.0238 5744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:25:45.0244 5744 Sym_u3 - ok
01:25:45.0302 5744 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
01:25:45.0314 5744 Tcpip - ok
01:25:45.0369 5744 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
01:25:45.0375 5744 Tcpip6 - ok
01:25:45.0397 5744 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:25:45.0417 5744 tcpipreg - ok
01:25:45.0438 5744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:25:45.0442 5744 TDPIPE - ok
01:25:45.0455 5744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:25:45.0471 5744 TDTCP - ok
01:25:45.0505 5744 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:25:45.0521 5744 tdx - ok
01:25:45.0551 5744 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:25:45.0560 5744 TermDD - ok
01:25:45.0599 5744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:25:45.0614 5744 tssecsrv - ok
01:25:45.0648 5744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:25:45.0653 5744 tunmp - ok
01:25:45.0672 5744 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
01:25:45.0677 5744 tunnel - ok
01:25:45.0692 5744 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
01:25:45.0713 5744 uagp35 - ok
01:25:45.0749 5744 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:25:45.0760 5744 udfs - ok
01:25:45.0789 5744 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
01:25:45.0808 5744 uliagpkx - ok
01:25:45.0837 5744 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
01:25:45.0847 5744 uliahci - ok
01:25:45.0864 5744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:25:45.0883 5744 UlSata - ok
01:25:45.0903 5744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:25:45.0915 5744 ulsata2 - ok
01:25:45.0938 5744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:25:45.0943 5744 umbus - ok
01:25:45.0992 5744 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
01:25:46.0016 5744 usbaudio - ok
01:25:46.0044 5744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:25:46.0052 5744 usbccgp - ok
01:25:46.0088 5744 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:25:46.0110 5744 usbcir - ok
01:25:46.0144 5744 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:25:46.0165 5744 usbehci - ok
01:25:46.0198 5744 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:25:46.0209 5744 usbhub - ok
01:25:46.0234 5744 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
01:25:46.0239 5744 usbohci - ok
01:25:46.0260 5744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:25:46.0282 5744 usbprint - ok
01:25:46.0311 5744 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:25:46.0312 5744 USBSTOR - ok
01:25:46.0331 5744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
01:25:46.0351 5744 usbuhci - ok
01:25:46.0374 5744 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
01:25:46.0379 5744 usb_rndisx - ok
01:25:46.0413 5744 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
01:25:46.0435 5744 vga - ok
01:25:46.0456 5744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:25:46.0476 5744 VgaSave - ok
01:25:46.0497 5744 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
01:25:46.0506 5744 viaagp - ok
01:25:46.0529 5744 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
01:25:46.0537 5744 ViaC7 - ok
01:25:46.0559 5744 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
01:25:46.0578 5744 viaide - ok
01:25:46.0598 5744 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:25:46.0600 5744 volmgr - ok
01:25:46.0633 5744 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:25:46.0638 5744 volmgrx - ok
01:25:46.0649 5744 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:25:46.0654 5744 volsnap - ok
01:25:46.0676 5744 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
01:25:46.0685 5744 vsmraid - ok
01:25:46.0718 5744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:25:46.0734 5744 WacomPen - ok
01:25:46.0754 5744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:25:46.0761 5744 Wanarp - ok
01:25:46.0772 5744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:25:46.0774 5744 Wanarpv6 - ok
01:25:46.0808 5744 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
01:25:46.0814 5744 Wd - ok
01:25:46.0837 5744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:25:46.0844 5744 Wdf01000 - ok
01:25:46.0935 5744 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
01:25:46.0958 5744 winachsf - ok
01:25:47.0002 5744 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
01:25:47.0023 5744 WmiAcpi - ok
01:25:47.0094 5744 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
01:25:47.0100 5744 WpdUsb - ok
01:25:47.0121 5744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:25:47.0141 5744 ws2ifsl - ok
01:25:47.0179 5744 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:25:47.0208 5744 WUDFRd - ok
01:25:47.0231 5744 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
01:25:47.0234 5744 XAudio - ok
01:25:47.0247 5744 XDva385 - ok
01:25:47.0278 5744 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:25:47.0282 5744 \Device\Harddisk0\DR0 - ok
01:25:47.0295 5744 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk1\DR1
01:25:47.0475 5744 \Device\Harddisk1\DR1 - ok
01:25:47.0480 5744 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk2\DR2
01:25:47.0484 5744 \Device\Harddisk2\DR2 - ok
01:25:47.0488 5744 Boot (0x1200) (9a426c503d5fbfdec8b4824fdb11252c) \Device\Harddisk0\DR0\Partition0
01:25:47.0489 5744 \Device\Harddisk0\DR0\Partition0 - ok
01:25:47.0495 5744 Boot (0x1200) (38c6d199d328c5324100f82d26d20da4) \Device\Harddisk1\DR1\Partition0
01:25:47.0496 5744 \Device\Harddisk1\DR1\Partition0 - ok
01:25:47.0503 5744 Boot (0x1200) (c03f5bca8b2e5d7fe6db1325c698965a) \Device\Harddisk1\DR1\Partition1
01:25:47.0504 5744 \Device\Harddisk1\DR1\Partition1 - ok
01:25:47.0509 5744 Boot (0x1200) (afe2cf4ab1f00aaf1ce0454fbf859693) \Device\Harddisk2\DR2\Partition0
01:25:47.0510 5744 \Device\Harddisk2\DR2\Partition0 - ok
01:25:47.0516 5744 Boot (0x1200) (331240398687b70301c7e1b167e24ce1) \Device\Harddisk2\DR2\Partition1
01:25:47.0517 5744 \Device\Harddisk2\DR2\Partition1 - ok
01:25:47.0520 5744 ============================================================
01:25:47.0520 5744 Scan finished
01:25:47.0520 5744 ============================================================
01:25:47.0533 5884 Detected object count: 0
01:25:47.0533 5884 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 19 December 2011 - 01:53 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 19 December 2011 - 03:55 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 15:51:54
-----------------------------
15:51:54.873 OS Version: Windows 6.0.6002 Service Pack 2
15:51:54.873 Number of processors: 2 586 0x6B02
15:51:54.874 ComputerName: DEATHX-PC UserName: Deathx
15:52:11.564 Initialize success
15:54:11.721 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
15:54:11.724 Disk 0 Vendor: Maxtor_7Y250P0 YAR41BW0 Size: 239372MB BusType: 3
15:54:11.727 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000062
15:54:11.730 Disk 1 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
15:54:11.733 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000063
15:54:11.736 Disk 2 Vendor: WDC_WD20 02.0 Size: 194481MB BusType: 3
15:54:13.756 Disk 1 MBR read successfully
15:54:13.760 Disk 1 MBR scan
15:54:13.764 Disk 1 unknown MBR code
15:54:13.768 Disk 1 scanning sectors +976768065
15:54:13.834 Disk 1 scanning C:\Windows\system32\drivers
15:54:21.426 Service scanning
15:54:22.577 Modules scanning
15:54:26.504 Disk 1 trace - called modules:
15:54:26.972 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:54:26.978 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85f47ac8]
15:54:26.984 3 CLASSPNP.SYS[807308b3] -> nt!IofCallDriver -> [0x8458ef08]
15:54:26.991 5 acpi.sys[8060d6bc] -> nt!IofCallDriver -> \Device\00000062[0x8458f828]
15:54:26.997 Scan finished successfully
15:54:52.798 Disk 1 MBR has been saved successfully to "C:\Users\Deathx\Desktop\MBR.dat"
15:54:52.806 The log file has been saved successfully to "C:\Users\Deathx\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 19 December 2011 - 08:49 PM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 20 December 2011 - 01:37 AM

Before i was able to run aswMBR again i was hit with another virus. I quickly Rkilled it and got rid of it with malwarebytes but when i scanned with aswMBR it came up with some suspicious files listed.

I ran FixMBR but I'm not able to select 'fix' because the button for that is grayed out.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 01:25:27
-----------------------------
01:25:27.471 OS Version: Windows 6.0.6002 Service Pack 2
01:25:27.471 Number of processors: 2 586 0x6B02
01:25:27.473 ComputerName: DEATHX-PC UserName: Deathx
01:25:36.399 Initialize success
01:27:56.597 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
01:27:56.600 Disk 0 Vendor: Maxtor_7Y250P0 YAR41BW0 Size: 239372MB BusType: 3
01:27:56.603 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000063
01:27:56.606 Disk 1 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
01:27:56.609 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
01:27:56.612 Disk 2 Vendor: WDC_WD20 02.0 Size: 194481MB BusType: 3
01:27:58.657 Disk 1 MBR read successfully
01:27:58.660 Disk 1 MBR scan
01:27:58.663 Disk 1 unknown MBR code
01:27:58.669 Disk 1 scanning sectors +976768065
01:27:58.735 Disk 1 scanning C:\Windows\system32\drivers
01:28:05.016 File: C:\Windows\system32\drivers\netbt.sys **SUSPICIOUS**
01:28:08.210 Service scanning
01:28:09.318 Modules scanning
01:28:12.330 Module: C:\Windows\System32\DRIVERS\netbt.sys **SUSPICIOUS**
01:28:14.838 Disk 1 trace - called modules:
01:28:14.881 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8805ff10]<<
01:28:14.887 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86335ac8]
01:28:14.893 3 CLASSPNP.SYS[8a1388b3] -> nt!IofCallDriver -> [0x87f6e438]
01:28:14.899 \Driver\00001112[0x87f83478] -> IRP_MJ_CREATE -> 0x8805ff10
01:28:14.905 Scan finished successfully
01:29:25.672 Disk 1 MBR has been saved successfully to "C:\Users\Deathx\Desktop\MBR.dat"
01:29:25.718 The log file has been saved successfully to "C:\Users\Deathx\Desktop\aswMBR.txt"
01:32:22.519 Verifying
01:32:32.546 Disk 1 Windows 600 MBR fixed successfully
01:33:45.278 Disk 1 MBR has been saved successfully to "C:\Users\Deathx\Desktop\MBR.dat"
01:33:45.284 The log file has been saved successfully to "C:\Users\Deathx\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 20 December 2011 - 02:00 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 deathx88

deathx88
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 20 December 2011 - 04:08 AM

I ran that fixTDSS program, but ended up getting the blue screen of death upon restart. The first time i ran it it froze up. Second time, seemed like it was going through all right, it said it needed to restart my pc so i went along with it. When it restarted though, it gave me a blue screen of death twice before i had to do a startup repair, which then did a system restore for me.

I was a little worried there for a second. It never told me if i had an infection or not when i got back to windows, and i'm not sure if i should run that program again unless you think i should.

On a side note, i was looking at my minidumps using bluescreenviewer. I noticed i have about 6-7 other PAGE_FAULT_IN_NONPAGED_AREA errors, all leading back to June of this year, that were caused by the same ntkrlpna.exe driver. Not sure if this is relevant or not but i figured i'd let you know.



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 03:49:19
-----------------------------
03:49:19.777 OS Version: Windows 6.0.6002 Service Pack 2
03:49:19.777 Number of processors: 2 586 0x6B02
03:49:19.778 ComputerName: DEATHX-PC UserName: Deathx
03:49:21.625 Initialize success
03:51:52.973 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
03:51:52.976 Disk 0 Vendor: Maxtor_7Y250P0 YAR41BW0 Size: 239372MB BusType: 3
03:51:52.979 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000062
03:51:52.982 Disk 1 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
03:51:52.985 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000063
03:51:52.989 Disk 2 Vendor: WDC_WD20 02.0 Size: 194481MB BusType: 3
03:51:55.082 Disk 1 MBR read successfully
03:51:55.086 Disk 1 MBR scan
03:51:55.089 Disk 1 Windows VISTA default MBR code
03:51:55.094 Disk 1 scanning sectors +976768065
03:51:55.144 Disk 1 scanning C:\Windows\system32\drivers
03:52:01.819 Service scanning
03:52:02.864 Modules scanning
03:52:07.730 Disk 1 trace - called modules:
03:52:08.090 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
03:52:08.096 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8603fac8]
03:52:08.103 3 CLASSPNP.SYS[807338b3] -> nt!IofCallDriver -> [0x85369700]
03:52:08.109 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\00000062[0x8458fc90]
03:52:08.115 Scan finished successfully
03:54:12.975 Disk 1 MBR has been saved successfully to "C:\Users\Deathx\Desktop\MBR.dat"
03:54:12.981 The log file has been saved successfully to "C:\Users\Deathx\Desktop\aswMBR.txt"




Here's the two files from my minidump that came up as causing the problem.

==================================================
Filename : hal.dll
Address In Stack : hal.dll+40ed
From Address : 0x81e0f000
To Address : 0x81e42000
Size : 0x00033000
Time Stamp : 0x49e018d9
Time String : 4/10/2009 11:13:13 PM
Product Name : Microsoft« Windows« Operating System
File Description : Hardware Abstraction Layer DLL
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\hal.dll
==================================================

==================================================
Filename : ntkrnlpa.exe
Address In Stack : ntkrnlpa.exe+118800
From Address : 0x81e42000
To Address : 0x821fc000
Size : 0x003ba000
Time Stamp : 0x4cb710d6
Time String : 10/14/2010 9:16:54 AM
Product Name : Microsoft« Windows« Operating System
File Description : NT Kernel & System
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntkrnlpa.exe
==================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users