Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy > > >

.exe & Bad image pop ups before and after logon

(New)
(!)

kaboosh's Avatar
kaboosh kaboosh is offline
Computer Specs
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Kuwait
Experience: Beginner
12-Jun-2011, 08:07 AM #1
Unhappy .exe & Bad image pop ups before and after logon
HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:10 PM, on 12-Jun-11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.kis.in:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;my.kis.in
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-16210149-2343414587-354121707-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC289959-613D-410E-A085-F40B1E1AE96C}: NameServer = 192.168.1.1,218.248.240.23
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: DydifforMci - {7DFE0ADB-EE12-4568-A2D9-E2B3837E29D9} - (no file)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVO2009 Defrag - Systweak Inc. - C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\iDumpPro\NMSAccessU.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Unknown owner - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 8278 bytes



Attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.4
Adobe Reader 9.4.4
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Vista Optimizer 2009
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athens 2004 (v1.0.0)
Badge 1280x1024
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Command & Conquer Red Alert 2
Command && Conquer Red Alert 2 - Yuri's Revenge
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Counter-Strike
Counter-Strike: Condition Zero
Counter-Strike: Condition Zero Deleted Scenes
DAEMON Tools Pro
Dell Mobile Broadband Card Utility
Dell Resource CD
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
DMGExtractor
DriverMax 5
Free PDF to Word Doc Converter v1.1
FrostWire 4.21.7
Google Update Helper
Graph 4.3
HiJackThis
IB Questionbank Chemistry Standard and Higher Level
IB Questionbank Economics SL and HL
IB Questionbank Mathematics Higher and Standard Level
IB Questionbank Physics Standard and Higher Level
iDumpPro
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Laptop Integrated Webcam Driver (1.04.01.1011)
Left 4 Dead Demo
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Marvell Miniport Driver
MediaDirect
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Need for Speed™ Carbon
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
Norton 360
OGA Notifier 2.0.0048.0
PDF Settings
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RocketDock 1.3.5
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SigmaTel Audio
Skype™ 4.2
Steam
Team Fortress 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.10
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Upload Tool
WinRAR archiver
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12-Jun-11 1:21:53 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
12-Jun-11 1:21:53 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11-Jun-11 4:27:31 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
11-Jun-11 3:53:53 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
11-Jun-11 3:51:37 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-OfflineFiles/Operational.
11-Jun-11 12:37:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11-Jun-11 12:37:32 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11-Jun-11 11:36:13 AM, Error: Microsoft-Windows-WAS [5002] - Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.
11-Jun-11 11:25:57 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11-Jun-11 11:14:53 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: Access is denied.
11-Jun-11 10:32:42 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter.
11-Jun-11 10:32:42 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant.
11-Jun-11 10:32:42 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Problem-Steps-Recorder.
11-Jun-11 10:26:06 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
11-Jun-11 10:25:30 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-TerminalServices-LocalSessionManager/Operational.
11-Jun-11 10:23:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
11-Jun-11 10:23:54 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: Bonjour Service is not a valid Win32 application.
11-Jun-11 10:23:54 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


DDs log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by nmo009 at 13:20:22 on 2011-06-12
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyServer = proxy2.kis.in:3128
uInternet Settings,ProxyOverride = *.local;my.kis.in
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Yahoo Messenger]
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: UseDesktopIniCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA}\35369656E63656 : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA}\355636F6E646C416E676 : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA}\55352593130363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA}\A516A696C6 : DhcpNameServer = 196.1.69.99 196.1.69.100
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA}\C4962627162797 : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA}\C696E6B6379737 : DhcpNameServer = 195.226.228.72 195.226.228.74 192.168.1.1
TCP: Interfaces\{12DB6556-C169-475E-B115-368D8314E9EA}\E4544574541425 : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{DFD183B8-E625-4C17-B47C-E983C34297FA} : DhcpNameServer = 195.226.228.72 195.226.228.74 192.168.1.1
TCP: Interfaces\{DFD183B8-E625-4C17-B47C-E983C34297FA}\55352593130363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC289959-613D-410E-A085-F40B1E1AE96C} : NameServer = 192.168.1.1,218.248.240.23
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: {7DFE0ADB-EE12-4568-A2D9-E2B3837E29D9} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nmo009\appdata\roaming\mozilla\firefox\profiles\xr5oj6e5.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\nmo009\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dl l
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-06-11 10:14:08 388096 -c--a-r- c:\users\nmo009\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-11 10:14:08 -------- dc----w- c:\program files\Trend Micro
2011-06-11 08:25:29 233024 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-11 08:24:00 -------- dc----w- c:\program files\DAEMON Tools Pro
2011-06-11 08:08:21 -------- d-sh--w- C:\found.005
2011-06-10 19:55:49 -------- dc----w- c:\program files\bonjour
2011-06-10 18:29:10 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-06-10 14:41:48 -------- d-----w- c:\users\nmo009\appdata\local\NPE
2011-06-09 19:26:29 -------- dc----w- c:\program files\uTorrent
2011-06-09 19:03:33 -------- d-----w- c:\programdata\UAB
2011-06-09 19:03:30 -------- dc----w- c:\users\nmo009\appdata\roaming\Drivers For Free
2011-06-09 18:35:35 -------- d-----w- c:\users\nmo009\appdata\local\Deployment
2011-06-09 18:19:03 -------- d-----w- c:\programdata\PCPitstop
2011-06-09 17:31:05 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-06-09 17:25:20 -------- d-----w- c:\programdata\Innovative Solutions
2011-06-09 17:15:23 -------- d-----w- c:\users\nmo009\appdata\local\Innovative Solutions
2011-06-09 17:15:15 -------- dc----w- c:\program files\Innovative Solutions
2011-06-09 15:18:23 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-06-09 15:18:23 -------- dc----w- c:\program files\Symantec
2011-06-09 15:18:05 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2011-06-09 15:18:05 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-06-09 15:18:05 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-06-09 15:18:05 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2011-06-09 15:18:05 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-06-09 15:18:05 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2011-06-09 15:17:56 -------- dc----w- c:\program files\Norton 360
2011-06-09 15:17:50 -------- dc----w- c:\program files\NortonInstaller
2011-06-08 20:49:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-08 11:04:25 -------- dc----w- c:\users\nmo009\FrostWire
2011-06-08 08:07:05 -------- dc----w- c:\program files\iPod
2011-06-07 21:04:28 -------- d-----w- c:\windows\system32\SPReview
2011-05-31 13:26:30 -------- dc----w- c:\users\nmo009\Tracing
2011-05-31 11:43:33 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-31 11:42:39 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-05-30 19:39:39 2614784 ----a-w- c:\windows\explorer.exe
2011-05-30 19:39:33 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-30 19:39:19 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-30 19:39:13 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-30 19:37:37 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-30 13:29:51 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-05-30 11:25:31 -------- dc----w- c:\users\nmo009\appdata\roaming\Dell
2011-05-28 10:45:48 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-28 10:45:47 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-28 10:21:43 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-28 10:21:43 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-28 10:21:43 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-28 10:21:03 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-28 10:21:03 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-28 10:21:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-05-28 10:21:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-28 10:18:56 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 10:18:20 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-05-28 10:17:07 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-28 10:16:03 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-28 10:16:02 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-28 10:15:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-28 10:15:49 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-28 10:15:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-28 10:15:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-28 10:14:59 123904 ----a-w- c:\windows\system32\poqexec.exe
.
==================== Find3M ====================
.
2011-06-11 07:49:56 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-06 13:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 13:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-16 15:52:53 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-03-16 15:52:50 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-16 15:51:52 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-16 15:51:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-16 15:51:52 107520 ----a-w- c:\windows\system32\cdd.dll
.
============= FINISH: 13:21:52.98 ===============


Ark.txt log:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-12 14:59:23
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD25 rev.01.0
Running: s4k7i41u.exe; Driver: C:\Users\nmo009\AppData\Local\Temp\fxdiqpog.sys

---- System - GMER 1.0.15 ----
SSDT 8839A440 ZwAlertResumeThread
SSDT 8839A048 ZwAlertThread
SSDT 883B41B8 ZwAllocateVirtualMemory
SSDT 87582FB0 ZwAlpcConnectPort
SSDT 883D4F50 ZwAssignProcessToJobObject
SSDT 883B4878 ZwCreateMutant
SSDT 883AEA98 ZwCreateSymbolicLinkObject
SSDT 883AF330 ZwCreateThread
SSDT 883AEB68 ZwCreateThreadEx
SSDT 883CF350 ZwDebugActiveProcess
SSDT 883B4310 ZwDuplicateObject
SSDT 883B4FC0 ZwFreeVirtualMemory
SSDT 883A07D8 ZwImpersonateAnonymousToken
SSDT 8839C610 ZwImpersonateThread
SSDT 87574890 ZwLoadDriver
SSDT 883B4EE0 ZwMapViewOfSection
SSDT 883A00F8 ZwOpenEvent
SSDT 883B4008 ZwOpenProcess
SSDT 88329A10 ZwOpenProcessToken
SSDT 883A6750 ZwOpenSection
SSDT 883B43E0 ZwOpenThread
SSDT 883AEC48 ZwProtectVirtualMemory
SSDT 8835A7D0 ZwResumeThread
SSDT 8832CA90 ZwSetContextThread
SSDT 883B4D88 ZwSetInformationProcess
SSDT 883CA750 ZwSetSystemInformation
SSDT 883A3E10 ZwSuspendProcess
SSDT 88354E50 ZwSuspendThread
SSDT 8833ACD0 ZwTerminateProcess
SSDT 88330890 ZwTerminateThread
SSDT 88354048 ZwUnmapViewOfSection
SSDT 883B40E8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83056569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307B092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 83082834 8 Bytes [40, A4, 39, 88, 48, A0, 39, ...] {INC EAX; MOVSB ; CMP [EAX-0x77c65fb8], ECX}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8308284C 4 Bytes [B8, 41, 3B, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 83082858 4 Bytes [B0, 2F, 58, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 830828AC 4 Bytes [50, 4F, 3D, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 83082928 4 Bytes [78, 48, 3B, 88]
.text ...
.text sptd.sys 8B6BC001 31 Bytes [67, 42, 83, A6, 01, 43, 83, ...]
.text sptd.sys 8B6BC024 408 Bytes [15, 7D, 0D, 83, AB, 2B, 13, ...]
.text sptd.sys 8B6BC1BD 15 Bytes [1E, 05, 83, 7C, 4E, 27, 83, ...]
.text sptd.sys 8B6BC1D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
.text sptd.sys 8B6BC1DC 1 Byte [02]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B7669E3]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
PAGE PCIIDEX.SYS!DllUnload 8B891606 5 Bytes JMP 85B551C8
PAGE ataport.SYS!DllUnload + 1 8B98AAD7 4 Bytes JMP 85B501C9
.text USBPORT.SYS!DllUnload 961C2CA0 5 Bytes JMP 85BCC410
? C:\Users\nmo009\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtMapViewOfSection 77574ED0 5 Bytes JMP 0253003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtSetInformationProcess 77575920 5 Bytes JMP 025300F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!GetSystemPowerStatus + AE 758585A2 7 Bytes JMP 02530266
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!TerminateProcess + B 758650A6 7 Bytes JMP 025303D2
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CloseHandle + 38 7587060F 7 Bytes JMP 0253031C
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreateThread 7587281D 5 Bytes JMP 6C417133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!GetFileAttributesA + 13 75872A52 7 Bytes JMP 02530488
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!GetProfileStringW + 31 758885BC 7 Bytes JMP 025301B0
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateDialogParamW 770E9BFF 5 Bytes JMP 6C5A5C79 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!EnableWindow 770EA72E 5 Bytes JMP 6C459884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!GetAsyncKeyState 770EC09A 5 Bytes JMP 6C3FDC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!UnhookWindowsHookEx 770ECC7B 5 Bytes JMP 6C49EB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CallNextHookEx 770ECC8F 5 Bytes JMP 6C477AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DefWindowProcA 770EE0E4 7 Bytes JMP 6C419345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExA 770EE18A 5 Bytes JMP 6C423173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExW 770F0E51 5 Bytes JMP 6C47FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWindowsHookExW 770F210A 5 Bytes JMP 6C451FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!GetKeyState 770F4FDA 5 Bytes JMP 6C3FDAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!IsDialogMessageW 770F6F06 5 Bytes JMP 6C5A6406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DefWindowProcW 770F724B 7 Bytes JMP 6C477B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateDialogParamA 77103E79 5 Bytes JMP 6C5A5C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!IsDialogMessage 7710407A 5 Bytes JMP 6C5A63DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateDialogIndirectParamA 77109110 5 Bytes JMP 6C5A5CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateDialogIndirectParamW 771108AD 5 Bytes JMP 6C5A5CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamW 77114AA7 5 Bytes JMP 6C5A590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!EndDialog 7711555C 5 Bytes JMP 6C5A66B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamW 7711564A 5 Bytes JMP 6C3B15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SetKeyboardState 77116B52 5 Bytes JMP 6C5A6CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SendInput 77117055 5 Bytes JMP 6C5A6C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SetCursorPos 7712C1D8 5 Bytes JMP 6C5A6D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamA 7712CF6A 5 Bytes JMP 6C5A58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamA 7712D29C 5 Bytes JMP 6C5A5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectA 7713E8C9 5 Bytes JMP 6C5A5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectW 7713E9C3 5 Bytes JMP 6C5A57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA 7713EA29 5 Bytes JMP 6C5A5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExW 7713EA4D 5 Bytes JMP 6C5A56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!keybd_event 7713EC9B 5 Bytes JMP 6C5A6C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] SHELL32.dll!SHChangeNotification_Lock + 45BA 75DAB440 4 Bytes [37, 01, 10, 6F] {AAA ; ADD [EAX], EDX; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] SHELL32.dll!SHChangeNotification_Lock + 45C2 75DAB448 8 Bytes [60, 61, 0F, 6F, E1, F6, 0F, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!OleLoadFromStream 76C15BF6 5 Bytes JMP 6C5A6110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!CoGetContextToken + 5C0 76C4A38F 7 Bytes JMP 0253053E
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!CoCreateInstance 76C6590C 5 Bytes JMP 6C47B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!CoCreateInstance + 3E 76C6594A 7 Bytes JMP 025305F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!EnableWindow 770EA72E 5 Bytes JMP 6C459884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamW 77114AA7 5 Bytes JMP 6C5A590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamW 7711564A 5 Bytes JMP 6C3B15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamA 7712CF6A 5 Bytes JMP 6C5A58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamA 7712D29C 5 Bytes JMP 6C5A5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectA 7713E8C9 5 Bytes JMP 6C5A5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectW 7713E9C3 5 Bytes JMP 6C5A57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxExA 7713EA29 5 Bytes JMP 6C5A5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxExW 7713EA4D 5 Bytes JMP 6C5A56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] ntdll.dll!NtMapViewOfSection 77574ED0 5 Bytes JMP 0253003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] ntdll.dll!NtSetInformationProcess 77575920 5 Bytes JMP 025300F7
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] kernel32.dll!GetSystemPowerStatus + AE 758585A2 7 Bytes JMP 02530266
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] kernel32.dll!TerminateProcess + B 758650A6 7 Bytes JMP 025303D2
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] kernel32.dll!CloseHandle + 38 7587060F 7 Bytes JMP 0253031C
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] kernel32.dll!CreateThread 7587281D 5 Bytes JMP 6C417133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] kernel32.dll!GetFileAttributesA + 13 75872A52 7 Bytes JMP 02530488
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] kernel32.dll!GetProfileStringW + 31 758885BC 7 Bytes JMP 025301B0
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogParamW 770E9BFF 5 Bytes JMP 6C5A5C79 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!EnableWindow 770EA72E 5 Bytes JMP 6C459884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!GetAsyncKeyState 770EC09A 5 Bytes JMP 6C3FDC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!UnhookWindowsHookEx 770ECC7B 5 Bytes JMP 6C49EB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CallNextHookEx 770ECC8F 5 Bytes JMP 6C477AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DefWindowProcA 770EE0E4 7 Bytes JMP 6C419345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateWindowExA 770EE18A 5 Bytes JMP 6C423173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateWindowExW 770F0E51 5 Bytes JMP 6C47FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SetWindowsHookExW 770F210A 5 Bytes JMP 6C451FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!GetKeyState 770F4FDA 5 Bytes JMP 6C3FDAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!IsDialogMessageW 770F6F06 5 Bytes JMP 6C5A6406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DefWindowProcW 770F724B 7 Bytes JMP 6C477B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogParamA 77103E79 5 Bytes JMP 6C5A5C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!IsDialogMessage 7710407A 5 Bytes JMP 6C5A63DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogIndirectParamA 77109110 5 Bytes JMP 6C5A5CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogIndirectParamW 771108AD 5 Bytes JMP 6C5A5CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxIndirectParamW 77114AA7 5 Bytes JMP 6C5A590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!EndDialog 7711555C 5 Bytes JMP 6C5A66B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxParamW 7711564A 5 Bytes JMP 6C3B15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SetKeyboardState 77116B52 5 Bytes JMP 6C5A6CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SendInput 77117055 5 Bytes JMP 6C5A6C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SetCursorPos 7712C1D8 5 Bytes JMP 6C5A6D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxParamA 7712CF6A 5 Bytes JMP 6C5A58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxIndirectParamA 7712D29C 5 Bytes JMP 6C5A5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxIndirectA 7713E8C9 5 Bytes JMP 6C5A5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxIndirectW 7713E9C3 5 Bytes JMP 6C5A57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxExA 7713EA29 5 Bytes JMP 6C5A5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxExW 7713EA4D 5 Bytes JMP 6C5A56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!keybd_event 7713EC9B 5 Bytes JMP 6C5A6C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] SHELL32.dll!SHChangeNotification_Lock + 45BA 75DAB440 4 Bytes [37, 01, 10, 6F] {AAA ; ADD [EAX], EDX; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] SHELL32.dll!SHChangeNotification_Lock + 45C2 75DAB448 8 Bytes [60, 61, 0F, 6F, E1, F6, 0F, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!OleLoadFromStream 76C15BF6 5 Bytes JMP 6C5A6110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!CoGetContextToken + 5C0 76C4A38F 7 Bytes JMP 0253053E
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!CoCreateInstance 76C6590C 5 Bytes JMP 6C47B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!CoCreateInstance + 3E 76C6594A 7 Bytes JMP 025305F8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85B6E1E8
Device \FileSystem\fastfat \FatCdrom C64641E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{12DB6556-C169-475E-B115-368D8314E9EA} 877D71E8
Device \Driver\usbuhci \Device\USBPDO-0 8850B1E8
Device \Driver\usbuhci \Device\USBPDO-1 8850B1E8
Device \Driver\usbehci \Device\USBPDO-2 8844E430
Device \Driver\usbuhci \Device\USBPDO-4 8850B1E8
Device \Driver\usbuhci \Device\USBPDO-5 8850B1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F03439C7-005D-4087-84A1-D1A833373F5B} 877D71E8
Device \Driver\usbehci \Device\USBPDO-6 8844E430
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 877621E8
Device \Driver\ACPI_HAL \Device\00000059 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85B6C1E8
Device \Driver\iaStor \Device\Ide\iaStor0 [8B8EBD80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 85B6C1E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B8EBD80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 877D71E8
Device \Driver\usbuhci \Device\USBFDO-0 8850B1E8
Device \Driver\usbuhci \Device\USBFDO-1 8850B1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC289959-613D-410E-A085-F40B1E1AE96C} 877D71E8
Device \Driver\usbehci \Device\USBFDO-2 8844E430
Device \Driver\usbuhci \Device\USBFDO-3 8850B1E8
Device \Driver\usbuhci \Device\USBFDO-4 8850B1E8
Device \Driver\usbuhci \Device\USBFDO-5 8850B1E8
Device \Driver\usbehci \Device\USBFDO-6 8844E430
Device \FileSystem\fastfat \Fat C64641E8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F9BF2B58-27ED-4F99-8403-ABA9858FFBAD}\Connection@Name isatap.{F03439C7-005D-4087-84A1-D1A833373F5B}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{E78B30A2-D886-452E-8FB6-A870E93C0AC9}?\Device\{5DA6FB50-CCD0-4511-B218-AB78720E6DBF}?\Device\{F9BF2B58-27ED-4F99-8403-ABA9858FFBAD}?\Device\{219D3AC4-8B0E-4774-9223-E6064C009A1D}?\Device\{153902D5-5F5E-44D6-8178-DED254CEFF2B}?\Device\{89215946-14E2-42ED-B7FF-F502FCDBEC23}?\Device\{5D9C5C12-E40F-4CF5-8EDC-AA93B2768EA9}?\Device\{1195DC63-3E46-422D-9AA9-06D51D9A0C71}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{E78B30A2-D886-452E-8FB6-A870E93C0AC9}"?"{5DA6FB50-CCD0-4511-B218-AB78720E6DBF}"?"{F9BF2B58-27ED-4F99-8403-ABA9858FFBAD}"?"{219D3AC4-8B0E-4774-9223-E6064C009A1D}"?"{153902D5-5F5E-44D6-8178-DED254CEFF2B}"?"{89215946-14E2-42ED-B7FF-F502FCDBEC23}"?"{5D9C5C12-E40F-4CF5-8EDC-AA93B2768EA9}"?"{1195DC63-3E46-422D-9AA9-06D51D9A0C71}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{E78B30A2-D886-452E-8FB6-A870E93C0AC9}?\Device\TCPIP6TUNNEL_{5DA6FB50-CCD0-4511-B218-AB78720E6DBF}?\Device\TCPIP6TUNNEL_{F9BF2B58-27ED-4F99-8403-ABA9858FFBAD}?\Device\TCPIP6TUNNEL_{219D3AC4-8B0E-4774-9223-E6064C009A1D}?\Device\TCPIP6TUNNEL_{153902D5-5F5E-44D6-8178-DED254CEFF2B}?\Device\TCPIP6TUNNEL_{89215946-14E2-42ED-B7FF-F502FCDBEC23}?\Device\TCPIP6TUNNEL_{5D9C5C12-E40F-4CF5-8EDC-AA93B2768EA9}?\Device\TCPIP6TUNNEL_{1195DC63-3E46-422D-9AA9-06D51D9A0C71}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F9BF2B58-27ED-4F99-8403-ABA9858FFBAD}@InterfaceName isatap.{F03439C7-005D-4087-84A1-D1A833373F5B}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F9BF2B58-27ED-4F99-8403-ABA9858FFBAD}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x09 0xA0 0x97 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x09 0xA0 0x97 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0xA2 0xF3 0xE0 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0xAA 0x2E 0x0D 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq1@hdf12 0x6B 0xB1 0x44 0x3F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 936
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{BEDAA59D-4499-11DD-ABF2-806E6F6E6963} 17870135488
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72B4E055-3201-9BB4-DEFA-23660A5F169A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72B4E055-3201-9BB4-DEFA-23660A5F169A}@danjiaje 0x64 0x62 0x6D 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72B4E055-3201-9BB4-DEFA-23660A5F169A}@iaihaeddophcbcpipg 0x6A 0x61 0x65 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72B4E055-3201-9BB4-DEFA-23660A5F169A}@haohlgfnnckanmha 0x6A 0x61 0x65 0x67 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
kaboosh's Avatar
kaboosh kaboosh is offline
Computer Specs
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Kuwait
Experience: Beginner
14-Jun-2011, 09:40 AM #2
Now, it seems to get worse.. I can't even open up a few of my programs and I'm getting errors while just opening Adobe reader! And more and more pop ups are popping.
Please help!!!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
bad image error, pop up alert messages, system 32 problems, urgent!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑