Author Topic: New forum Member Needs help with DgivEcp.sys file marked red  (Read 14121 times)

0 Members and 2 Guests are viewing this topic.

January 16, 2015, 09:44:16 PM

pdk3001

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
New forum Member Needs help with DgivEcp.sys file marked red
« on: January 16, 2015, 09:44:16 PM »
The only discrepancy found with a current run of RogueKiller is a File checked marked in RED and tagged as Critical! Item is malware and should be removed.

C:\windows\System32\drivers\DgivEcp.sys

STATUS: found   DETECTION: File.Forged   NAME: DgivEcp.sys

Windows Explorer shows DgivEcp.sys 10/22/2007 02:55 System file 53KB

It is marked for deletion by default. However, when I run the delete the files STATUS changes to Error[32]

Can't find anything about this error and the file remains.

I am newbe on the learning curve. Needing assistance to determine if this is indeed malware and what should be done next.

THANKS




Reply #1January 18, 2015, 04:44:59 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #1 on: January 18, 2015, 04:44:59 PM »
Hi pdk3001,

Welcome to Adlice.com Forum.
Could you please post RogueKiller's full report in your next reply ?

Regards.

Reply #2January 19, 2015, 06:19:58 PM

pdk3001

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #2 on: January 19, 2015, 06:19:58 PM »
Thanks for the reply.
In the report I did notice many (63) IAT/EAT hooks with unknown modules; orange.

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : NetUser [Administrator]
Mode : Delete -- Date : 01/19/2015  12:10:10

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[File.Forged][File] DgivEcp.sys -- C:\Windows\System32\drivers\DgivEcp.sys -> ERROR [32]

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 63 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PeekMessageW : Unknown @ 0x23c0000 (push dword 0x23c0000|ret )
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a0003c (jmp 0xfffffffffa3303d2|jmp dword near [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a4003c (push dword 0x71a30022|ret |jmp dword near [0x71a3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageA : Unknown @ 0x710e003c (push dword 0x710d0022|ret |jmp dword near [0x710d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageW : Unknown @ 0x710a003c (push dword 0x71090022|ret |jmp dword near [0x7109001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetClipboardData : Unknown @ 0x7170003c (push dword 0x716f0022|ret |jmp dword near [0x716f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x6a7c97e0 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff8e697a0)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) GDI32.dll - BitBlt : Unknown @ 0x7182003c (push dword 0x71810022|ret |jmp dword near [0x7181001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WINTRUST.dll - WinVerifyTrust : Unknown @ 0x7122003c (push dword 0x71210022|ret |jmp dword near [0x7121001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - QueueUserWorkItem : Unknown @ 0x7106003c (push dword 0x71050022|ret |jmp dword near [0x7105001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - RegisterClassA : Unknown @ 0x718a003c (push dword 0x71890022|ret |jmp dword near [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - DdeInitializeW : Unknown @ 0x7174003c (push dword 0x71730022|ret |jmp dword near [0x7173001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x7113003c (jmp 0xfffffffffba1bd8c|jmp dword near [0x7112001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetGetCookieExW : Unknown @ 0x713a003c (push dword 0x71390022|ret |jmp dword near [0x7139001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : Unknown @ 0x7142003c (push dword 0x71410022|ret |jmp dword near [0x7141001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenW : Unknown @ 0x7132003c (push dword 0x71310022|ret |jmp dword near [0x7131001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x712a003c (push dword 0x71290022|ret |jmp dword near [0x7129001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x712e003c (push dword 0x712d0022|ret |jmp dword near [0x712d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x715e003c (push dword 0x715d0022|ret |jmp dword near [0x715d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : Unknown @ 0x7152003c (push dword 0x71510022|ret |jmp dword near [0x7151001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : Unknown @ 0x714e003c (push dword 0x714d0022|ret |jmp dword near [0x714d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetWriteFile : Unknown @ 0x7126003c (push dword 0x71250022|ret |jmp dword near [0x7125001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : Unknown @ 0x714a003c (push dword 0x71490022|ret |jmp dword near [0x7149001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - GetAddrInfoExW : Unknown @ 0x711d003c (jmp 0xfffffffffbab2e38|jmp dword near [0x711c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpAddRequestHeadersA : Unknown @ 0x7166003c (push dword 0x71650022|ret |jmp dword near [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) urlmon.dll - CoInternetCombineUrlEx : Unknown @ 0x717a003c (push dword 0x71790022|ret |jmp dword near [0x7179001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestA : Unknown @ 0x715a003c (push dword 0x71590022|ret |jmp dword near [0x7159001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestA : Unknown @ 0x7162003c (push dword 0x71610022|ret |jmp dword near [0x7161001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenA : Unknown @ 0x7136003c (push dword 0x71350022|ret |jmp dword near [0x7135001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectA : Unknown @ 0x7146003c (push dword 0x71450022|ret |jmp dword near [0x7145001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a0003c (jmp 0xfffffffffa3303d2|jmp dword near [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a4003c (push dword 0x71a30022|ret |jmp dword near [0x71a3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageA : Unknown @ 0x710e003c (push dword 0x710d0022|ret |jmp dword near [0x710d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageW : Unknown @ 0x710a003c (push dword 0x71090022|ret |jmp dword near [0x7109001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetClipboardData : Unknown @ 0x7170003c (push dword 0x716f0022|ret |jmp dword near [0x716f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x6a7c97e0 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff8e697a0)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) GDI32.dll - BitBlt : Unknown @ 0x7182003c (push dword 0x71810022|ret |jmp dword near [0x7181001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WINTRUST.dll - WinVerifyTrust : Unknown @ 0x7122003c (push dword 0x71210022|ret |jmp dword near [0x7121001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - QueueUserWorkItem : Unknown @ 0x7106003c (push dword 0x71050022|ret |jmp dword near [0x7105001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - RegisterClassA : Unknown @ 0x718a003c (push dword 0x71890022|ret |jmp dword near [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - DdeInitializeW : Unknown @ 0x7174003c (push dword 0x71730022|ret |jmp dword near [0x7173001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x7113003c (jmp 0xfffffffffba1bd8c|jmp dword near [0x7112001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetGetCookieExW : Unknown @ 0x713a003c (push dword 0x71390022|ret |jmp dword near [0x7139001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : Unknown @ 0x7142003c (push dword 0x71410022|ret |jmp dword near [0x7141001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenW : Unknown @ 0x7132003c (push dword 0x71310022|ret |jmp dword near [0x7131001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x712a003c (push dword 0x71290022|ret |jmp dword near [0x7129001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x712e003c (push dword 0x712d0022|ret |jmp dword near [0x712d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x715e003c (push dword 0x715d0022|ret |jmp dword near [0x715d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : Unknown @ 0x7152003c (push dword 0x71510022|ret |jmp dword near [0x7151001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : Unknown @ 0x714e003c (push dword 0x714d0022|ret |jmp dword near [0x714d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetWriteFile : Unknown @ 0x7126003c (push dword 0x71250022|ret |jmp dword near [0x7125001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : Unknown @ 0x714a003c (push dword 0x71490022|ret |jmp dword near [0x7149001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - GetAddrInfoExW : Unknown @ 0x711d003c (jmp 0xfffffffffbab2e38|jmp dword near [0x711c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpAddRequestHeadersA : Unknown @ 0x7166003c (push dword 0x71650022|ret |jmp dword near [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) urlmon.dll - CoInternetCombineUrlEx : Unknown @ 0x717a003c (push dword 0x71790022|ret |jmp dword near [0x7179001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestA : Unknown @ 0x715a003c (push dword 0x71590022|ret |jmp dword near [0x7159001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestA : Unknown @ 0x7162003c (push dword 0x71610022|ret |jmp dword near [0x7161001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenA : Unknown @ 0x7136003c (push dword 0x71350022|ret |jmp dword near [0x7135001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectA : Unknown @ 0x7146003c (push dword 0x71450022|ret |jmp dword near [0x7145001e]|jmp 0x10)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Volume0 +++++
--- User ---
[MBR] 909f2dd56199fefe9037ca74866f2053
[BSP] 83c18d2e04eb08d97fa47a02d855e0ea : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 853115 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1747181568 | Size: 99999 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: Seagate Expansion Desk USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Seagate Backup+ Desk USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_01082015_104743.log - RKreport_DEL_01082015_105205.log - RKreport_DEL_01122015_154155.log - RKreport_DEL_01122015_155513.log
RKreport_DEL_01132015_114842.log - RKreport_DEL_01132015_144742.log - RKreport_DEL_01132015_181217.log - RKreport_DEL_12092014_163128.log
RKreport_SCN_01082015_100743.log - RKreport_SCN_01082015_105112.log - RKreport_SCN_01122015_152016.log - RKreport_SCN_01132015_114139.log
RKreport_SCN_01132015_123242.log - RKreport_SCN_01132015_181149.log - RKreport_SCN_01152015_162241.log - RKreport_SCN_12092014_161227.log
RKreport_SCN_01192015_120344.log

Reply #3January 19, 2015, 09:41:59 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #3 on: January 19, 2015, 09:41:59 PM »
Hi pdk3001,

These IAT hooks need to be investigated.
Please follow the following process as close as possible.

1. Process Dump
  • Download Process Explorer and save it to your desktop.
  • Click on the setup file (procexp.exe) and select Run as Administrator to start the tool.
  • Locate the process named iexplore.exe, right click select Create Dump > Create Full Dump...
  • Save the dump on your desktop, compress it and upload it on Google Drive/Dropbox.
  • Share the link in your next reply.
2. Additional rootkit scan
  • Please download TDSSKiller and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



  • Check Loaded Modules and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.



  • Click Start Scan and allow the scan process to run.
    If threats are detected select Skip for all of them unless I instruct you otherwise.
  • Click Continue



  • Click Reboot computer
Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your next reply.

Regards.

Reply #4January 20, 2015, 12:03:44 AM

pdk3001

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #4 on: January 20, 2015, 12:03:44 AM »

Reply #5January 20, 2015, 12:47:14 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #5 on: January 20, 2015, 12:47:14 PM »
Hi pdk3001,

Please redo a full scan with TDSSKiller and select "Cure" when DgiVecp ( ForgedFile.Multi.Generic ) is detect.
Select "Continue". The file will be replaced.
Post the logfile obtained in your next post.

Locate the following folder C:/TDSSKiller, zip it and attach it with your next post.

Regards.

Reply #6January 20, 2015, 09:09:52 PM

pdk3001

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #6 on: January 20, 2015, 09:09:52 PM »
Again thanks for the continuation:

TDSKiller log on Google Drive

https://drive.google.com/file/d/0B13Khk0jqD34VUcxS245TVdwa28/view?usp=sharing

C:\TDSKiller_Quarantine is attached


Reply #7January 20, 2015, 11:21:03 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #7 on: January 20, 2015, 11:21:03 PM »
Hi pdk3001,

TDSSKiller seems to have deleted the file.
Could you please redo a full scan with RogueKiller and post the report obtained in your next reply ?

Regards.

Reply #8January 21, 2015, 08:24:17 PM

pdk3001

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #8 on: January 21, 2015, 08:24:17 PM »
Now 32 orange entries under AntiRootkit
DgivEcp.sys file not listed
----------------------------------------------------------------------

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : NetUser [Administrator]
Mode : Scan -- Date : 01/21/2015  14:02:42

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 32 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PeekMessageW : Unknown @ 0x2920000 (push dword 0x2920000|ret )
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a0003c (jmp 0xfffffffffa1c03d2|jmp dword near [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a4003c (push dword 0x71a30022|ret |jmp dword near [0x71a3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageA : Unknown @ 0x70e0003c (push dword 0x70df0022|ret |jmp dword near [0x70df001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageW : Unknown @ 0x70dc003c (push dword 0x70db0022|ret |jmp dword near [0x70db001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetClipboardData : Unknown @ 0x7170003c (push dword 0x716f0022|ret |jmp dword near [0x716f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x711b97e0 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xffffffffff8597a0)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) GDI32.dll - BitBlt : Unknown @ 0x7182003c (push dword 0x71810022|ret |jmp dword near [0x7181001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WINTRUST.dll - WinVerifyTrust : Unknown @ 0x70f6003c (push dword 0x70f50022|ret |jmp dword near [0x70f5001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - QueueUserWorkItem : Unknown @ 0x70d8003c (push dword 0x70d70022|ret |jmp dword near [0x70d7001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - RegisterClassA : Unknown @ 0x718a003c (push dword 0x71890022|ret |jmp dword near [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - DdeInitializeW : Unknown @ 0x7174003c (push dword 0x71730022|ret |jmp dword near [0x7173001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x70e5003c (jmp 0xfffffffff9b0bd8c|jmp dword near [0x70e4001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - GetAddrInfoExW : Unknown @ 0x70f1003c (jmp 0xfffffffff9bc2e38|jmp dword near [0x70f0001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetGetCookieExW : Unknown @ 0x713a003c (push dword 0x71390022|ret |jmp dword near [0x7139001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : Unknown @ 0x7142003c (push dword 0x71410022|ret |jmp dword near [0x7141001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenW : Unknown @ 0x7132003c (push dword 0x71310022|ret |jmp dword near [0x7131001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x7115003c (push dword 0x71140022|ret |jmp dword near [0x7114001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x7119003c (push dword 0x71180022|ret |jmp dword near [0x7118001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x715e003c (push dword 0x715d0022|ret |jmp dword near [0x715d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : Unknown @ 0x7152003c (push dword 0x71510022|ret |jmp dword near [0x7151001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : Unknown @ 0x714e003c (push dword 0x714d0022|ret |jmp dword near [0x714d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetWriteFile : Unknown @ 0x70fa003c (push dword 0x70f90022|ret |jmp dword near [0x70f9001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : Unknown @ 0x714a003c (push dword 0x71490022|ret |jmp dword near [0x7149001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpAddRequestHeadersA : Unknown @ 0x7166003c (push dword 0x71650022|ret |jmp dword near [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) urlmon.dll - CoInternetCombineUrlEx : Unknown @ 0x717a003c (push dword 0x71790022|ret |jmp dword near [0x7179001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestA : Unknown @ 0x715a003c (push dword 0x71590022|ret |jmp dword near [0x7159001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestA : Unknown @ 0x7162003c (push dword 0x71610022|ret |jmp dword near [0x7161001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenA : Unknown @ 0x7136003c (push dword 0x71350022|ret |jmp dword near [0x7135001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectA : Unknown @ 0x7146003c (push dword 0x71450022|ret |jmp dword near [0x7145001e]|jmp 0x10)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Volume0 +++++
--- User ---
[MBR] 909f2dd56199fefe9037ca74866f2053
[BSP] 83c18d2e04eb08d97fa47a02d855e0ea : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 853115 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1747181568 | Size: 99999 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: Seagate Backup+ Desk USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Kingston DTR30G2 USB Device +++++
--- User ---
[MBR] 110e427bfe182fa71acc7b79c613f37a
[BSP] 3fe8c7cbfee808dcffa405297d024777 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 30012 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Seagate Expansion Desk USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Kingston DTR30G2 USB Device +++++
--- User ---
[MBR] 8b147d0808561634b1084213a196db6a
[BSP] 54750e33cdc1bf9de564de31d48ae5f4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 30012 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_01082015_104743.log - RKreport_DEL_01082015_105205.log - RKreport_DEL_01122015_154155.log - RKreport_DEL_01122015_155513.log
RKreport_DEL_01132015_114842.log - RKreport_DEL_01132015_144742.log - RKreport_DEL_01132015_181217.log - RKreport_DEL_01192015_121010.log
RKreport_DEL_12092014_163128.log - RKreport_SCN_01082015_100743.log - RKreport_SCN_01082015_105112.log - RKreport_SCN_01122015_152016.log
RKreport_SCN_01132015_114139.log - RKreport_SCN_01132015_123242.log - RKreport_SCN_01132015_181149.log - RKreport_SCN_01152015_162241.log
RKreport_SCN_01192015_120344.log - RKreport_SCN_12092014_161227.log

Reply #9January 21, 2015, 10:18:00 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #9 on: January 21, 2015, 10:18:00 PM »
Hi pdk3001,

The computer seems clean.
Do you still need help ?

If you have any questions, feel free to ask.
Regards.

Reply #10January 22, 2015, 04:58:12 PM

pdk3001

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #10 on: January 22, 2015, 04:58:12 PM »
YES! Everything appears to be clean. Just ran another check that showed nothing. Yea horray!

I am going to review the process and my understanding to make this a better learning experience.

Thanks for being there.

Reply #11January 22, 2015, 05:45:20 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: New forum Member Needs help with DgivEcp.sys file marked red
« Reply #11 on: January 22, 2015, 05:45:20 PM »
Hi pdk3001,

I'm glad I was able to help you.
All the best.