Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen and programs were empty


  • This topic is locked This topic is locked
4 replies to this topic

#1 deecallan10

deecallan10

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 08 January 2012 - 09:44 AM

I have a black screen when I sign on and my programs show empty, I know my stuff is hidden but I don't know how to show it again!!! Thank you for your help!

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Dee at 23:37:16 on 2012-01-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1118 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Play Pickle Text: {02f0243c-2e71-4a1a-a790-6c30888119d0} - c:\program files\play pickle\PPTL.DLL
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [hpqSRMon]
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\dee\appdata\roaming\micros~1\windows\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29971CE0-ED76-4A76-86C2-217595A139F4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5C99F56-B3D7-4AA5-85F5-FAC5A2FB6429} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2012-1-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2012-1-7 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111221.003\BHDrvx86.sys [2011-12-21 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120106.002\IDSvix86.sys [2012-1-6 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2012-1-7 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2012-1-7 331384]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2012-1-7 130008]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-7 106104]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca38ddcbaef080;Google Update Service (gupdate1ca38ddcbaef080);c:\program files\google\update\GoogleUpdate.exe [2009-9-18 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-18 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-07 20:20:55 -------- d-----w- c:\users\dee\appdata\roaming\SUPERAntiSpyware.com
2012-01-07 20:20:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-07 20:20:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-07 19:21:49 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0401000.00F
2012-01-07 19:21:49 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-01-07 19:21:47 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-01-07 16:13:13 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-07 16:13:12 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-07 16:13:12 -------- d-----w- c:\program files\Symantec
2012-01-07 16:12:34 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2012-01-07 16:12:34 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2012-01-07 16:12:34 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2012-01-07 16:12:34 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2012-01-07 16:12:34 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2012-01-07 16:12:34 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2012-01-07 16:12:34 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2012-01-07 16:12:19 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2012-01-07 16:12:19 -------- d-----w- c:\windows\system32\drivers\N360
2012-01-07 16:12:17 -------- d-----w- c:\program files\Norton 360
2012-01-07 13:53:42 -------- d--h--w- c:\programdata\PCSettings
2012-01-07 13:53:33 -------- d--h--w- c:\programdata\NortonInstaller
2012-01-07 13:53:33 -------- d-----w- c:\program files\NortonInstaller
2012-01-07 13:10:22 -------- d--h--w- c:\users\dee\appdata\local\Symantec
2011-12-14 18:06:20 677136 ---ha-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-12-14 13:02:07 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 13:02:06 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 13:02:04 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 13:02:04 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 13:02:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-11-18 23:02:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 23:38:16.51 ===============







GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 09:37:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0040
Running: gmer.exe; Driver: C:\Users\Dee\AppData\Local\Temp\pftdapow.sys


---- System - GMER 1.0.15 ----

SSDT 946CF408 ZwAlertResumeThread
SSDT 946CE588 ZwAlertThread
SSDT 946D4BD0 ZwAllocateVirtualMemory
SSDT 93365740 ZwAlpcConnectPort
SSDT 946DC788 ZwAssignProcessToJobObject
SSDT 946DCDB0 ZwCreateMutant
SSDT 946DB970 ZwCreateSymbolicLinkObject
SSDT 946D91E8 ZwCreateThread
SSDT 946DC8E8 ZwDebugActiveProcess
SSDT 946D4DA0 ZwDuplicateObject
SSDT 946D49F0 ZwFreeVirtualMemory
SSDT 946DCEA0 ZwImpersonateAnonymousToken
SSDT 946CF350 ZwImpersonateThread
SSDT 93365988 ZwLoadDriver
SSDT 946D48F0 ZwMapViewOfSection
SSDT 946DCCD0 ZwOpenEvent
SSDT 946D4F80 ZwOpenProcess
SSDT 946D4CC0 ZwOpenProcessToken
SSDT 946DCB10 ZwOpenSection
SSDT 946D4E90 ZwOpenThread
SSDT 946DC698 ZwProtectVirtualMemory
SSDT 946CE980 ZwResumeThread
SSDT 946CEC20 ZwSetContextThread
SSDT 946CED00 ZwSetInformationProcess
SSDT 946DC9C8 ZwSetSystemInformation
SSDT 946DCBF0 ZwSuspendProcess
SSDT 946CEA60 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x9A533640]
SSDT 946CEB40 ZwTerminateThread
SSDT 946D4810 ZwUnmapViewOfSection
SSDT 946D4AE0 ZwWriteVirtualMemory
SSDT 946DBD38 ZwCreateThreadEx

INT 0x61 ? 91C59A50
INT 0x71 ? 91C59CD0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 826C38A0 8 Bytes [08, F4, 6C, 94, 88, E5, 6C, ...] {OR AH, DH; INSB ; XCHG ESP, EAX; MOV CH, AH; INSB ; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 131 826C38B4 4 Bytes [D0, 4B, 6D, 94] {ROR BYTE [EBX+0x6d], 0x1; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 826C38C0 4 Bytes [40, 57, 36, 93]
.text ntkrnlpa.exe!KeSetEvent + 191 826C3914 4 Bytes [88, C7, 6D, 94] {MOV BH, AL; INSD ; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1F5 826C3978 4 Bytes [B0, CD, 6D, 94] {MOV AL, 0xcd; INSD ; XCHG ESP, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD50480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD91900, 0x3CA, 0x48000040]
? C:\Users\Dee\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2640] ntdll.dll!NtMapViewOfSection 773C4974 5 Bytes JMP 03AD003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] kernel32.dll!ReadProcessMemory + 3E 76A01CB3 7 Bytes JMP 03AD00F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] kernel32.dll!WriteProcessMemory + 106 76A01DBE 7 Bytes JMP 03AD0319
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] kernel32.dll!CreateIoCompletionPort + 52 76A29DA6 7 Bytes JMP 03AD03CF
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] kernel32.dll!VirtualAllocEx + 54 76A4AF70 7 Bytes JMP 03AD0263
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] kernel32.dll!GetProcessHandleCount + 35 76A95D4F 7 Bytes JMP 03AD01AD
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!CreateDialogParamW 76C372A2 5 Bytes JMP 67D2DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!GetAsyncKeyState 76C3863C 5 Bytes JMP 67C48EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 67D29AD1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!CallNextHookEx 76C38E3B 5 Bytes JMP 67D1D13D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!UnhookWindowsHookEx 76C398DB 5 Bytes JMP 67C946AE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!EnableWindow 76C3CD8B 5 Bytes JMP 67D2DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!CreateWindowExW 76C41305 5 Bytes JMP 67D2DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!GetKeyState 76C48CB1 5 Bytes JMP 67D2D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!IsDialogMessageW 76C50745 5 Bytes JMP 67C55A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!CreateDialogParamA 76C517AA 5 Bytes JMP 67E26003 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!IsDialogMessage 76C51847 5 Bytes JMP 67E2589F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!CreateDialogIndirectParamA 76C526F1 5 Bytes JMP 67E2603A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!CreateDialogIndirectParamW 76C59A62 5 Bytes JMP 67E26071 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!SetKeyboardState 76C60987 5 Bytes JMP 67E25C0E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamW 76C610B0 5 Bytes JMP 67C55505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamW 76C62EF5 5 Bytes JMP 67E25397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!SendInput 76C62F75 5 Bytes JMP 67E267CB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!EndDialog 76C6326E 5 Bytes JMP 67C57EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!SetCursorPos 76C76FB2 5 Bytes JMP 67E2681F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamA 76C78152 5 Bytes JMP 67E25334 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamA 76C7847D 5 Bytes JMP 67E253FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectA 76C8D4D9 5 Bytes JMP 67E252C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectW 76C8D5D3 5 Bytes JMP 67E2525E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExA 76C8D639 5 Bytes JMP 67E251FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExW 76C8D65D 5 Bytes JMP 67E2519A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!keybd_event 76C8D972 5 Bytes JMP 67E26B4F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] SHELL32.dll!SHRestricted + D95 75F489A8 4 Bytes [4D, 30, BA, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] SHELL32.dll!SHRestricted + D9D 75F489B0 8 Bytes [57, 2F, BA, 6F, 9C, 5B, B9, ...] {PUSH EDI; DAS ; MOV EDX, 0xb95b9c6f; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] ole32.dll!OleLoadFromStream 76B01E80 5 Bytes JMP 67E256FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] ole32.dll!CoGetTreatAsClass + D2F 76B1FAE3 7 Bytes JMP 03AD0485
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] ole32.dll!CoCreateInstance 76B39F3E 5 Bytes JMP 67D2DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] ole32.dll!CoCreateInstance + 3E 76B39F7C 7 Bytes JMP 03AD053F
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateWindowExW 76C41305 5 Bytes JMP 67D2DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxParamW 76C610B0 5 Bytes JMP 67C55505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxIndirectParamW 76C62EF5 5 Bytes JMP 67E25397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxParamA 76C78152 5 Bytes JMP 67E25334 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxIndirectParamA 76C7847D 5 Bytes JMP 67E253FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxIndirectA 76C8D4D9 5 Bytes JMP 67E252C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxIndirectW 76C8D5D3 5 Bytes JMP 67E2525E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxExA 76C8D639 5 Bytes JMP 67E251FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxExW 76C8D65D 5 Bytes JMP 67E2519A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] ntdll.dll!NtMapViewOfSection 773C4974 5 Bytes JMP 0504003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] kernel32.dll!ReadProcessMemory + 3E 76A01CB3 7 Bytes JMP 050400F7
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] kernel32.dll!WriteProcessMemory + 106 76A01DBE 7 Bytes JMP 05040319
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] kernel32.dll!CreateIoCompletionPort + 52 76A29DA6 7 Bytes JMP 050403CF
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] kernel32.dll!VirtualAllocEx + 54 76A4AF70 7 Bytes JMP 05040263
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] kernel32.dll!GetProcessHandleCount + 35 76A95D4F 7 Bytes JMP 050401AD
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!CreateDialogParamW 76C372A2 5 Bytes JMP 67D2DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!GetAsyncKeyState 76C3863C 5 Bytes JMP 67C48EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 67D29AD1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!CallNextHookEx 76C38E3B 5 Bytes JMP 67D1D13D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!UnhookWindowsHookEx 76C398DB 5 Bytes JMP 67C946AE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!EnableWindow 76C3CD8B 5 Bytes JMP 67D2DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!CreateWindowExW 76C41305 5 Bytes JMP 67D2DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!GetKeyState 76C48CB1 5 Bytes JMP 67D2D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!IsDialogMessageW 76C50745 5 Bytes JMP 67C55A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!CreateDialogParamA 76C517AA 5 Bytes JMP 67E26003 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!IsDialogMessage 76C51847 5 Bytes JMP 67E2589F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!CreateDialogIndirectParamA 76C526F1 5 Bytes JMP 67E2603A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!CreateDialogIndirectParamW 76C59A62 5 Bytes JMP 67E26071 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!SetKeyboardState 76C60987 5 Bytes JMP 67E25C0E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!DialogBoxParamW 76C610B0 5 Bytes JMP 67C55505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!DialogBoxIndirectParamW 76C62EF5 5 Bytes JMP 67E25397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!SendInput 76C62F75 5 Bytes JMP 67E267CB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!EndDialog 76C6326E 5 Bytes JMP 67C57EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!SetCursorPos 76C76FB2 5 Bytes JMP 67E2681F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!DialogBoxParamA 76C78152 5 Bytes JMP 67E25334 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!DialogBoxIndirectParamA 76C7847D 5 Bytes JMP 67E253FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!MessageBoxIndirectA 76C8D4D9 5 Bytes JMP 67E252C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!MessageBoxIndirectW 76C8D5D3 5 Bytes JMP 67E2525E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!MessageBoxExA 76C8D639 5 Bytes JMP 67E251FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!MessageBoxExW 76C8D65D 5 Bytes JMP 67E2519A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] USER32.dll!keybd_event 76C8D972 5 Bytes JMP 67E26B4F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] SHELL32.dll!SHRestricted + D95 75F489A8 4 Bytes [4D, 30, BA, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] SHELL32.dll!SHRestricted + D9D 75F489B0 8 Bytes [57, 2F, BA, 6F, 9C, 5B, B9, ...] {PUSH EDI; DAS ; MOV EDX, 0xb95b9c6f; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] ole32.dll!OleLoadFromStream 76B01E80 5 Bytes JMP 67E256FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] ole32.dll!CoGetTreatAsClass + D2F 76B1FAE3 7 Bytes JMP 05040485
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] ole32.dll!CoCreateInstance 76B39F3E 5 Bytes JMP 67D2DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5268] ole32.dll!CoCreateInstance + 3E 76B39F7C 7 Bytes JMP 0504053F

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----




Thank you for your help!!!

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:52 PM

Posted 13 January 2012 - 03:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 deecallan10

deecallan10
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 23 January 2012 - 11:24 AM

Still have not fixed the problem, I will run and post ASAP!!!

Thank

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:52 PM

Posted 29 January 2012 - 09:05 AM

Heya,
it's been a couple of days. Everything alright?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:52 PM

Posted 06 February 2012 - 09:51 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users