It started about 2 days ago with my Google chrome redirecting and my MSE/windows firewall were no longer working when I tried to check on them. My boyfriend and I were trying to fix this because we didn't know it was a rootkit at the time. So I couldn't use the web browser or else I kept getting redirected. Skype/aim still worked so he sent me the mse.exe and the lines of command for resetting the firewall. I re installed MSE and it seems to be working fine. I also re installed/reset the windows firewall through the command prompt and that seems to working fine. He then sent me mbam.exe so I ran that as well as what he gave me next; combofix and tdsskiller. Yeah, I didn't know I shouldn't run those without someone that actually knows what they are doing to tell me to do so. My bad. Combofix is the one that is identifying the rootkit over and over again(I did run it w/o mbam and mse protection). TDSSkiller found 3 things and got rid of them. Those 2 seemed to have gotten rid of parts of the rootkit but not all. The reason I say that is because Google is no longer redirecting. Since I am using the sick computer to post with. I've also deleted combofix and tdsskiller just in case they might have messed up Gmer.
I am now having a problem not being able to download DDS so I can get the log it creates. I went to the bleeping computer site and it wasn't starting automatically or when I clicked for it to start and now it's giving me an error saying "[FONT=arial]There appears to be an error with the application [/FONT][FONT=arial]
You can try to refresh the page by clicking [/FONT][FONT=arial]here[/FONT][FONT=arial], if this does not fix the error, you can contact the board administrator by clicking [/FONT][FONT=arial]here[/FONT][FONT=arial] [/FONT]
[FONT=arial]We apologise for any inconvenience"[/FONT].
Anyways here's the mbam log and Gmer log at least.
Do you want the mbam log from 2 days ago with what it found?
Thanks in advance!
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.25.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin1 :: DH7VCF91 [administrator]
Protection: Enabled
6/25/2012 7:55:18 PM
mbam-log-2012-06-25 (19-55-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275665
Time elapsed: 9 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-25 19:43:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZH10
Running: d4c1iup5.exe; Driver: C:\DOCUME~1\Admin1\LOCALS~1\Temp\pwlyapod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB620A3C0, 0x9B091A, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91091A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91098B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910AB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003A0010
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
I am now having a problem not being able to download DDS so I can get the log it creates. I went to the bleeping computer site and it wasn't starting automatically or when I clicked for it to start and now it's giving me an error saying "[FONT=arial]There appears to be an error with the application [/FONT][FONT=arial]
You can try to refresh the page by clicking [/FONT][FONT=arial]here[/FONT][FONT=arial], if this does not fix the error, you can contact the board administrator by clicking [/FONT][FONT=arial]here[/FONT][FONT=arial] [/FONT]
[FONT=arial]We apologise for any inconvenience"[/FONT].
Anyways here's the mbam log and Gmer log at least.
Do you want the mbam log from 2 days ago with what it found?
Thanks in advance!
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.25.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin1 :: DH7VCF91 [administrator]
Protection: Enabled
6/25/2012 7:55:18 PM
mbam-log-2012-06-25 (19-55-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275665
Time elapsed: 9 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-25 19:43:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZH10
Running: d4c1iup5.exe; Driver: C:\DOCUME~1\Admin1\LOCALS~1\Temp\pwlyapod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB620A3C0, 0x9B091A, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91091A
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91098B
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910AB9
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 33, 00]
.text C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003A0010
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----