[HELP] Explorer.exe memory usage never drop !

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Technical Support

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

[HELP] Explorer.exe memory usage never drop !, pls help

views

TSquanonly90	Jan 3 2010, 09:19 AM, updated 16y ago Show posts by this member only \| Post #1
Getting Started Junior Member 90 posts Joined: Jun 2009	My explorer.exe consuming 900mb memory ! and end up it terminates when i enjoy playing games ! i notice tat the memory usage keep on increasing ONLY ! never want to drop ! please help me out ! Using windows 7 6.1.7600 (RTM)
Card PM	Report Top Like Quote Reply

kingkingyyk	Jan 3 2010, 10:11 AM Show posts by this member only \| Post #2
10k Club Elite 15,694 posts Joined: Mar 2008	Do you use 64bit of Windows 7? My 32bit Windows 7
Card PM	Report Top Like Quote Reply

gnush85	Jan 3 2010, 10:15 AM Show posts by this member only \| Post #3
Customizy Senior Member 1,012 posts Joined: Aug 2007 From: Heaven of Hell	QUOTE(quanonly90 @ Jan 3 2010, 09:19 AM) My explorer.exe consuming 900mb memory ! and end up it terminates when i enjoy playing games ! i notice tat the memory usage keep on increasing ONLY ! never want to drop ! please help me out ! Using windows 7 6.1.7600 (RTM) what game you play?and can you pls post hijackthis log?
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 5 2010, 12:51 AM Show posts by this member only \| Post #4
Getting Started Junior Member 90 posts Joined: Jun 2009	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:51:13 AM QuaNonLy, on 1/5/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\DAODx.exe C:\Program Files\ASUS\EPU\EPU.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\PPStream\PPSAP.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\explorer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Program Files\Internet Explorer\iexplore.exe C:\TDDOWNLOAD\~SOFTWARES\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 7095 bytes
Card PM	Report Top Like Quote Reply

chrisling	Jan 5 2010, 09:58 AM Show posts by this member only \| Post #5
Helper Trainee+ Senior Member 1,684 posts Joined: Nov 2006 From: KL	Your log looks good. By the way since you're using Windows 7, those experts haven't really yet to modify their analysis tools into Windows 7 capable. Anyway you can try to download, update and run Malwarebyte's Anti Malware (MBAM), it's an anti-spyware program. Please provide us the log file after the scanning.
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 6 2010, 12:41 PM Show posts by this member only \| Post #6
Getting Started Junior Member 90 posts Joined: Jun 2009	Malwarebytes' Anti-Malware 1.43 Database version: 3496 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 1/6/2010 12:38:36 PM QuaNonly mbam-log-2010-01-06 (12-38-31).txt Scan type: Full Scan (C:\\|D:\\|E:\\|F:\\|G:\\|) Objects scanned: 322709 Time elapsed: 1 hour(s), 7 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Thunder (Trojan.Agent) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: D:\Backup\Program\RealPlayer 11.0.2 Incl Patch.www.sxforum.org\Activator.exe (Trojan.Agent) -> No action taken.
Card PM	Report Top Like Quote Reply

chrisling	Jan 6 2010, 01:54 PM Show posts by this member only \| Post #7
Helper Trainee+ Senior Member 1,684 posts Joined: Nov 2006 From: KL	Please proceed to the deletion of the found threat with MBAM. And check back whether the problem persists.
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 8 2010, 12:33 AM Show posts by this member only \| Post #8
Getting Started Junior Member 90 posts Joined: Jun 2009	still same ... please help !
Card PM	Report Top Like Quote Reply

chrisling	Jan 8 2010, 09:30 AM Show posts by this member only \| Post #9
Helper Trainee+ Senior Member 1,684 posts Joined: Nov 2006 From: KL	Please do these, 1. Download ATF Cleaner Save it to your Desktop. Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. If you use Firefox browser, do this also: Click Firefox at the top and choose Select All from the list. Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: Click Opera at the top and choose Select All from the list. Click the Empty Selected button. NOTE: : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. 2. Download Random's System Information Tool (RSIT) by random/random from >>here<< and save it to your desktop. Double click on RSIT.exe to launch program. Click Continue at the disclaimer screen. Your firewall may alert you that RSIT is requesting Internet access. Please allow it. Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Post the two logs in your next reply.
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 8 2010, 04:39 PM Show posts by this member only \| Post #10
Getting Started Junior Member 90 posts Joined: Jun 2009	done cleaning using atf, but i get Autoit error when try to run the RSIT
Card PM	Report Top Like Quote Reply

mumeichan	Jan 8 2010, 06:57 PM Show posts by this member only \| Post #11
Member Senior Member 4,152 posts Joined: May 2005	Your Windows is probably broken, somehow or rather. It's a complex program, with bugs. I suggest do a clean install, maybe try a different install disc.
Card PM	Report Top Like Quote Reply

chrisling	Jan 8 2010, 09:22 PM Show posts by this member only \| Post #12
Helper Trainee+ Senior Member 1,684 posts Joined: Nov 2006 From: KL	The RSIT by random is perfect, but sadly as I had said before, those analysis tool hasn't really gone to Windows 7 version. We need to give more time for the developer to actually make it compatible with newer OS. Please do this: Download DDS and save it to your desktop from here or here. Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: 1. DDS.txt 2. Attach.txt Save both reports to your desktop. Please include the following logs in your thread: Contents of the DDS.txt posted as text in your reply Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 9 2010, 03:04 AM Show posts by this member only \| Post #13
Getting Started Junior Member 90 posts Joined: Jun 2009	DDS (Ver_09-12-01.01) - NTFSx86 Run by QTech at 3:02:28.83 on 01/09/2010 Sat Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.3327.1738 [GMT 8:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ATKFUSService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\System32\ASDR.exe C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\EPU\EPU.exe C:\Windows\DAODx.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\PPStream\PPSAP.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\ASUS\Ai Suite\AiSuite.exe C:\Program Files\ASUS\AASP\1.00.95\aaCenter.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\explorer.exe C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderService.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\QTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q59A2EO\dds[1].scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [TurboV] "c:\program files\asus\turbov\TurboV.exe" mRun: [Ai Nap] "c:\program files\asus\ai suite\q-button\QButton.exe" mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe" mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe" mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 0.0.0.0 notice.asdf.com Hosts: 0.0.0.0 update.asdf.cn ================= FIREFOX =================== FF - ProfilePath - c:\users\qtech\appdata\roaming\mozilla\firefox\profiles\h9e4g7qv.default\ FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(427).dll FF - plugin: c:\users\qtech\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 hugoio;hugoio;c:\program files\i-menu\hugoio.sys [2009-12-31 9760] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032] R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-14 90112] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-16 12672] R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960] R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 38240] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-14 1047552] S3 AODDriver;AODDriver;c:\program files\amd\overdrive\i386\AODDriver.sys [2009-4-22 7680] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 flying spaghetti monsterPEngine;flying spaghetti monsterPEngine;c:\users\qtech\appdata\local\temp\FYZ9082.tmp [2010-1-9 25616] S4 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-4-22 124256] =============== Created Last 30 ================ 2010-01-08 08:18:19 1908 ----a-w- c:\windows\diagwrn.xml 2010-01-08 08:18:19 1908 ----a-w- c:\windows\diagerr.xml 2010-01-07 21:46:37 12 ---h--w- c:\windows\system32\%sdvmexp.idx 2010-01-06 12:57:26 22 ----a-w- c:\windows\system32\mylk.dat 2010-01-06 12:57:02 0 d-----w- c:\program files\KWMUSIC 2010-01-05 16:32:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-05 16:32:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-03 01:44:25 0 dc-h--w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2010-01-01 16:25:00 1285712 ----a-w- c:\windows\system32\drivers\tcpip.sys.do 2010-01-01 16:24:46 0 d-----w- c:\users\qtech\funshion 2010-01-01 16:24:46 0 d-----w- c:\program files\Funshion Online 2009-12-30 21:39:49 0 d-----w- c:\programdata\ATI 2009-12-30 21:37:23 0 d-----w- c:\program files\common files\ATI Technologies 2009-12-30 21:35:36 0 d-----w- c:\program files\ATI Technologies 2009-12-30 18:32:21 0 d-----w- c:\program files\i-Menu 2009-12-30 16:05:16 0 d-----w- c:\program files\Yamicsoft 2009-12-30 15:49:56 0 dc-h--w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275} 2009-12-29 07:03:26 0 d-----w- c:\users\qtech\appdata\roaming\Activision 2009-12-29 07:03:26 0 d-----w- c:\programdata\Activision 2009-12-28 13:37:20 0 d-----w- c:\users\qtech\appdata\roaming\Malwarebytes 2009-12-28 13:37:15 0 d-----w- c:\programdata\Malwarebytes 2009-12-28 13:37:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 09:34:13 0 d-----w- c:\users\qtech\XP-Turbo-Theme.part 2009-12-28 09:32:20 0 d-----w- c:\users\qtech\.tucan 2009-12-28 09:32:10 0 d-----w- C:\Tucan 2009-12-28 06:52:32 25 ----a-w- c:\windows\msgtn.ini 2009-12-27 18:57:13 0 dc-h--w- c:\programdata\{ADCC9DAF-34D1-4565-92F1-DDB872DCF596} 2009-12-27 18:54:11 95 ----a-w- c:\windows\PCDNSetting.ini 2009-12-27 18:40:25 60 ----a-w- c:\windows\MediaList.ini 2009-12-27 18:40:25 140 ----a-w- c:\windows\powerlist.ini 2009-12-27 18:39:35 925 ----a-w- c:\windows\psnetwork.ini 2009-12-27 18:39:34 1365 ----a-w- c:\windows\powerplayer.ini 2009-12-27 18:39:31 0 d-----w- c:\program files\PPStream 2009-12-27 12:54:36 0 dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} 2009-12-27 11:50:29 2516 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-12-27 11:36:01 0 d-----w- c:\windows\system32\appmgmt 2009-12-25 18:04:03 271274883 ----a-w- c:\windows\MEMORY.DMP 2009-12-23 16:41:25 0 d-----w- c:\program files\MSXML 4.0 2009-12-22 15:35:33 0 dc-h--w- c:\programdata\{2F7D775B-B5D8-465D-ADE2-8E3DFECC3B38} 2009-12-22 15:20:47 82432 ----a-w- c:\windows\system32\msxml4r.dll 2009-12-22 15:20:47 44544 ----a-w- c:\windows\system32\msxml4a.dll 2009-12-22 15:20:47 0 d-----w- c:\program files\common files\SourceTec 2009-12-22 15:20:42 0 d-----w- c:\program files\SourceTec 2009-12-22 11:30:11 0 d-----w- C:\my flashes 2009-12-22 11:29:06 0 d-----w- c:\program files\Flash Saver 2009-12-22 03:14:44 0 d-----w- c:\programdata\Electronic Arts 2009-12-22 02:56:04 0 d-----w- c:\program files\Microsoft WSE 2009-12-18 11:43:02 0 d-----w- c:\windows\AsDmiHtm 2009-12-18 06:59:49 0 d-----w- c:\program files\SpeedFan 2009-12-18 06:59:47 45 ----a-w- c:\windows\system32\initdebug.nfo 2009-12-17 11:34:27 0 d-----w- c:\program files\Total Video Converter 2009-12-16 02:32:27 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys 2009-12-16 02:32:26 0 d-----w- c:\program files\CPUID 2009-12-15 16:57:50 0 d-----w- c:\program files\Lavalys 2009-12-15 16:36:03 54156 ---ha-w- c:\windows\QTFont.qfn 2009-12-15 16:36:03 1409 ----a-w- c:\windows\QTFont.for 2009-12-15 15:57:22 86016 ----a-w- c:\windows\system32\OpenAL32.dll 2009-12-15 15:57:22 262144 ----a-w- c:\windows\system32\wrap_oal.dll 2009-12-15 15:37:49 6173 ----a-w- c:\windows\system32\drivers\Entech.vxd 2009-12-15 15:37:49 3972 ----a-w- c:\windows\system32\drivers\PciBus.sys 2009-12-15 15:37:49 27672 ----a-w- c:\windows\system32\drivers\Entech.sys 2009-12-15 15:37:49 12744 ----a-w- c:\windows\system32\drivers\Entech64.sys 2009-12-15 15:37:49 0 d-----w- c:\windows\system32\Futuremark 2009-12-15 15:36:29 0 d-----w- c:\program files\Futuremark 2009-12-15 12:58:35 0 d-----w- c:\users\qtech\appdata\roaming\Ubisoft 2009-12-15 12:58:35 0 d-----w- c:\programdata\Ubisoft 2009-12-15 09:24:35 0 d-----w- c:\programdata\BioWare 2009-12-15 04:42:31 0 d-----w- c:\program files\Rockstar Games 2009-12-15 03:05:18 197632 ----a-w- c:\windows\system32\CNMLM87.DLL 2009-12-15 03:05:16 57344 ----a-w- c:\windows\system32\CNCI600.DLL 2009-12-15 03:05:16 135168 ----a-w- c:\windows\system32\CNCL600.DLL 2009-12-15 03:05:16 1298432 ----a-w- c:\windows\system32\CNCC600.DLL 2009-12-15 03:05:16 106496 ----a-w- c:\windows\system32\cnco600.dll 2009-12-15 02:39:24 0 d-----w- c:\program files\Canon 2009-12-15 02:37:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-15 02:37:08 0 d--h--w- c:\programdata\CanonBJ 2009-12-15 02:32:48 0 d-----w- c:\users\qtech\appdata\roaming\PPStream 2009-12-15 02:23:03 22328 ----a-w- c:\users\qtech\appdata\roaming\PnkBstrK.sys 2009-12-15 02:19:59 0 d-----w- c:\program files\flying spaghetti monster 2009-12-15 02:19:12 107832 ----a-w- c:\users\qtech\appdata\roaming\PnkBstrB.exe 2009-12-15 02:19:08 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-15 02:19:07 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-15 02:19:06 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2009-12-15 02:10:01 0 d-----w- c:\windows\system32\AGEIA 2009-12-15 02:09:48 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-12-15 01:57:44 0 d-----w- c:\program files\Dragon Age 2009-12-15 01:57:44 0 d-----w- c:\program files\common files\BioWare 2009-12-15 01:41:13 32656 ----a-w- c:\windows\system32\msonpmon.dll 2009-12-15 01:38:17 0 d-----w- c:\program files\Microsoft Visual Studio 8 2009-12-15 01:37:23 0 d-----w- c:\programdata\Microsoft Help 2009-12-15 01:15:24 0 d-----w- c:\users\qtech\appdata\roaming\Uniblue 2009-12-15 01:15:24 0 d-----w- c:\programdata\DriverScanner 2009-12-15 01:15:24 0 d-----w- c:\program files\Uniblue 2009-12-15 01:12:12 0 dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2009-12-15 01:10:47 0 d-----w- c:\program files\Sierra Entertainment 2009-12-15 01:07:54 0 d-----w- c:\programdata\Media Center Programs 2009-12-15 01:00:35 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-14 23:16:12 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-14 23:13:02 0 d-----w- c:\windows\Panther 2009-12-14 15:01:34 0 d-----w- c:\windows\system32\xlive 2009-12-14 15:01:33 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-12-14 14:43:58 0 d-----w- c:\users\qtech\appdata\roaming\Stardock 2009-12-14 14:42:28 0 dc-h--w- c:\programdata\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9} 2009-12-14 14:40:13 0 d-----w- c:\programdata\Stardock 2009-12-14 14:40:13 0 d-----w- c:\program files\Stardock 2009-12-14 14:39:54 0 dc-h--w- c:\programdata\{BE672698-4DAC-4C83-9056-C07C3170F628} 2009-12-14 14:39:19 0 d-----w- c:\program files\Stardock Games 2009-12-14 14:27:55 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-12-14 14:02:25 0 d-----w- c:\program files\Activision 2009-12-14 10:07:40 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-14 10:06:51 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-14 09:56:38 0 d-----w- c:\users\qtech\appdata\roaming\ESET 2009-12-14 09:55:14 0 d-----w- c:\programdata\ESET 2009-12-14 09:55:14 0 d-----w- c:\program files\ESET 2009-12-14 09:42:51 0 d-----w- c:\programdata\Apple Computer 2009-12-14 09:42:49 0 d-----w- c:\program files\common files\Real 2009-12-14 09:42:48 0 d-----w- c:\program files\Ringz Studio 2009-12-14 09:38:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-14 09:37:47 0 d-----w- c:\program files\DAEMON Tools Lite 2009-12-14 09:37:30 0 d-----w- c:\users\qtech\appdata\roaming\DAEMON Tools Lite 2009-12-14 09:37:28 0 d-----w- c:\programdata\DAEMON Tools Lite 2009-12-14 09:06:18 0 d-----r- C:\TDDOWNLOAD 2009-12-14 09:06:05 20 ----a-w- c:\windows\system32\pub_store.dat 2009-12-14 09:06:04 0 d-----w- c:\programdata\Thunder Network 2009-12-14 09:06:03 0 d-----w- c:\program files\common files\Thunder Network 2009-12-14 09:06:01 0 d-----w- c:\program files\Thunder Network 2009-12-14 08:58:36 0 d-----w- c:\users\qtech\Tracing 2009-12-14 08:37:46 0 d-----w- c:\program files\Microsoft 2009-12-14 08:37:30 0 d-----w- c:\program files\Windows Live SkyDrive 2009-12-14 08:36:55 0 d-----w- c:\windows\PCHEALTH 2009-12-14 08:32:49 14336 ----a-w- c:\windows\system32\drivers\EIO.sys 2009-12-14 08:30:19 0 d-----w- c:\program files\common files\Windows Live 2009-12-14 08:04:38 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-14 07:59:23 0 d-----w- c:\programdata\Adobe 2009-12-14 07:59:22 0 d-----w- C:\ATI 2009-12-14 07:57:21 0 d-----w- c:\program files\Atheros Communications Inc 2009-12-14 07:57:06 0 d-----w- c:\programdata\ASUS OC Profiles 2009-12-14 07:56:18 15872 ----a-w- c:\windows\AsTaskSched.dll 2009-12-14 07:55:20 962612 ----a-w- c:\windows\system32\mfc42d.dll 2009-12-14 07:55:20 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL 2009-12-14 07:54:54 0 d-----w- c:\program files\AMD 2009-12-14 07:54:04 1746 ----a-w- c:\windows\Language_trs.ini 2009-12-14 07:49:35 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI 2009-12-14 07:47:39 0 d--h--w- c:\temp\dvmexp 2009-12-14 07:47:37 0 d--h--w- c:\temp\tmpdvmexp 2009-12-14 07:47:37 0 d--h--w- C:\temp 2009-12-14 07:47:37 0 d--h--w- C:\dvmexp 2009-12-14 07:47:22 0 d--h--w- C:\ASUS.000 2009-12-14 07:46:55 0 d--h--w- C:\ASUS.SYS 2009-12-14 07:46:20 0 d-----w- c:\program files\Downloaded Installations 2009-12-14 07:43:54 24576 ----a-r- c:\windows\system32\AsIO.dll 2009-12-14 07:43:54 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys 2009-12-14 07:43:51 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys 2009-12-14 07:43:51 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys 2009-12-14 07:43:51 0 d-----w- c:\program files\ASUS 2009-12-14 07:43:40 666 ----a-w- c:\windows\setup.iss 2009-12-14 07:43:20 47616 ----a-w- c:\windows\system32\drivers\L1E62x86.sys 2009-12-14 07:43:08 0 d-----w- c:\windows\system32\Atheros_L1e 2009-12-14 07:38:27 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys 2009-12-14 07:37:42 0 d-----w- c:\program files\ATI 2009-12-14 07:24:19 0 d-----w- c:\windows\system32\wbem\Performance 2009-12-14 07:24:14 0 d-----w- c:\windows\AsusInstAll 2009-12-14 07:23:44 0 d-----w- c:\program files\VIA 2009-12-14 07:22:56 24936 ----a-w- c:\windows\Ascd_tmp.ini ==================== Find3M ==================== 2009-11-30 10:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll 2009-11-30 10:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe 2009-11-25 03:51:32 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2009-11-25 03:18:02 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-11-25 03:17:34 368640 ----a-w- c:\windows\system32\atieclxx.exe 2009-11-25 03:17:04 172032 ----a-w- c:\windows\system32\atiesrxx.exe 2009-11-25 03:15:46 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2009-11-25 03:15:28 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2009-11-25 03:15:14 274432 ----a-w- c:\windows\system32\Oemdspif.dll 2009-11-25 03:15:04 11776 ----a-w- c:\windows\system32\atimuixx.dll 2009-11-25 03:14:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-11-25 03:12:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll 2009-11-25 02:55:58 3617792 ----a-w- c:\windows\system32\atiumdag.dll 2009-11-25 02:44:56 13487616 ----a-w- c:\windows\system32\atioglxx.dll 2009-11-25 02:37:58 2899968 ----a-w- c:\windows\system32\atiumdva.dll 2009-11-25 02:25:38 52224 ----a-w- c:\windows\system32\atimpc32.dll 2009-11-25 02:25:38 52224 ----a-w- c:\windows\system32\amdpcom32.dll 2009-11-25 02:25:06 225280 ----a-w- c:\windows\system32\atiadlxx.dll 2009-11-25 02:21:52 53248 ----a-w- c:\windows\system32\aticalrt.dll 2009-11-25 02:21:36 53248 ----a-w- c:\windows\system32\aticalcl.dll 2009-11-25 02:20:26 3629056 ----a-w- c:\windows\system32\aticaldd.dll 2009-11-25 02:10:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-11-24 07:20:48 90112 ----a-w- c:\windows\system32\atl71.dll 2009-11-24 07:20:48 503808 ----a-w- c:\windows\system32\msvcp71.dll 2009-11-24 07:20:48 1053696 ----a-w- c:\windows\system32\MFC71u.dll 2009-11-16 01:06:50 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys 2009-11-16 01:06:44 135048 ----a-w- c:\windows\system32\drivers\epfw.sys 2009-11-16 01:03:36 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-11-16 00:56:12 116520 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-11-06 02:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll 2009-11-06 02:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-10-22 15:59:00 196565 ----a-w- c:\windows\system32\atiicdxx.dat 2009-10-21 07:27:18 15360 ----a-w- c:\windows\system32\ATKOGL32.dll 2009-10-20 08:38:38 1335808 ----a-w- c:\windows\system32\ATKLUMDISP.dll 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 3:02:56.93 =============== Attached File(s) Attach.txt ( 7.39k ) Number of downloads: 4
Card PM	Report Top Like Quote Reply

chrisling	Jan 9 2010, 02:32 PM Show posts by this member only \| Post #14
Helper Trainee+ Senior Member 1,684 posts Joined: Nov 2006 From: KL	Can't see anything from your logs... Please download GMER from here: http://www.gmer.net/gmer.zip Unzip it to Desktop. Please close any open programs/windows! Open the program and click on the Rootkit/Malware tab. http://www.gmer.net/files.php Make sure all the boxes on the right of the screen are checked, apart from 'Show All'. Click on Scan (1). When the scan has run click Copy (2) and paste the results (if any) into this thread.
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 10 2010, 06:05 AM Show posts by this member only \| Post #15
Getting Started Junior Member 90 posts Joined: Jun 2009	GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-10 06:03:46 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\QTech\AppData\Local\Temp\fglcipog.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C132D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C12898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2B1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8A579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spcy.sys The system cannot find the path specified. ! PAGE dxgkrnl.sys!g_TdrForceTimeout + 9788 91A25800 11 Bytes [42, 39, 5D, 0C, 75, 28, C7, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 9794 91A2580C 10 Bytes [00, 33, FF, 47, 57, FF, 15, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 979F 91A25817 13 Bytes [50, 57, 89, 58, 0C, 89, 58, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 97AD 91A25825 185 Bytes [C7, 45, 10, 33, FB, FF, FF, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 9867 91A258DF 21 Bytes [C7, 45, 0C, 0A, FB, FF, FF, ...] PAGE ... PAGE dxgkrnl.sys!DpiGetDriverVersion + 96 91A30888 8 Bytes [00, 6A, 02, FF, D6, 83, 60, ...] PAGE dxgkrnl.sys!DpiGetDriverVersion + 9F 91A30891 21 Bytes [50, 6A, 02, 89, 58, 0C, FF, ...] PAGE dxgkrnl.sys!DpiGetDriverVersion + B5 91A308A7 1 Byte [90] PAGE dxgkrnl.sys!DpiGetDriverVersion + B5 91A308A7 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE dxgkrnl.sys!DpiGetDriverVersion + CD 91A308BF 11 Bytes [6A, 02, FF, 15, FC, 73, A1, ...] PAGE ... PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 7 91A8D677 50 Bytes [87, 01, F7, D8, 1B, C0, F7, ...] PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 43 91A8D6B3 37 Bytes CALL 91A8D30B \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 69 91A8D6D9 33 Bytes [6A, 03, 58, B9, 00, B0, A1, ...] PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 8B 91A8D6FB 69 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + D1 91A8D741 33 Bytes [3B, C7, 89, 46, 08, 7D, 02, ...] PAGE ... PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 37 91A8D920 34 Bytes [89, 86, B8, 0A, 00, 00, A1, ...] PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 5A 91A8D943 8 Bytes [F3, 90, 8B, 50, 04, 89, 56, ...] {PAUSE ; MOV EDX, [EAX+0x4]; MOV [ESI+0x54], EDX} PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 63 91A8D94C 37 Bytes [10, 89, 56, 50, 8B, 50, 08, ...] PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 89 91A8D972 5 Bytes [C7, 40, 0C, F0, 0A] PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 8F 91A8D978 63 Bytes [00, C7, 40, 10, 60, C0, A1, ...] PAGE ... PAGE dxgkrnl.sys!TdrCompleteRecoveryContext + D 91A8E7DA 22 Bytes [8B, 46, 1C, 85, C0, 74, 11, ...] PAGE dxgkrnl.sys!TdrCompleteRecoveryContext + 24 91A8E7F1 112 Bytes [FF, 56, B9, 48, B6, A1, 91, ...] PAGE dxgkrnl.sys!TdrIsRecoveryRequired + 20 91A8E862 151 Bytes [CE, BA, 7C, C0, A1, 91, F0, ...] PAGE dxgkrnl.sys!TdrIsRecoveryRequired + B8 91A8E8FA 16 Bytes CALL 91A8DD64 \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrIsRecoveryRequired + C9 91A8E90B 26 Bytes CALL 91A0E821 \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrIsRecoveryRequired + E4 91A8E926 28 Bytes [8B, 40, 04, 8B, 80, BC, 00, ...] PAGE dxgkrnl.sys!TdrIsRecoveryRequired + 102 91A8E944 44 Bytes [02, 75, 17, 8B, 46, 30, 0B, ...] PAGE ... PAGE dxgkrnl.sys!TdrResetFromTimeout + 46 91A8E9FF 179 Bytes [00, C0, EB, D3, 8B, C8, E8, ...] PAGE dxgkrnl.sys!TdrResetFromTimeout + FA 91A8EAB3 62 Bytes [06, 8B, CB, 2B, C8, 51, FF, ...] PAGE dxgkrnl.sys!TdrResetFromTimeout + 139 91A8EAF2 85 Bytes [83, 60, 0C, 00, 83, 60, 10, ...] PAGE dxgkrnl.sys!TdrResetFromTimeout + 18F 91A8EB48 42 Bytes CALL 91A12D8F \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrResetFromTimeout + 1BA 91A8EB73 179 Bytes [15, FC, 73, A1, 91, 83, 60, ...] PAGE ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92434000, 0x2CB104, 0xE8000020] .text USBPORT.SYS!DllUnload 91B15CA0 5 Bytes JMP 86EA84E0 .text a5srzgoj.SYS 91B3D000 12 Bytes [44, 58, C1, 82, EE, 56, C1, ...] .text a5srzgoj.SYS 91B3D00D 9 Bytes [37, C1, 82, 48, 5B, C1, 82, ...] .text a5srzgoj.SYS 91B3D017 20 Bytes [00, DE, 57, D1, 8B, E6, 55, ...] .text a5srzgoj.SYS 91B3D02C 149 Bytes [00, 00, 00, 00, D0, 51, C8, ...] .text a5srzgoj.SYS 91B3D0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... .text peauth.sys A2A0DC9D 2 Bytes [0F, 2E] .text peauth.sys A2A0DCC1 2 Bytes [0F, 2E] PAGE peauth.sys A2A13E20 101 Bytes [E4, FC, 8B, E0, CD, A8, 79, ...] PAGE peauth.sys A2A1402C 102 Bytes [47, F9, B1, 3C, EE, 86, F0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A2B94000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A2B94123 629 Bytes [F5, B8, A2, FE, 05, 34, F5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A2B94399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A2B943FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A2B944AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 76253142 4 Bytes [C2, 04, 00, 00] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BC19042] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BC196D6] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BC19800] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BC1913E] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetFilePointerEx] [01F46158] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetFileSizeEx] [01F46291] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSizeEx] [01F46291] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetOverlappedResult] [01F462D8] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetFileAttributesExA] [01F463D8] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetFileSizeEx] [01F46291] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetFilePointerEx] [01F46158] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileMappingA] [01F46421] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetOverlappedResult] [01F462D8] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetQueuedCompletionStatus] [01F4637F] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateIoCompletionPort] [01F4632B] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [01F45E80] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointerEx] [01F46158] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingA] [01F46421] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [01F45E80] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [01F45E80] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileMappingA] [01F46421] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateIoCompletionPort] [01F4632B] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetQueuedCompletionStatus] [01F4637F] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 866101F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\volmgr \Device\VolMgrControl 8660C1F8 Device \Driver\usbohci \Device\USBPDO-0 86EBB500 Device \Driver\usbohci \Device\USBPDO-1 86EBB500 Device \Driver\usbehci \Device\USBPDO-2 86EBD500 Device \Driver\NetBT \Device\NetBT_Tcpip_{CA108F1E-0803-4775-A3B9-596F5A3E967F} 86DD11F8 Device \Driver\usbohci \Device\USBPDO-3 86EBB500 Device \Driver\PCI_PNP1123 \Device\00000060 spcy.sys Device \Driver\usbohci \Device\USBPDO-4 86EBB500 Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-5 86EBD500 Device \Driver\usbohci \Device\USBPDO-6 86EBB500 Device \Driver\volmgr \Device\HarddiskVolume1 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 86CB51F8 Device \Driver\volmgr \Device\HarddiskVolume3 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 86CB51F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort0 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort1 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort2 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort3 8660E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 8660E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-6 8660E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 8660E1F8 Device \Driver\volmgr \Device\HarddiskVolume4 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume5 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume6 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 86DD11F8 Device \Driver\usbohci \Device\USBFDO-0 86EBB500 Device \Driver\usbohci \Device\USBFDO-1 86EBB500 Device \Driver\usbehci \Device\USBFDO-2 86EBD500 Device \Driver\usbohci \Device\USBFDO-3 86EBB500 Device \Driver\usbohci \Device\USBFDO-4 86EBB500 Device \Driver\usbehci \Device\USBFDO-5 86EBD500 Device \Driver\sptd \Device\2873703129 spcy.sys Device \Driver\usbohci \Device\USBFDO-6 86EBB500 Device \Driver\a5srzgoj \Device\Scsi\a5srzgoj1Port4Path0Target0Lun0 86D2B1F8 Device \Driver\a5srzgoj \Device\Scsi\a5srzgoj1 86D2B1F8 ---- Threads - GMER 1.0.15 ---- Thread System [4:276] 86E4A930 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f603bf6a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f603bf6a@0025e774e267 0x8F 0xF6 0x1D 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x22 0x25 0x5B 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x87 0x36 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x66 0x0B 0xB5 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f603bf6a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f603bf6a@0025e774e267 0x8F 0xF6 0x1D 0x93 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x22 0x25 0x5B 0x8B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x87 0x36 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x66 0x0B 0xB5 0xE3 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\146@DoneAddingCrawlSeeds 0 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected ---- EOF - GMER 1.0.15 ---- Added on January 10, 2010, 4:43 pmpls help Added on January 10, 2010, 5:58 pmsomeone ? Added on January 11, 2010, 9:50 amplease help me out !!! thanks. Added on January 11, 2010, 7:48 pmHELP me please ! This post has been edited by quanonly90: Jan 11 2010, 07:48 PM
Card PM	Report Top Like Quote Reply

chrisling	Jan 12 2010, 09:06 AM Show posts by this member only \| Post #16
Helper Trainee+ Senior Member 1,684 posts Joined: Nov 2006 From: KL	Please download the Sophos Anti-Rootkit Scanner and save it to your desktop. You will need to enter your name, e-mail address and location in order to access the download page. Once you have downloaded the file, double click the sarsfx icon Review the licence agreement and click on the Accept button The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan Allow the program to scan your computer - please be patient as it may take some time Once the scan has completed a window will pop-up with the results of the scan - click OK to this In the main window, you will see each of the entries found by the scan (if any) If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry To clean up these entries click on the Clean up checked items button If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so When you have re-booted, please post a fresh GMER log into this thread and tell me how your computer is running now Thanks
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 17 2010, 05:08 AM Show posts by this member only \| Post #17
Getting Started Junior Member 90 posts Joined: Jun 2009	i got it fixed after uninstall DeskScape. lol, thanks for your helps ! ty
Card PM	Report Top Like Quote Reply

« Next Oldest · Technical Support · Next Newest »

Add Reply Options

Change to:

0.0295sec

0.87

6 queries

GZIP Disabled
Time is now: 14th December 2025 - 06:48 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.