[HELP] Explorer.exe memory usage never drop !

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Technical Support

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

[HELP] Explorer.exe memory usage never drop !, pls help

views

TSquanonly90	Jan 3 2010, 09:19 AM, updated 16y ago Return to original view \| Post #1
Getting Started Junior Member 90 posts Joined: Jun 2009	My explorer.exe consuming 900mb memory ! and end up it terminates when i enjoy playing games ! i notice tat the memory usage keep on increasing ONLY ! never want to drop ! please help me out ! Using windows 7 6.1.7600 (RTM)
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 5 2010, 12:51 AM Return to original view \| Post #2
Getting Started Junior Member 90 posts Joined: Jun 2009	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:51:13 AM QuaNonLy, on 1/5/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\DAODx.exe C:\Program Files\ASUS\EPU\EPU.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\PPStream\PPSAP.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\explorer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Program Files\Internet Explorer\iexplore.exe C:\TDDOWNLOAD\~SOFTWARES\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 7095 bytes
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 6 2010, 12:41 PM Return to original view \| Post #3
Getting Started Junior Member 90 posts Joined: Jun 2009	Malwarebytes' Anti-Malware 1.43 Database version: 3496 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 1/6/2010 12:38:36 PM QuaNonly mbam-log-2010-01-06 (12-38-31).txt Scan type: Full Scan (C:\\|D:\\|E:\\|F:\\|G:\\|) Objects scanned: 322709 Time elapsed: 1 hour(s), 7 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Thunder (Trojan.Agent) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: D:\Backup\Program\RealPlayer 11.0.2 Incl Patch.www.sxforum.org\Activator.exe (Trojan.Agent) -> No action taken.
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 8 2010, 12:33 AM Return to original view \| Post #4
Getting Started Junior Member 90 posts Joined: Jun 2009	still same ... please help !
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 8 2010, 04:39 PM Return to original view \| Post #5
Getting Started Junior Member 90 posts Joined: Jun 2009	done cleaning using atf, but i get Autoit error when try to run the RSIT
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 9 2010, 03:04 AM Return to original view \| Post #6
Getting Started Junior Member 90 posts Joined: Jun 2009	DDS (Ver_09-12-01.01) - NTFSx86 Run by QTech at 3:02:28.83 on 01/09/2010 Sat Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.3327.1738 [GMT 8:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ATKFUSService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\System32\ASDR.exe C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\EPU\EPU.exe C:\Windows\DAODx.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\PPStream\PPSAP.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\ASUS\Ai Suite\AiSuite.exe C:\Program Files\ASUS\AASP\1.00.95\aaCenter.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\explorer.exe C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.56\ThunderService.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\QTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q59A2EO\dds[1].scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [TurboV] "c:\program files\asus\turbov\TurboV.exe" mRun: [Ai Nap] "c:\program files\asus\ai suite\q-button\QButton.exe" mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe" mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe" mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 0.0.0.0 notice.asdf.com Hosts: 0.0.0.0 update.asdf.cn ================= FIREFOX =================== FF - ProfilePath - c:\users\qtech\appdata\roaming\mozilla\firefox\profiles\h9e4g7qv.default\ FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(427).dll FF - plugin: c:\users\qtech\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 hugoio;hugoio;c:\program files\i-menu\hugoio.sys [2009-12-31 9760] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032] R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-14 90112] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-16 12672] R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960] R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 38240] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-14 1047552] S3 AODDriver;AODDriver;c:\program files\amd\overdrive\i386\AODDriver.sys [2009-4-22 7680] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 flying spaghetti monsterPEngine;flying spaghetti monsterPEngine;c:\users\qtech\appdata\local\temp\FYZ9082.tmp [2010-1-9 25616] S4 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-4-22 124256] =============== Created Last 30 ================ 2010-01-08 08:18:19 1908 ----a-w- c:\windows\diagwrn.xml 2010-01-08 08:18:19 1908 ----a-w- c:\windows\diagerr.xml 2010-01-07 21:46:37 12 ---h--w- c:\windows\system32\%sdvmexp.idx 2010-01-06 12:57:26 22 ----a-w- c:\windows\system32\mylk.dat 2010-01-06 12:57:02 0 d-----w- c:\program files\KWMUSIC 2010-01-05 16:32:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-05 16:32:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-03 01:44:25 0 dc-h--w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2010-01-01 16:25:00 1285712 ----a-w- c:\windows\system32\drivers\tcpip.sys.do 2010-01-01 16:24:46 0 d-----w- c:\users\qtech\funshion 2010-01-01 16:24:46 0 d-----w- c:\program files\Funshion Online 2009-12-30 21:39:49 0 d-----w- c:\programdata\ATI 2009-12-30 21:37:23 0 d-----w- c:\program files\common files\ATI Technologies 2009-12-30 21:35:36 0 d-----w- c:\program files\ATI Technologies 2009-12-30 18:32:21 0 d-----w- c:\program files\i-Menu 2009-12-30 16:05:16 0 d-----w- c:\program files\Yamicsoft 2009-12-30 15:49:56 0 dc-h--w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275} 2009-12-29 07:03:26 0 d-----w- c:\users\qtech\appdata\roaming\Activision 2009-12-29 07:03:26 0 d-----w- c:\programdata\Activision 2009-12-28 13:37:20 0 d-----w- c:\users\qtech\appdata\roaming\Malwarebytes 2009-12-28 13:37:15 0 d-----w- c:\programdata\Malwarebytes 2009-12-28 13:37:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 09:34:13 0 d-----w- c:\users\qtech\XP-Turbo-Theme.part 2009-12-28 09:32:20 0 d-----w- c:\users\qtech\.tucan 2009-12-28 09:32:10 0 d-----w- C:\Tucan 2009-12-28 06:52:32 25 ----a-w- c:\windows\msgtn.ini 2009-12-27 18:57:13 0 dc-h--w- c:\programdata\{ADCC9DAF-34D1-4565-92F1-DDB872DCF596} 2009-12-27 18:54:11 95 ----a-w- c:\windows\PCDNSetting.ini 2009-12-27 18:40:25 60 ----a-w- c:\windows\MediaList.ini 2009-12-27 18:40:25 140 ----a-w- c:\windows\powerlist.ini 2009-12-27 18:39:35 925 ----a-w- c:\windows\psnetwork.ini 2009-12-27 18:39:34 1365 ----a-w- c:\windows\powerplayer.ini 2009-12-27 18:39:31 0 d-----w- c:\program files\PPStream 2009-12-27 12:54:36 0 dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} 2009-12-27 11:50:29 2516 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-12-27 11:36:01 0 d-----w- c:\windows\system32\appmgmt 2009-12-25 18:04:03 271274883 ----a-w- c:\windows\MEMORY.DMP 2009-12-23 16:41:25 0 d-----w- c:\program files\MSXML 4.0 2009-12-22 15:35:33 0 dc-h--w- c:\programdata\{2F7D775B-B5D8-465D-ADE2-8E3DFECC3B38} 2009-12-22 15:20:47 82432 ----a-w- c:\windows\system32\msxml4r.dll 2009-12-22 15:20:47 44544 ----a-w- c:\windows\system32\msxml4a.dll 2009-12-22 15:20:47 0 d-----w- c:\program files\common files\SourceTec 2009-12-22 15:20:42 0 d-----w- c:\program files\SourceTec 2009-12-22 11:30:11 0 d-----w- C:\my flashes 2009-12-22 11:29:06 0 d-----w- c:\program files\Flash Saver 2009-12-22 03:14:44 0 d-----w- c:\programdata\Electronic Arts 2009-12-22 02:56:04 0 d-----w- c:\program files\Microsoft WSE 2009-12-18 11:43:02 0 d-----w- c:\windows\AsDmiHtm 2009-12-18 06:59:49 0 d-----w- c:\program files\SpeedFan 2009-12-18 06:59:47 45 ----a-w- c:\windows\system32\initdebug.nfo 2009-12-17 11:34:27 0 d-----w- c:\program files\Total Video Converter 2009-12-16 02:32:27 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys 2009-12-16 02:32:26 0 d-----w- c:\program files\CPUID 2009-12-15 16:57:50 0 d-----w- c:\program files\Lavalys 2009-12-15 16:36:03 54156 ---ha-w- c:\windows\QTFont.qfn 2009-12-15 16:36:03 1409 ----a-w- c:\windows\QTFont.for 2009-12-15 15:57:22 86016 ----a-w- c:\windows\system32\OpenAL32.dll 2009-12-15 15:57:22 262144 ----a-w- c:\windows\system32\wrap_oal.dll 2009-12-15 15:37:49 6173 ----a-w- c:\windows\system32\drivers\Entech.vxd 2009-12-15 15:37:49 3972 ----a-w- c:\windows\system32\drivers\PciBus.sys 2009-12-15 15:37:49 27672 ----a-w- c:\windows\system32\drivers\Entech.sys 2009-12-15 15:37:49 12744 ----a-w- c:\windows\system32\drivers\Entech64.sys 2009-12-15 15:37:49 0 d-----w- c:\windows\system32\Futuremark 2009-12-15 15:36:29 0 d-----w- c:\program files\Futuremark 2009-12-15 12:58:35 0 d-----w- c:\users\qtech\appdata\roaming\Ubisoft 2009-12-15 12:58:35 0 d-----w- c:\programdata\Ubisoft 2009-12-15 09:24:35 0 d-----w- c:\programdata\BioWare 2009-12-15 04:42:31 0 d-----w- c:\program files\Rockstar Games 2009-12-15 03:05:18 197632 ----a-w- c:\windows\system32\CNMLM87.DLL 2009-12-15 03:05:16 57344 ----a-w- c:\windows\system32\CNCI600.DLL 2009-12-15 03:05:16 135168 ----a-w- c:\windows\system32\CNCL600.DLL 2009-12-15 03:05:16 1298432 ----a-w- c:\windows\system32\CNCC600.DLL 2009-12-15 03:05:16 106496 ----a-w- c:\windows\system32\cnco600.dll 2009-12-15 02:39:24 0 d-----w- c:\program files\Canon 2009-12-15 02:37:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-15 02:37:08 0 d--h--w- c:\programdata\CanonBJ 2009-12-15 02:32:48 0 d-----w- c:\users\qtech\appdata\roaming\PPStream 2009-12-15 02:23:03 22328 ----a-w- c:\users\qtech\appdata\roaming\PnkBstrK.sys 2009-12-15 02:19:59 0 d-----w- c:\program files\flying spaghetti monster 2009-12-15 02:19:12 107832 ----a-w- c:\users\qtech\appdata\roaming\PnkBstrB.exe 2009-12-15 02:19:08 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-15 02:19:07 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-15 02:19:06 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2009-12-15 02:10:01 0 d-----w- c:\windows\system32\AGEIA 2009-12-15 02:09:48 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-12-15 01:57:44 0 d-----w- c:\program files\Dragon Age 2009-12-15 01:57:44 0 d-----w- c:\program files\common files\BioWare 2009-12-15 01:41:13 32656 ----a-w- c:\windows\system32\msonpmon.dll 2009-12-15 01:38:17 0 d-----w- c:\program files\Microsoft Visual Studio 8 2009-12-15 01:37:23 0 d-----w- c:\programdata\Microsoft Help 2009-12-15 01:15:24 0 d-----w- c:\users\qtech\appdata\roaming\Uniblue 2009-12-15 01:15:24 0 d-----w- c:\programdata\DriverScanner 2009-12-15 01:15:24 0 d-----w- c:\program files\Uniblue 2009-12-15 01:12:12 0 dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2009-12-15 01:10:47 0 d-----w- c:\program files\Sierra Entertainment 2009-12-15 01:07:54 0 d-----w- c:\programdata\Media Center Programs 2009-12-15 01:00:35 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-14 23:16:12 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-14 23:13:02 0 d-----w- c:\windows\Panther 2009-12-14 15:01:34 0 d-----w- c:\windows\system32\xlive 2009-12-14 15:01:33 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-12-14 14:43:58 0 d-----w- c:\users\qtech\appdata\roaming\Stardock 2009-12-14 14:42:28 0 dc-h--w- c:\programdata\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9} 2009-12-14 14:40:13 0 d-----w- c:\programdata\Stardock 2009-12-14 14:40:13 0 d-----w- c:\program files\Stardock 2009-12-14 14:39:54 0 dc-h--w- c:\programdata\{BE672698-4DAC-4C83-9056-C07C3170F628} 2009-12-14 14:39:19 0 d-----w- c:\program files\Stardock Games 2009-12-14 14:27:55 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-12-14 14:02:25 0 d-----w- c:\program files\Activision 2009-12-14 10:07:40 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-12-14 10:06:51 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-14 09:56:38 0 d-----w- c:\users\qtech\appdata\roaming\ESET 2009-12-14 09:55:14 0 d-----w- c:\programdata\ESET 2009-12-14 09:55:14 0 d-----w- c:\program files\ESET 2009-12-14 09:42:51 0 d-----w- c:\programdata\Apple Computer 2009-12-14 09:42:49 0 d-----w- c:\program files\common files\Real 2009-12-14 09:42:48 0 d-----w- c:\program files\Ringz Studio 2009-12-14 09:38:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-14 09:37:47 0 d-----w- c:\program files\DAEMON Tools Lite 2009-12-14 09:37:30 0 d-----w- c:\users\qtech\appdata\roaming\DAEMON Tools Lite 2009-12-14 09:37:28 0 d-----w- c:\programdata\DAEMON Tools Lite 2009-12-14 09:06:18 0 d-----r- C:\TDDOWNLOAD 2009-12-14 09:06:05 20 ----a-w- c:\windows\system32\pub_store.dat 2009-12-14 09:06:04 0 d-----w- c:\programdata\Thunder Network 2009-12-14 09:06:03 0 d-----w- c:\program files\common files\Thunder Network 2009-12-14 09:06:01 0 d-----w- c:\program files\Thunder Network 2009-12-14 08:58:36 0 d-----w- c:\users\qtech\Tracing 2009-12-14 08:37:46 0 d-----w- c:\program files\Microsoft 2009-12-14 08:37:30 0 d-----w- c:\program files\Windows Live SkyDrive 2009-12-14 08:36:55 0 d-----w- c:\windows\PCHEALTH 2009-12-14 08:32:49 14336 ----a-w- c:\windows\system32\drivers\EIO.sys 2009-12-14 08:30:19 0 d-----w- c:\program files\common files\Windows Live 2009-12-14 08:04:38 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-14 07:59:23 0 d-----w- c:\programdata\Adobe 2009-12-14 07:59:22 0 d-----w- C:\ATI 2009-12-14 07:57:21 0 d-----w- c:\program files\Atheros Communications Inc 2009-12-14 07:57:06 0 d-----w- c:\programdata\ASUS OC Profiles 2009-12-14 07:56:18 15872 ----a-w- c:\windows\AsTaskSched.dll 2009-12-14 07:55:20 962612 ----a-w- c:\windows\system32\mfc42d.dll 2009-12-14 07:55:20 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL 2009-12-14 07:54:54 0 d-----w- c:\program files\AMD 2009-12-14 07:54:04 1746 ----a-w- c:\windows\Language_trs.ini 2009-12-14 07:49:35 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI 2009-12-14 07:47:39 0 d--h--w- c:\temp\dvmexp 2009-12-14 07:47:37 0 d--h--w- c:\temp\tmpdvmexp 2009-12-14 07:47:37 0 d--h--w- C:\temp 2009-12-14 07:47:37 0 d--h--w- C:\dvmexp 2009-12-14 07:47:22 0 d--h--w- C:\ASUS.000 2009-12-14 07:46:55 0 d--h--w- C:\ASUS.SYS 2009-12-14 07:46:20 0 d-----w- c:\program files\Downloaded Installations 2009-12-14 07:43:54 24576 ----a-r- c:\windows\system32\AsIO.dll 2009-12-14 07:43:54 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys 2009-12-14 07:43:51 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys 2009-12-14 07:43:51 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys 2009-12-14 07:43:51 0 d-----w- c:\program files\ASUS 2009-12-14 07:43:40 666 ----a-w- c:\windows\setup.iss 2009-12-14 07:43:20 47616 ----a-w- c:\windows\system32\drivers\L1E62x86.sys 2009-12-14 07:43:08 0 d-----w- c:\windows\system32\Atheros_L1e 2009-12-14 07:38:27 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys 2009-12-14 07:37:42 0 d-----w- c:\program files\ATI 2009-12-14 07:24:19 0 d-----w- c:\windows\system32\wbem\Performance 2009-12-14 07:24:14 0 d-----w- c:\windows\AsusInstAll 2009-12-14 07:23:44 0 d-----w- c:\program files\VIA 2009-12-14 07:22:56 24936 ----a-w- c:\windows\Ascd_tmp.ini ==================== Find3M ==================== 2009-11-30 10:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll 2009-11-30 10:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe 2009-11-25 03:51:32 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2009-11-25 03:18:02 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-11-25 03:17:34 368640 ----a-w- c:\windows\system32\atieclxx.exe 2009-11-25 03:17:04 172032 ----a-w- c:\windows\system32\atiesrxx.exe 2009-11-25 03:15:46 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2009-11-25 03:15:28 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2009-11-25 03:15:14 274432 ----a-w- c:\windows\system32\Oemdspif.dll 2009-11-25 03:15:04 11776 ----a-w- c:\windows\system32\atimuixx.dll 2009-11-25 03:14:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-11-25 03:12:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll 2009-11-25 02:55:58 3617792 ----a-w- c:\windows\system32\atiumdag.dll 2009-11-25 02:44:56 13487616 ----a-w- c:\windows\system32\atioglxx.dll 2009-11-25 02:37:58 2899968 ----a-w- c:\windows\system32\atiumdva.dll 2009-11-25 02:25:38 52224 ----a-w- c:\windows\system32\atimpc32.dll 2009-11-25 02:25:38 52224 ----a-w- c:\windows\system32\amdpcom32.dll 2009-11-25 02:25:06 225280 ----a-w- c:\windows\system32\atiadlxx.dll 2009-11-25 02:21:52 53248 ----a-w- c:\windows\system32\aticalrt.dll 2009-11-25 02:21:36 53248 ----a-w- c:\windows\system32\aticalcl.dll 2009-11-25 02:20:26 3629056 ----a-w- c:\windows\system32\aticaldd.dll 2009-11-25 02:10:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-11-24 07:20:48 90112 ----a-w- c:\windows\system32\atl71.dll 2009-11-24 07:20:48 503808 ----a-w- c:\windows\system32\msvcp71.dll 2009-11-24 07:20:48 1053696 ----a-w- c:\windows\system32\MFC71u.dll 2009-11-16 01:06:50 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys 2009-11-16 01:06:44 135048 ----a-w- c:\windows\system32\drivers\epfw.sys 2009-11-16 01:03:36 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-11-16 00:56:12 116520 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-11-06 02:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll 2009-11-06 02:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-10-22 15:59:00 196565 ----a-w- c:\windows\system32\atiicdxx.dat 2009-10-21 07:27:18 15360 ----a-w- c:\windows\system32\ATKOGL32.dll 2009-10-20 08:38:38 1335808 ----a-w- c:\windows\system32\ATKLUMDISP.dll 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 3:02:56.93 =============== Attached File(s) Attach.txt ( 7.39k ) Number of downloads: 4
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 10 2010, 06:05 AM Return to original view \| Post #7
Getting Started Junior Member 90 posts Joined: Jun 2009	GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-10 06:03:46 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\QTech\AppData\Local\Temp\fglcipog.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C132D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C12898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2B1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8A579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spcy.sys The system cannot find the path specified. ! PAGE dxgkrnl.sys!g_TdrForceTimeout + 9788 91A25800 11 Bytes [42, 39, 5D, 0C, 75, 28, C7, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 9794 91A2580C 10 Bytes [00, 33, FF, 47, 57, FF, 15, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 979F 91A25817 13 Bytes [50, 57, 89, 58, 0C, 89, 58, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 97AD 91A25825 185 Bytes [C7, 45, 10, 33, FB, FF, FF, ...] PAGE dxgkrnl.sys!g_TdrForceTimeout + 9867 91A258DF 21 Bytes [C7, 45, 0C, 0A, FB, FF, FF, ...] PAGE ... PAGE dxgkrnl.sys!DpiGetDriverVersion + 96 91A30888 8 Bytes [00, 6A, 02, FF, D6, 83, 60, ...] PAGE dxgkrnl.sys!DpiGetDriverVersion + 9F 91A30891 21 Bytes [50, 6A, 02, 89, 58, 0C, FF, ...] PAGE dxgkrnl.sys!DpiGetDriverVersion + B5 91A308A7 1 Byte [90] PAGE dxgkrnl.sys!DpiGetDriverVersion + B5 91A308A7 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE dxgkrnl.sys!DpiGetDriverVersion + CD 91A308BF 11 Bytes [6A, 02, FF, 15, FC, 73, A1, ...] PAGE ... PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 7 91A8D677 50 Bytes [87, 01, F7, D8, 1B, C0, F7, ...] PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 43 91A8D6B3 37 Bytes CALL 91A8D30B \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 69 91A8D6D9 33 Bytes [6A, 03, 58, B9, 00, B0, A1, ...] PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + 8B 91A8D6FB 69 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] PAGE dxgkrnl.sys!TdrIsTimeoutForcedFlip + D1 91A8D741 33 Bytes [3B, C7, 89, 46, 08, 7D, 02, ...] PAGE ... PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 37 91A8D920 34 Bytes [89, 86, B8, 0A, 00, 00, A1, ...] PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 5A 91A8D943 8 Bytes [F3, 90, 8B, 50, 04, 89, 56, ...] {PAUSE ; MOV EDX, [EAX+0x4]; MOV [ESI+0x54], EDX} PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 63 91A8D94C 37 Bytes [10, 89, 56, 50, 8B, 50, 08, ...] PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 89 91A8D972 5 Bytes [C7, 40, 0C, F0, 0A] PAGE dxgkrnl.sys!TdrCreateRecoveryContext + 8F 91A8D978 63 Bytes [00, C7, 40, 10, 60, C0, A1, ...] PAGE ... PAGE dxgkrnl.sys!TdrCompleteRecoveryContext + D 91A8E7DA 22 Bytes [8B, 46, 1C, 85, C0, 74, 11, ...] PAGE dxgkrnl.sys!TdrCompleteRecoveryContext + 24 91A8E7F1 112 Bytes [FF, 56, B9, 48, B6, A1, 91, ...] PAGE dxgkrnl.sys!TdrIsRecoveryRequired + 20 91A8E862 151 Bytes [CE, BA, 7C, C0, A1, 91, F0, ...] PAGE dxgkrnl.sys!TdrIsRecoveryRequired + B8 91A8E8FA 16 Bytes CALL 91A8DD64 \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrIsRecoveryRequired + C9 91A8E90B 26 Bytes CALL 91A0E821 \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrIsRecoveryRequired + E4 91A8E926 28 Bytes [8B, 40, 04, 8B, 80, BC, 00, ...] PAGE dxgkrnl.sys!TdrIsRecoveryRequired + 102 91A8E944 44 Bytes [02, 75, 17, 8B, 46, 30, 0B, ...] PAGE ... PAGE dxgkrnl.sys!TdrResetFromTimeout + 46 91A8E9FF 179 Bytes [00, C0, EB, D3, 8B, C8, E8, ...] PAGE dxgkrnl.sys!TdrResetFromTimeout + FA 91A8EAB3 62 Bytes [06, 8B, CB, 2B, C8, 51, FF, ...] PAGE dxgkrnl.sys!TdrResetFromTimeout + 139 91A8EAF2 85 Bytes [83, 60, 0C, 00, 83, 60, 10, ...] PAGE dxgkrnl.sys!TdrResetFromTimeout + 18F 91A8EB48 42 Bytes CALL 91A12D8F \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) PAGE dxgkrnl.sys!TdrResetFromTimeout + 1BA 91A8EB73 179 Bytes [15, FC, 73, A1, 91, 83, 60, ...] PAGE ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92434000, 0x2CB104, 0xE8000020] .text USBPORT.SYS!DllUnload 91B15CA0 5 Bytes JMP 86EA84E0 .text a5srzgoj.SYS 91B3D000 12 Bytes [44, 58, C1, 82, EE, 56, C1, ...] .text a5srzgoj.SYS 91B3D00D 9 Bytes [37, C1, 82, 48, 5B, C1, 82, ...] .text a5srzgoj.SYS 91B3D017 20 Bytes [00, DE, 57, D1, 8B, E6, 55, ...] .text a5srzgoj.SYS 91B3D02C 149 Bytes [00, 00, 00, 00, D0, 51, C8, ...] .text a5srzgoj.SYS 91B3D0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... .text peauth.sys A2A0DC9D 2 Bytes [0F, 2E] .text peauth.sys A2A0DCC1 2 Bytes [0F, 2E] PAGE peauth.sys A2A13E20 101 Bytes [E4, FC, 8B, E0, CD, A8, 79, ...] PAGE peauth.sys A2A1402C 102 Bytes [47, F9, B1, 3C, EE, 86, F0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A2B94000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A2B94123 629 Bytes [F5, B8, A2, FE, 05, 34, F5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A2B94399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A2B943FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A2B944AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 76253142 4 Bytes [C2, 04, 00, 00] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BC19042] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BC196D6] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BC19800] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BC1913E] \SystemRoot\System32\Drivers\spcy.sys IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\a5srzgoj.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetFilePointerEx] [01F46158] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetFileSizeEx] [01F46291] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSizeEx] [01F46291] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetOverlappedResult] [01F462D8] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetFileAttributesExA] [01F463D8] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetFileSizeEx] [01F46291] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetFilePointerEx] [01F46158] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileMappingA] [01F46421] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetOverlappedResult] [01F462D8] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetQueuedCompletionStatus] [01F4637F] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateIoCompletionPort] [01F4632B] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [01F45E80] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointerEx] [01F46158] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingA] [01F46421] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingW] [01F4647C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [01F45E80] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [01F45E80] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileMappingA] [01F46421] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [01F219FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetFileSize] [01F4624A] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetFilePointer] [01F460FE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [01F45F4C] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [01F45FFE] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [01F46209] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [01F45EE6] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [01F21922] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [01F21ADA] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateIoCompletionPort] [01F4632B] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetQueuedCompletionStatus] [01F4637F] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01F21788] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) IAT C:\Program Files\PPStream\PPSAP.exe[3524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01F21855] C:\Program Files\PPStream\1.1.0.2730\vodres.dll (PPS ¶¯Ì¬Á´½Ó¿â/PPStream Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 866101F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\volmgr \Device\VolMgrControl 8660C1F8 Device \Driver\usbohci \Device\USBPDO-0 86EBB500 Device \Driver\usbohci \Device\USBPDO-1 86EBB500 Device \Driver\usbehci \Device\USBPDO-2 86EBD500 Device \Driver\NetBT \Device\NetBT_Tcpip_{CA108F1E-0803-4775-A3B9-596F5A3E967F} 86DD11F8 Device \Driver\usbohci \Device\USBPDO-3 86EBB500 Device \Driver\PCI_PNP1123 \Device\00000060 spcy.sys Device \Driver\usbohci \Device\USBPDO-4 86EBB500 Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-5 86EBD500 Device \Driver\usbohci \Device\USBPDO-6 86EBB500 Device \Driver\volmgr \Device\HarddiskVolume1 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 86CB51F8 Device \Driver\volmgr \Device\HarddiskVolume3 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 86CB51F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort0 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort1 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort2 8660E1F8 Device \Driver\atapi \Device\Ide\IdePort3 8660E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 8660E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-6 8660E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 8660E1F8 Device \Driver\volmgr \Device\HarddiskVolume4 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume5 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume6 8660C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 86DD11F8 Device \Driver\usbohci \Device\USBFDO-0 86EBB500 Device \Driver\usbohci \Device\USBFDO-1 86EBB500 Device \Driver\usbehci \Device\USBFDO-2 86EBD500 Device \Driver\usbohci \Device\USBFDO-3 86EBB500 Device \Driver\usbohci \Device\USBFDO-4 86EBB500 Device \Driver\usbehci \Device\USBFDO-5 86EBD500 Device \Driver\sptd \Device\2873703129 spcy.sys Device \Driver\usbohci \Device\USBFDO-6 86EBB500 Device \Driver\a5srzgoj \Device\Scsi\a5srzgoj1Port4Path0Target0Lun0 86D2B1F8 Device \Driver\a5srzgoj \Device\Scsi\a5srzgoj1 86D2B1F8 ---- Threads - GMER 1.0.15 ---- Thread System [4:276] 86E4A930 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f603bf6a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f603bf6a@0025e774e267 0x8F 0xF6 0x1D 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x22 0x25 0x5B 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x87 0x36 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x66 0x0B 0xB5 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f603bf6a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f603bf6a@0025e774e267 0x8F 0xF6 0x1D 0x93 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x22 0x25 0x5B 0x8B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x87 0x36 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x66 0x0B 0xB5 0xE3 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\146@DoneAddingCrawlSeeds 0 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected ---- EOF - GMER 1.0.15 ---- Added on January 10, 2010, 4:43 pmpls help Added on January 10, 2010, 5:58 pmsomeone ? Added on January 11, 2010, 9:50 amplease help me out !!! thanks. Added on January 11, 2010, 7:48 pmHELP me please ! This post has been edited by quanonly90: Jan 11 2010, 07:48 PM
Card PM	Report Top Like Quote Reply

TSquanonly90	Jan 17 2010, 05:08 AM Return to original view \| Post #8
Getting Started Junior Member 90 posts Joined: Jun 2009	i got it fixed after uninstall DeskScape. lol, thanks for your helps ! ty
Card PM	Report Top Like Quote Reply

« Next Oldest · Technical Support · Next Newest »

Add Reply Options

Change to:

0.0278sec

0.54

7 queries

GZIP Disabled
Time is now: 15th December 2025 - 01:19 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.