Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website verification


  • This topic is locked This topic is locked
5 replies to this topic

#1 midou1994

midou1994

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 22 June 2012 - 01:13 PM

Hi

My system has Kaspersky upto date (12.0.0.374)


I have been receiveing a few verification requests and websites like google to see if the person using this system is human or may be some machine am not sure but one website claimed that i may have a security risk in my system although their was no Anti malware application suggested..


this system is used for banking...

So just wannabe be sure if their are no nasties hiding...


Hitman Pro and kaspersky report the system is clean but I wanna make sure..




Update I went to http://www.animenewsnetwork.com

Even they asked for verification suprisingly even google has asked me.........

for the second time

The system is fine Download speed and system speed both seem fine

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Home at 23:55:48 on 2012-06-22
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.91.1033.18.3325.1765 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{85909221-C555-452B-B59F-DF972BB1DDBB} : NameServer = 192.168.1.1,218.248.255.161
Notify: klogon - c:\windows\system32\klogon.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\hwdeviceservice.exe -/service --> c:\programdata\datacardservice\HWDeviceService.exe -/service [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-7 218688]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-3-29 73216]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-6-11 80824]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-6-11 20032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-3-29 102784]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-6-11 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-22 18:20:40 -------- d-----w- c:\program files\Oracle
2012-06-22 18:20:15 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-18 06:49:51 -------- d-----w- c:\users\home\appdata\local\NPE
2012-06-18 06:49:51 -------- d-----w- c:\programdata\Norton
2012-06-16 19:27:30 -------- d-----w- c:\program files\Xilisoft
2012-06-16 11:50:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-06-16 11:50:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-06-15 20:29:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c849171-74f8-4f0b-a349-7173132f4b6d}\mpengine.dll
2012-06-13 15:17:06 65602 ----a-w- c:\windows\system32\cook3260.dll
2012-06-13 15:17:06 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2012-06-13 15:17:06 217127 ----a-w- c:\windows\system32\drv43260.dll
2012-06-13 15:17:06 208935 ----a-w- c:\windows\system32\drv33260.dll
2012-06-13 15:17:06 176165 ----a-w- c:\windows\system32\drv23260.dll
2012-06-13 15:17:06 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2012-06-13 15:17:06 102439 ----a-w- c:\windows\system32\sipr3260.dll
2012-06-13 15:17:06 -------- d-----w- c:\program files\vso
2012-06-12 11:36:38 -------- d-----w- c:\programdata\HitmanPro
2012-06-12 11:36:38 -------- d-----w- c:\program files\HitmanPro
2012-06-11 17:41:45 -------- d-----w- c:\program files\MyFree Codec
2012-06-11 17:38:41 -------- d-----w- c:\users\home\appdata\roaming\Temp
2012-06-11 17:38:24 -------- d-----w- C:\Temp
2012-06-11 17:34:59 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-06-11 17:34:59 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-11 17:34:59 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-11 17:34:58 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-11 17:32:39 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-06-11 17:32:39 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-06-11 17:32:39 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-06-11 17:11:41 -------- d-----w- c:\users\home\appdata\local\Samsung
2012-06-11 17:11:34 -------- d-----w- c:\users\home\appdata\roaming\Samsung
2012-06-11 16:43:20 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-11 16:42:37 -------- d-----w- c:\program files\Samsung
2012-06-11 16:42:36 -------- d-----w- c:\programdata\Samsung
2012-06-11 16:25:40 -------- d-----w- c:\users\home\appdata\local\Downloaded Installations
2012-06-08 07:11:57 -------- d-----w- c:\program files\Sierra On-Line
2012-06-08 07:11:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-06-07 05:56:36 -------- d-----w- c:\program files\Auslogics
2012-06-07 05:56:16 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-07 05:56:13 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-06-07 05:56:12 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-06-07 05:56:12 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-07 05:56:12 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-07 05:56:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-06-07 05:56:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-07 05:56:09 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-07 05:56:09 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 05:55:56 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-07 05:55:19 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-07 05:55:19 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-07 05:55:19 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-07 05:55:19 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-06-07 05:55:19 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-06-07 05:55:19 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-28 19:08:50 330240 ----a-w- c:\windows\MASetupCaller.dll
.
==================== Find3M ====================
.
2012-06-07 06:15:09 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-05-04 13:59:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 17:31:47 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-03-29 17:31:47 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-03-29 17:31:47 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-03-29 17:31:47 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-03-29 17:31:47 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-03-29 17:31:47 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-03-29 17:31:47 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-03-29 17:31:47 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-03-29 17:31:47 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-03-29 17:31:47 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-03-29 17:31:47 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
.
============= FINISH: 23:56:17.28 ===============
Gmer log



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-23 00:55:10
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-60M0A0 rev.02.03E02
Running: b7he9pkd.exe; Driver: C:\Users\Home\AppData\Local\Temp\kxldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x924DF28A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x924F9342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x924F9678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x924F99EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x924DFD04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x924F902A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x924E0276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x924E0164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x924F94E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x924DF046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x924E038E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x924FA8D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x924DF8BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x924F95B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x924E074E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x924DFD46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x924E1750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x924E0840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x924FA8F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x924F7840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x924E0308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x924E01F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x924DF4C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x924E0B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x924E0420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x924DF3B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwPlugPlayControl [0x924FA8E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x924E055C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x924F7A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x924E10D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x924E09E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x924F97DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x924F972A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x924F9848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x924E15F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x924F91B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x924DFBA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x924E05FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x924E1222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x924E1316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x924E1450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x924E0670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x924DF664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x924DF5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x924E0F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x924DF750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x924DFA2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x924E04A6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 846C67DC 4 Bytes [8A, F2, 4D, 92] {MOV DH, DL; DEC EBP; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 846C6800 8 Bytes [42, 93, 4F, 92, 78, 96, 4F, ...] {INC EDX; XCHG EBX, EAX; DEC EDI; XCHG EDX, EAX; JS 0xffffffffffffff9c; DEC EDI; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 181 846C6844 4 Bytes [EE, 99, 4F, 92] {OUT DX, AL ; CDQ ; DEC EDI; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1A9 846C686C 4 Bytes [04, FD, 4D, 92] {ADD AL, 0xfd; DEC EBP; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1C1 846C6884 4 Bytes [2A, 90, 4F, 92]
.text ...
? C:\Users\Home\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtCreateFile + 6 7715424A 4 Bytes [28, 00, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtCreateFile + B 7715424F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtMapViewOfSection + 6 7715499A 1 Byte [28]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtMapViewOfSection + 6 7715499A 4 Bytes [28, 03, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtMapViewOfSection + B 7715499F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenFile + 6 77154A2A 4 Bytes [68, 00, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenFile + B 77154A2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcess + 6 77154AAA 4 Bytes [A8, 01, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcess + B 77154AAF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessToken + B 77154ABF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessTokenEx + 6 77154ACA 4 Bytes [A8, 02, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenProcessTokenEx + B 77154ACF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThread + 6 77154B1A 4 Bytes [68, 01, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThread + B 77154B1F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadToken + 6 77154B2A 4 Bytes [68, 02, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadToken + B 77154B2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtOpenThreadTokenEx + B 77154B3F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryAttributesFile + 6 77154BCA 4 Bytes [A8, 00, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryAttributesFile + B 77154BCF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtQueryFullAttributesFile + B 77154C7F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationFile + 6 7715515A 4 Bytes [28, 01, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationFile + B 7715515F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationThread + 6 771551AA 4 Bytes [28, 02, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtSetInformationThread + B 771551AF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 1 Byte [68]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 4 Bytes [68, 03, 37, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!NtUnmapViewOfSection + B 7715544F 1 Byte [E2]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2064] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2064] ntdll.dll!NtProtectVirtualMemory 77154BA4 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2064] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2064] USER32.dll!SetScrollInfo + 7A8 757D7980 4 Bytes [E0, 13, 54, 67]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2576] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2576] ntdll.dll!NtProtectVirtualMemory 77154BA4 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2576] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2576] USER32.dll!SetScrollInfo + 7A8 757D7980 4 Bytes [E0, 13, 54, 67]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtCreateFile + 6 7715424A 4 Bytes [28, 00, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtCreateFile + B 7715424F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + 6 7715499A 1 Byte [28]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + 6 7715499A 4 Bytes [28, 03, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + B 7715499F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenFile + 6 77154A2A 4 Bytes [68, 00, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenFile + B 77154A2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcess + 6 77154AAA 4 Bytes [A8, 01, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcess + B 77154AAF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessToken + B 77154ABF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessTokenEx + 6 77154ACA 4 Bytes [A8, 02, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessTokenEx + B 77154ACF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThread + 6 77154B1A 4 Bytes [68, 01, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThread + B 77154B1F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadToken + 6 77154B2A 4 Bytes [68, 02, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadToken + B 77154B2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadTokenEx + B 77154B3F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryAttributesFile + 6 77154BCA 4 Bytes [A8, 00, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryAttributesFile + B 77154BCF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryFullAttributesFile + B 77154C7F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationFile + 6 7715515A 4 Bytes [28, 01, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationFile + B 7715515F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationThread + 6 771551AA 4 Bytes [28, 02, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationThread + B 771551AF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 1 Byte [68]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 4 Bytes [68, 03, 48, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + B 7715544F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtCreateFile + 6 7715424A 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtCreateFile + B 7715424F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtMapViewOfSection + 6 7715499A 1 Byte [28]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtMapViewOfSection + 6 7715499A 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtMapViewOfSection + B 7715499F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenFile + 6 77154A2A 4 Bytes [68, 00, 20, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenFile + B 77154A2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcess + 6 77154AAA 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcess + B 77154AAF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcessToken + B 77154ABF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcessTokenEx + 6 77154ACA 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcessTokenEx + B 77154ACF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThread + 6 77154B1A 4 Bytes [68, 01, 20, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThread + B 77154B1F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThreadToken + 6 77154B2A 4 Bytes [68, 02, 20, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThreadToken + B 77154B2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThreadTokenEx + B 77154B3F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtQueryAttributesFile + 6 77154BCA 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtQueryAttributesFile + B 77154BCF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtQueryFullAttributesFile + B 77154C7F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationFile + 6 7715515A 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationFile + B 7715515F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationThread + 6 771551AA 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationThread + B 771551AF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 1 Byte [68]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 4 Bytes [68, 03, 20, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtUnmapViewOfSection + B 7715544F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtCreateFile + 6 7715424A 4 Bytes [28, 00, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtCreateFile + B 7715424F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtMapViewOfSection + 6 7715499A 1 Byte [28]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtMapViewOfSection + 6 7715499A 4 Bytes [28, 03, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtMapViewOfSection + B 7715499F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenFile + 6 77154A2A 4 Bytes [68, 00, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenFile + B 77154A2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcess + 6 77154AAA 4 Bytes [A8, 01, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcess + B 77154AAF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcessToken + B 77154ABF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcessTokenEx + 6 77154ACA 4 Bytes [A8, 02, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcessTokenEx + B 77154ACF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThread + 6 77154B1A 4 Bytes [68, 01, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThread + B 77154B1F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThreadToken + 6 77154B2A 4 Bytes [68, 02, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThreadToken + B 77154B2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThreadTokenEx + B 77154B3F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtQueryAttributesFile + 6 77154BCA 4 Bytes [A8, 00, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtQueryAttributesFile + B 77154BCF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtQueryFullAttributesFile + B 77154C7F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationFile + 6 7715515A 4 Bytes [28, 01, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationFile + B 7715515F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationThread + 6 771551AA 4 Bytes [28, 02, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationThread + B 771551AF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 1 Byte [68]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 4 Bytes [68, 03, 25, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtUnmapViewOfSection + B 7715544F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtCreateFile + 6 7715424A 4 Bytes [28, 00, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtCreateFile + B 7715424F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtMapViewOfSection + 6 7715499A 1 Byte [28]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtMapViewOfSection + 6 7715499A 4 Bytes [28, 03, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtMapViewOfSection + B 7715499F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenFile + 6 77154A2A 4 Bytes [68, 00, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenFile + B 77154A2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcess + 6 77154AAA 4 Bytes [A8, 01, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcess + B 77154AAF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcessToken + B 77154ABF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcessTokenEx + 6 77154ACA 4 Bytes [A8, 02, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenProcessTokenEx + B 77154ACF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThread + 6 77154B1A 4 Bytes [68, 01, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThread + B 77154B1F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThreadToken + 6 77154B2A 4 Bytes [68, 02, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThreadToken + B 77154B2F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtOpenThreadTokenEx + B 77154B3F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtQueryAttributesFile + 6 77154BCA 4 Bytes [A8, 00, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtQueryAttributesFile + B 77154BCF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtQueryFullAttributesFile + B 77154C7F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationFile + 6 7715515A 4 Bytes [28, 01, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationFile + B 7715515F 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationThread + 6 771551AA 4 Bytes [28, 02, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtSetInformationThread + B 771551AF 1 Byte [E2]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 1 Byte [68]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtUnmapViewOfSection + 6 7715544A 4 Bytes [68, 03, 1E, 00]
.text C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe[5948] ntdll.dll!NtUnmapViewOfSection + B 7715544F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by midou1994, 22 June 2012 - 02:27 PM.

Midou

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 27 June 2012 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

Lets check further.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please post the logs for my review.

#3 midou1994

midou1994
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 27 June 2012 - 01:46 PM

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2008
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.2.159.1 Flash Player out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 00:17:42
-----------------------------
00:17:42.988 OS Version: Windows 6.0.6002 Service Pack 2
00:17:42.988 Number of processors: 2 586 0x170A
00:17:42.988 ComputerName: HOME-PC UserName: Home
00:18:07.448 Initialize success
00:18:25.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:18:25.829 Disk 0 Vendor: WDC_WD3200AAJS-60M0A0 02.03E02 Size: 305245MB BusType: 3
00:18:25.829 Disk 0 MBR read successfully
00:18:25.829 Disk 0 MBR scan
00:18:25.844 Disk 0 Windows VISTA default MBR code
00:18:25.844 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105244 MB offset 2048
00:18:25.860 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199999 MB offset 215541760
00:18:25.860 Disk 0 scanning sectors +625139712
00:18:25.938 Disk 0 scanning C:\Windows\system32\drivers
00:18:30.542 Service scanning
00:18:33.864 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
00:18:33.896 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
00:18:33.927 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
00:18:33.958 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
00:18:39.610 Modules scanning
00:18:43.131 Disk 0 trace - called modules:
00:18:43.147 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:18:43.147 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868ef8b0]
00:18:43.162 3 CLASSPNP.SYS[8bdaa8b3] -> nt!IofCallDriver -> [0x8614b918]
00:18:43.162 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85749b98]
00:18:43.162 Scan finished successfully
00:19:19.243 Disk 0 MBR has been saved successfully to "C:\Users\Home\Documents\MBR.dat"
00:19:19.243 The log file has been saved successfully to "C:\Users\Home\Documents\aswMBR.txt"


ComboFix 12-06-27.01 - Home 28-06-2012 1:02.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.91.1033.18.3325.2169 [GMT 5.5:30]
Running from: d:\downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Home\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 19:36 . 2012-06-27 19:36 -------- d-----w- c:\users\Home\AppData\Local\temp
2012-06-27 19:36 . 2012-06-27 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 18:01 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE59861D-394F-4006-A42F-6AF1D50C03C0}\mpengine.dll
2012-06-26 12:27 . 2012-06-26 12:55 -------- d-----w- c:\users\UpdatusUser
2012-06-26 12:27 . 2012-02-29 20:56 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-26 12:27 . 2012-02-29 20:55 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-06-26 12:27 . 2012-02-29 20:53 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-26 12:27 . 2012-02-29 20:53 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-26 12:27 . 2012-02-29 20:53 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-06-26 12:27 . 2012-02-29 23:59 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-06-26 12:27 . 2012-02-29 23:59 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-06-26 12:25 . 2012-06-26 12:27 -------- d-----w- C:\NVIDIA
2012-06-25 18:48 . 2012-06-25 18:48 -------- d-----w- c:\windows\system32\System32
2012-06-24 18:57 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-24 18:57 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-24 17:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 17:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 17:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 17:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 17:46 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 17:46 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 17:46 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 17:45 . 2012-06-02 09:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 17:45 . 2012-06-02 09:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 18:24 . 2012-06-22 18:24 -------- d-----w- c:\program files\Common Files\Java
2012-06-22 18:20 . 2012-06-22 18:20 -------- d-----w- c:\program files\Oracle
2012-06-22 18:20 . 2012-05-04 13:59 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-18 06:49 . 2012-06-24 19:55 -------- d-----w- c:\users\Home\AppData\Local\NPE
2012-06-18 06:49 . 2012-06-24 18:53 -------- d-----w- c:\programdata\Norton
2012-06-16 19:27 . 2012-06-16 19:27 -------- d-----w- c:\program files\Xilisoft
2012-06-16 11:50 . 2011-08-22 11:03 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-06-16 11:50 . 2011-08-22 11:02 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-06-13 15:19 . 2012-06-26 12:55 -------- d-----w- c:\users\Home\AppData\Roaming\Vso
2012-06-13 15:17 . 2012-06-13 15:17 -------- d-----w- c:\program files\vso
2012-06-13 15:17 . 2009-09-02 08:14 65602 ----a-w- c:\windows\system32\cook3260.dll
2012-06-13 15:17 . 2009-09-02 08:14 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2012-06-13 15:17 . 2009-09-02 08:14 217127 ----a-w- c:\windows\system32\drv43260.dll
2012-06-13 15:17 . 2009-09-02 08:14 208935 ----a-w- c:\windows\system32\drv33260.dll
2012-06-13 15:17 . 2009-09-02 08:14 176165 ----a-w- c:\windows\system32\drv23260.dll
2012-06-13 15:17 . 2009-09-02 08:14 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2012-06-13 15:17 . 2009-09-02 08:14 102439 ----a-w- c:\windows\system32\sipr3260.dll
2012-06-12 11:36 . 2012-06-12 11:36 -------- d-----w- c:\programdata\HitmanPro
2012-06-12 11:36 . 2012-06-12 11:36 -------- d-----w- c:\program files\HitmanPro
2012-06-11 17:38 . 2012-06-11 17:38 -------- d-----w- C:\Temp
2012-06-11 17:34 . 2012-05-21 02:09 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-11 17:34 . 2010-12-21 05:55 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-06-11 17:34 . 2010-12-21 05:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-11 17:34 . 2012-05-21 02:09 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-11 17:32 . 2012-05-23 13:19 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-06-11 17:32 . 2012-05-23 13:19 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-06-11 17:32 . 2012-05-23 13:19 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-06-11 17:11 . 2012-06-12 02:54 -------- d-----w- c:\users\Home\AppData\Local\Samsung
2012-06-11 17:11 . 2012-06-11 17:31 -------- d-----w- c:\users\Home\AppData\Roaming\Samsung
2012-06-11 16:43 . 2012-05-23 13:20 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-11 16:42 . 2012-06-11 17:05 -------- d-----w- c:\program files\Samsung
2012-06-11 16:42 . 2012-06-11 17:32 -------- d-----w- c:\programdata\Samsung
2012-06-11 16:25 . 2012-06-11 16:25 -------- d-----w- c:\users\Home\AppData\Local\Downloaded Installations
2012-06-08 07:11 . 1998-01-23 06:52 304128 ----a-w- c:\windows\IsUninst.exe
2012-06-07 05:56 . 2012-06-07 05:56 -------- d-----w- c:\program files\Auslogics
2012-06-07 05:56 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-07 05:56 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-06-07 05:56 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-07 05:56 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-07 05:56 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-06-07 05:56 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-06-07 05:56 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-07 05:56 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-07 05:55 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-07 05:55 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-07 05:55 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-07 05:55 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-07 05:55 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-07 05:55 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-06-07 05:55 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-07 06:15 . 2011-05-08 17:59 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-05-28 19:08 . 2012-05-28 19:08 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-23 13:19 . 2012-05-23 13:19 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-05-23 13:19 . 2012-05-23 13:19 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-05-23 13:19 . 2012-05-23 13:19 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-05-23 13:19 . 2012-05-23 13:19 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 13:19 . 2012-05-23 13:19 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 13:19 . 2012-05-23 13:19 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-05-23 13:19 . 2012-05-23 13:19 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-05-23 13:19 . 2012-05-23 13:19 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 13:19 . 2012-05-23 13:19 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-05-23 13:19 . 2012-05-23 13:19 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-05-23 13:19 . 2012-05-23 13:19 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-05-23 13:19 . 2012-05-23 13:19 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-05-23 13:19 . 2012-05-23 13:19 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-05-23 13:19 . 2012-05-23 13:19 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-05-23 13:19 . 2012-05-23 13:19 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-05-23 13:19 . 2012-05-23 13:19 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-05-23 13:19 . 2012-05-23 13:19 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-05-23 13:19 . 2012-05-23 13:19 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-05-23 13:19 . 2012-05-23 13:19 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-05-23 13:19 . 2012-05-23 13:19 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-05-23 13:19 . 2012-05-23 13:19 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-05-23 13:19 . 2012-05-23 13:19 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-05-23 13:19 . 2012-05-23 13:19 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-05-23 13:19 . 2012-05-23 13:19 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-05-23 13:19 . 2012-05-23 13:19 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-05-23 13:19 . 2012-05-23 13:19 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-05-23 13:19 . 2012-05-23 13:19 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-05-04 13:59 . 2011-05-02 17:57 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk /p \??\d:\0autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1376985063-3377583767-349049525-1000]
"EnableNotificationsRef"=dword:00000004
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 06:37 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 03:39]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376985063-3377583767-349049525-1000Core.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 09:18]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376985063-3377583767-349049525-1000UA.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 09:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{85909221-C555-452B-B59F-DF972BB1DDBB}: NameServer = 192.168.1.1,218.248.255.161
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 01:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-28 01:08:07
ComboFix-quarantined-files.txt 2012-06-27 19:38
.
Pre-Run: 83,635,535,872 bytes free
Post-Run: 83,548,811,264 bytes free
.
- - End Of File - - 13B828941D08942E05E34C3D9F7063D1





Hi

the file deleted muzapp.exe I think it belongs to Samsung Kies am not sure would be nice if you could confirm it for me :)

Attached Files

  • Attached File  MBR.zip   553bytes   1 downloads

Edited by midou1994, 27 June 2012 - 02:48 PM.

Midou

#4 midou1994

midou1994
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 27 June 2012 - 04:22 PM

Downloaded Malware Bytes and ran a Full system Scan

Here is the Log..



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Home :: HOME-PC [administrator]

28-06-2012 01:32:46
mbam-log-2012-06-28 (01-32-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 307509
Time elapsed: 1 hour(s), 16 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Midou

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 28 June 2012 - 07:27 AM

The file c:\windows\system32\muzapp.exe as also been identified as malware.
http://www.spydig.com/file-diagnosis/muzapp-exe.html

Lets check it out.

>>> Run Jotti's malware scan: Please copy this line (in bold):
c:\qoobox\quarantine\c\windows\system32\muzapp.exe.vir
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

If found to be good we can restore it.

Please let me know of any remaining issues with this computer.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 AM

Posted 04 July 2012 - 09:23 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users