|
-
September 10th, 2012, 05:48 PM
#1
[Inactive] TWO LOGS OF 4 REQUIRED
Broni,
Here are the 4 logs needed by you for my WINDOWS 7 post, "ERROR MSG AFTER UNFORCED SHUTDOWN AND REBOOT, as posted here per SpywareDr. FWIW, I had to run gmer twice as it crashed the first run ("A problem caused the program to stop working correctly."):
malwarebytes
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.10.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
sbuxman :: SBUXMAN-PC [administrator]
Protection: Enabled
9/10/2012 11:01:11 AM
mbam-log-2012-09-10 (11-01-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193188
Time elapsed: 6 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
=================
GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-10 14:25:00
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG00
Running: qpzb9ty7.exe; Driver: C:\Users\sbuxman\AppData\Local\Temp\axlirfog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E893C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\system32\rundll32.exe[2672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2672] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2672] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2672] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
I will post aswMBR in the next post and follow lastly with DDS due to size restrictions.
Thanks,
sbuxman
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
