Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Slow Computer. Is my computer infected?


  • Please log in to reply
41 replies to this topic

#1 jessie91

jessie91

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 21 August 2011 - 01:28 AM

Hi,

For the past few weeks my computer has been running really slowly. I installed DIV X plus and it installed a program called Registry Mechanic too. This RM program pops up and runs fake scans and asks me to remove the fake problems by buying their product. I have tried numerous times to delete this program but nothing works. I have uninstalled it from my computer many times but every time I start up my computer it is still there along with a program called Syminstallstub. I also have a tkbell pop up left over from a realplayer installation. I cannot remove it.

My computer runs so slowly that whenever I play music it sounds really slow, almost robotic. I have ran Super-antispyware, Malwarebytes, Ad Aware, Avira, Spybot Search and Destroy, and Spyware Terminator. Super-antispyware detected 225 problems and removed them but the problems are still there. Spyware Terminator detects an invalid registry item but is unable to remove it. All the other programs detect nothing.

I have taken a screen shot but I do not know how to post it.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 21 August 2011 - 01:39 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jessie91

jessie91
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 21 August 2011 - 07:33 PM

I tried to download security check but when I clicked the link it led to a black page.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 21 August 2011 - 08:05 PM

Uploaded it for you here: http://www.filedropper.com/securitycheck

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 jessie91

jessie91
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 21 August 2011 - 08:45 PM

Thank You! My computer runs slowly so it may take a while before I can post the logs.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 21 August 2011 - 09:19 PM

Take your time :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 jessie91

jessie91
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 21 August 2011 - 11:12 PM

I tried to run Security Check but it told me that it is not a valid Win32 application.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 22 August 2011 - 12:16 AM

Proceed with other steps.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 jessie91

jessie91
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 August 2011 - 04:47 PM

MiniToolBox by Farbar
Ran by JS (administrator) on 22-08-2011 at 11:08:02
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15013 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : JPS-GK-ZR

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : uncfsu.edu



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter

Physical Address. . . . . . . . . : 00-24-2B-04-EF-09



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : uncfsu.edu

Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-23-8B-23-FC-1E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 152.6.103.27

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 152.6.103.254

DHCP Server . . . . . . . . . . . : 152.6.5.13

DNS Servers . . . . . . . . . . . : 152.6.5.10

152.6.5.2

Primary WINS Server . . . . . . . : 152.6.5.2

Lease Obtained. . . . . . . . . . : Monday, August 22, 2011 10:57:40 AM

Lease Expires . . . . . . . . . . : Thursday, August 25, 2011 10:57:40 AM

Server: dc01.uncfsu.edu
Address: 152.6.5.10

Name: google.com
Addresses: 74.125.65.105, 74.125.65.104, 74.125.65.147, 74.125.65.106
74.125.65.99, 74.125.65.103



Pinging google.com [74.125.65.104] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 74.125.65.104:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: dc01.uncfsu.edu
Address: 152.6.5.10

Name: yahoo.com
Addresses: 67.195.160.76, 209.191.122.70, 72.30.2.43, 69.147.125.65
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 2b 04 ef 09 ...... Atheros AR5007EG Wireless Network Adapter - Packet Scheduler Miniport
0x3 ...00 23 8b 23 fc 1e ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 152.6.103.254 152.6.103.27 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
152.6.103.0 255.255.255.0 152.6.103.27 152.6.103.27 20
152.6.103.27 255.255.255.255 127.0.0.1 127.0.0.1 20
152.6.255.255 255.255.255.255 152.6.103.27 152.6.103.27 20
224.0.0.0 240.0.0.0 152.6.103.27 152.6.103.27 20
255.255.255.255 255.255.255.255 152.6.103.27 152.6.103.27 1
255.255.255.255 255.255.255.255 152.6.103.27 2 1
Default Gateway: 152.6.103.254
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/19/2011 09:17:41 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (08/19/2011 09:17:36 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (08/18/2011 11:51:03 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/16/2011 07:56:11 PM) (Source: Application Error) (User: )
Description: Faulting application ddmservice.exe, version 1.2.0.135, faulting module divxdownloadmanager.dll, version 1.2.0.135, fault address 0x000260d0.
Processing media-specific event for [ddmservice.exe!ws!]

Error: (08/15/2011 10:52:50 PM) (Source: Application Hang) (User: )
Description: Hanging application wuauclt.exe, version 7.4.7600.226, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/13/2011 10:07:48 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (08/12/2011 09:24:33 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (08/12/2011 09:24:02 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x05db9290.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/12/2011 06:45:46 PM) (Source: Application Hang) (User: )
Description: Hanging application burningstudio.exe, version 6.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/12/2011 06:05:08 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x064d9294.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (08/22/2011 11:05:41 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 11:05:37 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 11:05:34 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 11:05:30 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 11:05:27 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 10:59:11 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 10:59:08 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 10:59:05 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/22/2011 10:59:02 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/21/2011 03:14:38 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

(Version: 1.0.4.0)
7-Zip 4.65
Acer Crystal Eye Webcam (Version: 1.0.1.5)
Acer ScreenSaver (Version: 1.11.0613)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware (Version: 9.0.7)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader 9 (Version: 9.0.0)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Ashampoo Burning Studio 6 FREE v.6.80 (Version: 6.8.0)
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program (Version: 7.6.0.224)
Audacity 1.3.12 (Unicode)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.700)
AviSynth 2.5
AVStoDVD 2.3.4 (Version: 2.3.4)
CDBurnerXP (Version: 4.3.8.2568)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Conduit Engine (Version: )
Content Transfer (Version: 1.3.0.23190)
Crawler Toolbar with Web Security Guard
Debut Video Capture Software
DeGo Video Converter version 2.1.6.174 (Version: 2.1.6.174)
DivX Setup (Version: 2.6.0.34)
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
Free Audio Editor
Free RAR Extract Frog (Version: 3.21)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.65)
Haali Media Splitter
HiJackThis (Version: 1.0.0)
HyperCam 2 (Version: 2.24.01)
ImgBurn (Version: 2.5.5.0)
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1255)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
JMicron JMB38X Flash Media Controller (Version: 1.00.16.01)
LAME v3.98.3 for Audacity
Launch Manager
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox (3.6.12) (Version: 3.6.12 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Editor Free
OpenOffice.org 3.2 (Version: 3.2.9502)
Plumeboom (Version: 1.0)
Power Sound Editor Free
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Registry Mechanic 10.0 (Version: 10.0)
SafeConnect
Sothink Movie DVD Maker (Version: 3.6)
Spybot - Search & Destroy (Version: 1.6.2)
Spyware Terminator (Version: 2.8.2.192)
SUPERAntiSpyware (Version: 4.41.1000)
Synaptics Pointing Device Driver (Version: 11.1.4.0)
Tibet Quest
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
Walmart MP3 Music Downloads (Version: 1.6.4.4)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0 (Version: 2.0.0000)
WinPcap 4.0.2 (Version: 4.0.0.1040)
Wondershare Free YouTube Downloader(Build 1.3.5.20)

========================= Memory info: ===================================

Percentage of memory in use: 83%
Total physical RAM: 1011.88 MB
Available physical RAM: 171.25 MB
Total Pagefile: 2429.24 MB
Available Pagefile: 1671.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.85 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:144.17 GB) (Free:80.18 GB) NTFS

========================= Users: ========================================

User accounts for \\JPS-GK-ZR

Administrator ASPNET Guest
HelpAssistant JS SUPPORT_388945a0


**** End of log ****



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7470

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/22/2011 12:30:30 PM
mbam-log-2011-08-22 (12-30-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 217746
Time elapsed: 1 hour(s), 12 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-22 17:44:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: gdmpxc1t.exe; Driver: C:\DOCUME~1\JS\LOCALS~1\Temp\kxdiipow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA97D188E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA97D10EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA97D0DCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA97D2938]
SSDT F7CC1A1C ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA97D0ED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA97D0FC2]
SSDT F7CC1A67 ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA97D1BBC]
SSDT F7CC1A3A ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA97D13F4]
SSDT F7CC1A08 ZwOpenProcess
SSDT F7CC1A0D ZwOpenThread
SSDT F7CC1A44 ZwReplaceKey
SSDT F7CC1A3F ZwRestoreKey
SSDT F7CC1A7B ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA97D1526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA97D0BFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA97D1B04]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA97D170C]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3384] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\JS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\804C25D6A90B0254B98174B5183D391F\Usage@Spelling 1058432994

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\JS\Recent\resume2.lnk 648 bytes

---- EOF - GMER 1.0.15 ----

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 22 August 2011 - 04:54 PM

Your logs look clean so far.

Let's see if we can take care of those leftovers which bug you at computer startup.

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 jessie91

jessie91
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 August 2011 - 05:03 PM

http://www.filedropper.com/autoruns_5

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 22 August 2011 - 05:28 PM

Re-run Autoruns.

UN-check following entries.

In "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" section:
+ "Alcmtr"
+ "DivXUpdate"
+ "IgfxTray"
+ "M3000Mnt"
+ "Persistence"
+ "SunJavaUpdateSched"
+ "TkBellExe"

In "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" section:
+ "SymInstallStub"

In "Task Scheduler" section:
+ "RealUpgradeLogonTaskS-1-5-21-3528235992-36470461-2191882057-1006.job"
+ "RealUpgradeScheduledTaskS-1-5-21-3528235992-36470461-2191882057-1006.job"
+ "RMSchedule.job"

Restart computer and let me know about popups (if any).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 jessie91

jessie91
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 August 2011 - 06:06 PM

When I unchecked DIV X Update spybot search and destroy popped up and asked me to allow change.

Should I only restart my computer after I have unchecked the things you told me to uncheck?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 22 August 2011 - 06:11 PM

Yes disregard any Spybot warnings.

Restart when you unchecked everything.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 jessie91

jessie91
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 August 2011 - 06:21 PM

I only got a Spybot Search and Destroy pop up that says ENTRY: M3000Mnt. OLD DATA: Rundll32.exe M3000Rmv.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users