Hello,
This is my first time posting here.
I have recently come across a .exe running on my PC called username.exe (in my case Brian.exe). It eats up most of my CPU space and causes my computer to run extremely slow.
I have run Anti-Malware Bytes, Super Anti Spyware, CC-cleaner and multiple symantec virus scans but nothing will get rid of it.
It also changes all the start pages of all my internet browsers to something called startpage.com
Here is my hijackthis report:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:56 AM, on 11/16/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Brian.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\conhost.exe
C:\Users\Brian\AppData\Roaming\37Y3tJYtWH672FSIi9DVc5JN9wJP60Sl\Brian.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Users\Brian\Downloads\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://startpage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BRIAN-PC] C:\Users\Brian\AppData\Roaming\vvid.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Brian.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone:
http://*.aeriagames.com
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) -
http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) -
https://juniper.net/dana-cached/sc/J...etupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 9996 bytes
This is my DDS report.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.21.2
Run by Brian at 0:34:00 on 2013-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2377 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Brian.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conhost.exe
C:\Users\Brian\AppData\Roaming\37Y3tJYtWH672FSIi9DVc5JN9wJP60Sl\Brian.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Downloads\HijackThis (1).exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startpage.com
uDefault_Page_URL = hxxp://www.dell.com
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrec ordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Akamai NetSession Interface] "c:\users\brian\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\brian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BRIAN-PC] c:\users\brian\appdata\roaming\vvid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\brian\appdata\roaming\microsoft\windows\start menu\programs\startup\Brian.exe
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\d elldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1209E7A2-1F92-4034-8E40-9D74F65BC8F4} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\35865607162746 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\45162616B696E6 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\8686F6E6F62737 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\hu5wzsp5.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=103&systemid=453&sr=0&q=
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\brian\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\brian\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-12-21 20:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-12-21 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2010-1-11 155648]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-9-29 1831024]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-27 108120]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2013-1-28 13232]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-28 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-28 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400]
.
=============== Created Last 30 ================
.
2013-11-16 05:19:39 -------- d-----w- C:\AdwCleaner
2013-11-13 23:29:03 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-13 23:29:02 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-13 23:29:02 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 23:22:49 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-13 23:22:49 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-13 23:22:49 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-13 23:22:49 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-13 23:22:49 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-13 23:22:48 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-13 23:22:48 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-13 23:22:48 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-13 23:22:48 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-13 23:22:48 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-13 23:15:56 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 23:14:17 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 23:14:16 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-13 23:14:16 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 23:13:08 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-12 03:56:30 1422040 --s-a-w- c:\users\brian\appdata\roaming\microsoft\windows\start menu\programs\startup\Brian.exe
2013-11-12 03:55:19 1422040 --sha-w- c:\users\brian\appdata\roaming\vvid.exe
2013-11-12 03:55:19 -------- d-sh--w- c:\users\brian\appdata\roaming\37Y3tJYtWH672FSIi9DVc5JN9wJP60Sl
.
==================== Find3M ====================
.
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-02 15:51:38 4909600 ----a-w- c:\windows\system32\GameMon.des
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
============= FINISH: 0:35:46.44 ===============
This is my attach.txt report:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/21/2010 8:45:10 PM
System Uptime: 11/16/2013 12:24:18 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U8042
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2401/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 185.364 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.584 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP186: 9/13/2013 11:27:43 PM - Windows Modules Installer
RP188: 10/10/2013 10:56:55 PM - Windows Modules Installer
RP189: 11/14/2013 10:33:08 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Accidental Damage Services Agreement
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Broadcom Management Programs
CCleaner
Core Temp version 0.99.8
Dell Dock
Dell Edoc Viewer
Dell Touchpad
Dragon Age II
eReg
Flyff
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Intel(R) PROSet/Wireless Software
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 33
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Keynote Connector
Laptop Integrated Webcam Driver (1.03.01.1011)
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.75.0.1300
mCore
Media Player Classic - Home Cinema v1.5.0.2827
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Might & Magic Heroes VI
mMHouse
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
PCSX2 - Playstation 2 Emulator
PowerISO
Project64 1.6
QuickSet
QuickTime
Real Alternative 2.0.2
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
RollerCoaster Tycoon 3 Platinum
Rose Online
Runes of Magic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SelectionLinks
Shopping InContext
Skype Click to Call
Skype 6.1
StreamTorrent 1.0
SUPERAntiSpyware
Symantec Endpoint Protection
TVAnts 1.0
TwelveSky 2
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Migration Assistant
WinRAR 4.00 beta 3 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/16/2013 12:26:55 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
11/16/2013 12:26:55 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
11/16/2013 12:26:55 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
11/15/2013 11:32:12 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
11/14/2013 10:54:00 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/11/2013 7:22:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/11/2013 7:22:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SigmaTel Audio Service service to connect.
11/11/2013 7:22:02 PM, Error: Service Control Manager [7000] - The SigmaTel Audio Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Finally, here is the result of the GMER scan without IAT/EAT checked:
GMER 2.1.19163 -
http://www.gmer.net
Rootkit scan 2013-11-16 01:08:56
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0 465.76GB
Running: q2e1su16.exe; Driver: C:\Users\Brian\AppData\Local\Temp\pgloqpow.sys
---- System - GMER 2.1 ----
SSDT 876E9F10 ZwAlertResumeThread
SSDT 876E9FD0 ZwAlertThread
SSDT 876E45E8 ZwAllocateVirtualMemory
SSDT 87699588 ZwConnectPort
SSDT 876E9C60 ZwCreateMutant
SSDT 876E42D0 ZwCreateThread
SSDT 876E4E28 ZwFreeVirtualMemory
SSDT 876E9D50 ZwImpersonateAnonymousToken
SSDT 876E9E30 ZwImpersonateThread
SSDT 876E4D48 ZwMapViewOfSection
SSDT 876E9B80 ZwOpenEvent
SSDT 876E4210 ZwOpenProcessToken
SSDT 876E4AA8 ZwOpenThreadToken
SSDT 876E7058 ZwResumeThread
SSDT 876E7A70 ZwSetContextThread
SSDT 876E4B98 ZwSetInformationProcess
SSDT 876E7980 ZwSetInformationThread
SSDT 876E9AA0 ZwSuspendProcess
SSDT 876E77C0 ZwSuspendThread
SSDT 876E43B0 ZwTerminateProcess
SSDT 876E78A0 ZwTerminateThread
SSDT 876E4C88 ZwUnmapViewOfSection
SSDT 876E4518 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C41A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7B212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82C82470 8 Bytes [10, 9F, 6E, 87, D0, 9F, 6E, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C82488 4 Bytes [E8, 45, 6E, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C82528 4 Bytes [88, 95, 69, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C82564 4 Bytes [60, 9C, 6E, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82C82598 4 Bytes [D0, 42, 6E, 87]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9AA15320, 0x3F5147, 0xE8000020]
? C:\Users\Brian\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2380] kernel32.dll!SetUnhandledExceptionFilter 76ABF4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, 44, 6C, 00] {SUB [ESP+EBP*2+0x0], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, 47, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, 44, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, 45, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EBCA28 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, 46, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, 45, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, 46, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EBCAB9 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, 44, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EBCC77 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, 45, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, 46, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, 47, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, B8, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, BB, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, B8, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, B9, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EB9F9C C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, BA, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, B9, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, BA, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EBA02D C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, B8, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EBA1EB C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, B9, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, BA, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, BB, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, EC, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, EF, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, EC, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, ED, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EB75D0 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, EE, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, ED, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, EE, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EB7661 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, EC, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EB781F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, ED, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, EE, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, EF, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, 9C, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, 9F, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, 9C, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, 9D, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EBF680 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, 9E, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, 9D, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, 9E, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EBF711 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, 9C, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EBF8CF C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, 9D, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, 9E, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, 9F, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, F0, 08, 01] {SUB AL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, F3, 08, 01] {SUB BL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, F0, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, F1, 08, 01] {TEST AL, 0xf1; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EC66D4 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, F2, 08, 01] {TEST AL, 0xf2; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, F1, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, F2, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EC6765 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, F0, 08, 01] {TEST AL, 0xf0; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EC6923 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, F1, 08, 01] {SUB CL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, F2, 08, 01] {SUB DL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, F3, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, 98, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, 9B, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, 98, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, 99, 38, 00] {TEST AL, 0x99; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EB967C C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, 9A, 38, 00] {TEST AL, 0x9a; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, 99, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, 9A, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EB970D C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, 98, 38, 00] {TEST AL, 0x98; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EB98CB C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, 99, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, 9A, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, 9B, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{1B8BAB00-0D0D-11E0-9DB7-806E6F6E6963} 16162900264
---- EOF - GMER 2.1 ----