Для дома и для офисаДля бизнесаПартнерыКлубО компании

How to Remove TROJ_ISAPASS.A

Trojans is one of the most wide-spread threat in the internet. They can spread in lot of ways (torrents, e-mail attachments, video codecs etc.). TROJ_ISAPASS.A as well as any other trojan can harm your PC in different ways. Originally, trojans stole just your e-mail contacts and some personal data. Nowadays, they can steal any type of private information, being serious threat. In this tutorial we will show how to deal with TROJ_ISAPASS.A detect and remove it from your PC.

Choose option :

* TROJ_ISAPASS.A description and technical details.

* Manual removal of TROJ_ISAPASS.Al.

* Download tool that will solve your problem automatically.

* Professional support that will help you remove TROJ_ISAPASS.A from our Security Support Team.

The actions that a computer burglar can perform are narrowed by user privileges or TROJ_ISAPASS.A removal tool on the target PC and design of TROJ_ISAPASS.A itself. TROJ_ISAPASS.A can use computer as part of a botnet to perfect spamming or attacks so it's needful to have a comely TROJ_ISAPASS.A removal tool installed to remove TROJ_ISAPASS.A. On default system hides the last file extension of a computer file, so even non-malicious PC files can really be TROJ_ISAPASS.As obligatory to be deleted by TROJ_ISAPASS.A removal tool. Yet if the computer file comes from a friend you still need to be sure what the computer file is before opening as it can be TROJ_ISAPASS.A pest. If you like to perform a lot of TROJ_ISAPASS.A removal actions you can go to site location mentioned by uncos. Block the preview use in Outlook and other e-mail applications as they can be TROJ_ISAPASS.As.


Threat indicator: HIGH

Trojan's detail table

Trojan alias:

Executable file:

Threat class:

Affected OS:

TROJ_ISAPASS.A

ISASS.EXE

Trojan

Win32 (Windows 9x, Windows XP, Windows Vista, Windows Seven)



TROJ_ISAPASS.A infiltration

As we already said there numerous ways trojan can get to your PC from the internet. TROJ_ISAPASS.A copies its file(s) to your hard disk. File name typical to TROJ_ISAPASS.A is ISASS.EXE. Then it runs itself and creates new startup key in registry with name TROJ_ISAPASS.A and value ISASS.EXE. If you will look into running processes list you will see some extra process with name like ISASS.EXE or any random name that uses decent amount of your CPU.

If you would like to remove TROJ_ISAPASS.A use TROJ_ISAPASS.A Removal Tool (see below)

Automatic Trojan Removal

So what is TROJ_ISAPASS.A Removal Tool? Basically, it is the tool that will remove every file and registry key that was created by TROJ_ISAPASS.A. It was created after analyzing all versions and types of this threat on test PCs and every file and key was added to the database. Removal Tool is updated regularly to make sure it can remove latest versions of TROJ_ISAPASS.A. If you already our customer (purchased any product of ours previously) you can request this tool for free in the form below providing your orger number in description:

Download FREE TROJ_ISAPASS.A Removal ToolDownload FREE TROJ_ISAPASS.A Removal Tool

Please take 1 second to show that you like our solution - click on this Facebook button:

How to remove TROJ_ISAPASS.A manually?

During all time since adding TROJ_ISAPASS.A to our database we track it changes and add them in the list below, removing files mentioned from your hard drive and deleting them from starup list and also unregistering all corresponding DLLs will result cleaning your computer drom the trojan. But also, missing DLL's that can be removed or corrupted by TROJ_ISAPASS.A should be restored from your Windows CD .

So, here is the simple process to remove TROJ_ISAPASS.A:

1. Delete following processes form startup and files from your hard drive:

no information

2. Delete the following folders that are assosiated with TROJ_ISAPASS.A:

no information

3. Finally, remove this registry keys:

  • Key: Software\Microsoft\Windows\CurrentVersion\RunOnce
    Value: Anti
  • Key: Software\Microsoft\Windows\CurrentVersion\RunOnce
    Value: InternetSecurityAssistant
  • Key: Software\Microsoft\Windows\CurrentVersion\RunOnce
    Value: Isass
  • Key: Software\Microsoft\Windows\CurrentVersion\RunOnce
    Value: NvMsnW

Warning: Sometimes, trojan can use system file names or randomly generated names for its executable. We recommend you to use FREE TROJ_ISAPASS.A Removal Tool for safe problem solution.

Download FREE TROJ_ISAPASS.A Removal ToolDownload FREE TROJ_ISAPASS.A Removal Tool


If you are already our customer or you have additional questions ask our support team for help in removing TROJ_ISAPASS.A!

Write a few words of how you got TROJ_ISAPASS.A with all circunstances in the form below. Our support team open support ticket for you in an hour and we will start solving your problem with TROJ_ISAPASS.A. Attach suspicious files that you see that possibly a part of TROJ_ISAPASS.A.

Click to ask professional of TROJ_ISAPASS.A solution

Describe your problem here and we'll contact you in several minutes:

We'll reply you in 10 minutes or less
* Your Name:
* Your E-mail:
* Problem summary:
* Detailed description:
Attach suspicious file:
Here you can attach file you suspect to be virus or source of problem. If you want to attach several files, put them into one archive and attach it instead.

Click on this button to submit request.

Solution guaranteed!

 

It is important:

  1. We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you TROJ_ISAPASS.A removal solution.
  2. All fields of this form are obligatory.

Here are the descriptions of problems connected with TROJ_ISAPASS.A and ISASS.EXE we received earlier:

Problem Summary: isaac.exe

Problem Summary: Computer won\\\\\\\'t boot up because of isass.exe error\r\nI turned my computer on and it will get past the screen where the windows xp is \\\\\\\"loading\\\\\\\" , the exact error name is isass.exe application error. The application failed to initilize properly (0xc0000005). Once I click ok to terminate, the screen stays black. \r\n\r\n

Our support team contacted steve with the solution of the problem described.

Problem Summary: Computer won\'t boot up because of isass.exe error

Problem Summary: Computer won\\\\\\\'t boot up because of isass.exe error\r\nI turned my computer on and it will get past the screen where the windows xp is \\\\\\\"loading\\\\\\\" , the exact error name is isass.exe application error. The application failed to initilize properly (0xc0000005). Once I click ok to terminate, the screen stays black. \r\n\r\n

The problem of joe was resolved by our support team.

Problem Summary: password in isass.exe file

When turning on laptop, get an error: ISASS.EXEC: when trying to upload a PASSWORD, value of password is incorrect. Can\'t get to desktop at all. It keeps relooping. Thanks!

We examined this request and answered Brian Hart by email.

Problem Summary: A Virus has taken over my monitor controls. Right now it has remotely changed my on screen settings and disable it. I cant control it.

My monitor is dark now and I can hardly see the screen. I literally see the controls changing right before my eyes and I cant do a thing about it!\r\nI have an AOC monitor and I am using Radeon 9200 SE as my video software.\r\nPlease help me!

Reply of our support team was forwarded to Osric Griffiths via email.

Problem Summary: Computer won\'t go to log-in screen.

I try to turn my computer on and it will start its start-up process. Then it brings me to a black screen that says that Windows did not srat successfully. I can choose to start it in \"Safe Mode\", \"Safe Mode with Networking\", \"Safe Mode with Command Prompt\", \"Last Known Good Configuration\", or \"Start Windows Normally\". I\'ve tried all of these options and every one brings me to a black screen and a pop-up comes up saying \"services.exe - Application Error\" \"The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.\" I click ok and another pop-up comes up that says, \"Isass.exe - Application Error\" (or maybe it\'s lsass.exe \"The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.\" I click ok once again and then each pop-up comes up one more time. After clicking ok again for both pop-ups, my computer screen stays black, never doing anything more.

We worked out the solution of descirbed problem and sent our suggestions to Joe.

Problem Summary: I receive an error on boot up : \

I am running Windows XP SP2 and I cannot boot up my computer. I receive an error \"System Error insufficient system resouses exist to complete the API.\" I tried F8 key (Safe Mode) and nothing happens.

Herbie LoveBug received email with possible solutions of his problem.

Problem Summary: Lsass.exe system errer

When boot from 2003 server cd,there a win2003 installatin was detected, then i pressed R to begin reparing process,when the server restart the Lsass.exe system error occure.\r\n\r\nNote : \r\n-event id 1003 and 1168 was appesr in Dirctory Service Log.\r\n-Thers was no Backup for AD.\r\n\r\n\r\nPls Help as soon as.\r\n\r\nBest Regards

Several possible methods of solving the problem mentioned by opel were sent to the provided email address.

Problem Summary: Computer won\\\'t boot up because of isass.exe error

I turned my computer on and it will get past the screen where the windows xp is \\\"loading\\\" , the exact error name is isass.exe application error. The application failed to initilize properly (0xc0000005). Once I click ok to terminate, the screen stays black.

Our support team answered the request of Chris Cardone by email.

Problem Summary: Computer won\'t boot up because of isass.exe error

I turned my computer on and it will get past the screen where the windows xp is \"loading\" , the exact error name is isass.exe application error. The application failed to initilize properly (0xc0000005). Once I click ok to terminate, the screen stays black.

Tyler Patterson, please check your email for our answer.

Problem Summary: lsass.exe operation failed

lsass.exe operation failed message come out when i start Windows XP Pro.

Phyo Aung Hein, we sent the solution of this problem to your mailbox.

Problem Summary: Isass.exe - System Error 0xc0000022

when starting up windows xp system is stopping at point of putting in password. message comes up \'security accounts manager initialization failed because of the following error: Access is denied. Error status: 0xc0000022. Please click OK to shutdown this system and reboot into Safe Mode, check the event log for more detailed information.\' I have rebooted into safe mode but this only brings me to the same screen. I am connecting you via another computer. Please advise in \'idiot proof\' step by step form as i haven\'t got a clue what to do. thanks

Our support team contacted Mike McGann with the solution of the problem described.

Problem Summary: how to repair isass.exe

How to repair isass.exe shown in task manager

The problem of nitin was resolved by our support team.

Problem Summary: javascript will not work

I paid for the regcure.com download. My javascript will not let me ih facebook fafsa etc. Keeps tellling me I have it. But whenb I need to9 you is it is not there.

We examined this request and answered Jacque by email.

Problem Summary: i installed reg cure and my computer does not work any better

i start my computer it takes several tries to get the c omputer to get to my settings it tells me that the network connections object can\'t be found. it also says isass.exe is not found . my dell 940 printer will not work i tried to reinstall with original driver and it says an error happened when trying to install i retried several times same thing happened. i run the reg cure but each time i run the program it finds over 100 errors i teel it to fix and it says it has then i run the scan again and same problems only fewer then i can finally get on the int until the following day then it\'s the same all over again .please tell me what to do i don\'t know if i,m doing something wrong or not please help me if you can

Reply of our support team was forwarded to danna via email.

Problem Summary: Isass.exe failed operations error message on boot

Same problem as everyone else with isass.exe error message which sits there with a black screen. After an hour or so of trying various ways to get the system back, I can eventually get it back into safe mode.
Please help.

We worked out the solution of descirbed problem and sent our suggestions to Art Long.

Problem Summary: Problem Summary: Isass.exe - Operation failed error on booting

Isass.exe - Operation failed error on booting win 2003 serv

Shameer received email with possible solutions of his problem.

Problem Summary: Isass.Exe-System Error

Can\'t open my Dell 8400 (Microsoft XP Home Edidtion)without getting this message. Keeps rebooting and sending same message.

Several possible methods of solving the problem mentioned by jim were sent to the provided email address.

Problem Summary: Isass.exe - Application Error

When I start my PC, I get a window that says Isass.exe-Application Error

The application failed to initialize properly (0xc0000005)

Click to terminate the application.

I get this message box twice, click to teminate, then just a black screen, but I can see the pointer cursor.

Our support team answered the request of William McAndrews by email.

Problem Summary: windows wont boot.error message: isass.exe operation failed

First I picked up the spy program \"winpcdefender\".Trying to install kaspersky internet security 2009 caused windows XP to shut down. Attempts to reboot were unsuccessful, and the error message appeared.

Paul Curtin, please check your email for our answer.

Problem Summary: Isass.exe application error

Hi when I boot computer it says ( Isass.exe-Application Error )

( The application failed to initialize properly (0xc0000005), Click to OK to terminate the application ) Then a black screen can not use safe mode or last known good configuration can not get in pc, do you have any suggestions on how to fix this? Is this caused by a virus? Thank you very much for any help you can give me.

Dori Palensky, we sent the solution of this problem to your mailbox.

Problem Summary: isass.exe

i have a problem with trying to start my daughters new computer
even in safe mode. it wont start up windows and a box pops up saying \" isass.exe - system error.

i have a \" clean laptop \" upstairs an am able to download an antivirus software ... how do i get my daughters computer to get past windows even in safe mode

thanks chris

Our support team contacted chris with the solution of the problem described.

Problem Summary: isass.exe

my pc will not boot it has the error isass.exe erroe

The problem of Terrie was resolved by our support team.

Problem Summary: isass.exe PROBLEM

HELP......... my PC will not load due to the above issue please help....

We examined this request and answered Terrie by email.

Problem Summary: hp pavillian dv9000-xp pro

isass.exe-system error

when i turn on my laptop

Reply of our support team was forwarded to GERMY via email.

Problem Summary: Deleted system32/lsass

I thought I was deleting the isass virus, but must have deleted the lssas file. Upon boot up, the windows xp screen comes up but then goes to a black screen with the mouse pointer in the middle and sits there until I turn off the computer. How can I get to windows if I deleted an essential file?

We worked out the solution of descirbed problem and sent our suggestions to Rob Forster.

Problem Summary: Deleted system32/lsass

I thought I was deleting the isass virus, but must have deleted the lssas file. Upon boot up, the windows xp screen comes up but then goes to a black screen with the mouse pointer in the middle and sits there until I turn off the computer. How can I get to windows if I deleted an essential file?

Rob Forster received email with possible solutions of his problem.

Problem Summary: Deleted system32/lsass

I thought I was deleting the isass virus, but must have deleted the lssas file. Upon boot up, the windows xp screen comes up but then goes to a black screen with the mouse pointer in the middle and sits there until I turn off the computer. How can I get to windows if I deleted an essential file?

Several possible methods of solving the problem mentioned by Rob Forster were sent to the provided email address.

Problem Summary: pdf and java

1.I cannot download PDF files.Everytime I try to download a file I get message to send a report to microsoft. If send the computer freezes If ticked box dont sent computer alright.I have now changed ACRO Pdf 1 values to 00000000 in the registry and now when I try to download a pdf file my documents screen appears but I can only save it in my documents and then open my documents and read it.I cannot run it in the documents download screen.The problem of immediate download of pdf files remains.
2. When I download the Trinidad express newspaper I get small black block screen across the top of the paper.In a blue band at the top of the black screen is written C;Program Files/Java/Jre6/bin/Java.exe,At the same time the Java icon appears on the lower right side in the task bar on my desk top. When I close the black box the box and the icon disappears the paper remains and is readable.

Our support team answered the request of George Marques by email.

Problem Summary: Isass.exe

Windows XP operating system boots up as usual and then stops at the blue scree with the error message:
Isass.exe Security Acounts Manager utilization failed because of the following error. A device attached to this system is not functioning. Error status: 0xc0000001. Shut down and reboot into safe mode, check event log for more detailed message.

When I attempt safe mode, it completes the same exact boot up process ending with the same exact error message.

saidy, please check your email for our answer.

Problem Summary: isass.exe application error

when i boot my computer windows xp shows up and then i get error message saying isass.exe application error comes up asks if i want to continue or cancel and then screen freezes

airan, we sent the solution of this problem to your mailbox.

Problem Summary: ctfmon.exe error 0xc0000022

also have a problem with cd drive, it will not install or load programs

Our support team contacted Joan Dewind with the solution of the problem described.

Problem Summary: isass.exe error

Everytime i turn on my computer, windows xp shows then this error isass.exe comes up and ask if i want to continue or cancel. Either one, then the computer freezes up?

The problem of joe was resolved by our support team.

Problem Summary: can not boot into windows

The instruction at \"0x00401082\" refereded memory at \"0x00000000\" ...
isass.exe application error
can not boot into windows XP
asks to debug or exit. Either selection just leaves me with a black screen

We examined this request and answered Michael S. King by email.

Problem Summary: system error code 0 Isass.exe

when i run SuperAntiSpyware when it starts to quarintine and remove the viruses a window pops up and says Isass.exe or lsass.exe has stoped and will now shutdown system error code 0

Reply of our support team was forwarded to jacob via email.

Problem Summary: I am receiving ISass.exe Application Error when I boot

Hi,
My computer all of a sudden locked up yesterday so I did a reboot. When the reboot began, I received the following error. Isass.exe- Application Erro. The instruction at \"0x00401082\" referenced memory at \"oxooooooo\" The memory could not be \"written\". The computer boots to a black screen. It will not boot up in safe mode either. Could this be caused by a virus?

We worked out the solution of descirbed problem and sent our suggestions to Stephanie Dodd.

Problem Summary: Isass.exe problem

I keep receiving an isass.exe application error. And after choosing either OK or Cancel all I get is a black screen.

Chio received email with possible solutions of his problem.

Problem Summary: isass.exe problem

I\'m getting an isass.exe application error when I boot my desktop and regardless whether I click ok or cancel, my desktop will not boot and I continue to get the same message over and over again

Several possible methods of solving the problem mentioned by Chris were sent to the provided email address.

Problem Summary: Isass.exe - application error \"0x00401082\"

Not able to boot pc. I get this error in a box:

Isass.exe - application Error
The instruction at \"0x00401082\" referenced memory at could not be written \"0x00000000\"

When I click on ok to terminate program or cancel to debug program nothing happens.

Please send insturctions to correct problem

Thank you!

Our support team answered the request of Abraham by email.

Problem Summary: It restart the computer

the isass.exe It restart the computer with windows xp

Alberto, please check your email for our answer.

Problem Summary: computer shutdown

when run comand prompt, run cmd and also run my \"lisp command file\" in cadian application, my computer shutdown

majid, we sent the solution of this problem to your mailbox.

Problem Summary: isass.exe password problem

isass.exe password problem pop up in my laptop and if i press ok or the x for close it my computer restarts, and i get the same note all over again and again.

Our support team contacted kiel with the solution of the problem described.

Problem Summary: Isass.exe - Operation failed error on booting win 2003 serv

After downgraded my laptop to Win 2003 server from Vista (RESTORED my desktop backup with win 2003 server & an associated server application using Acronics total 204GB), I am getting an error as follows.

Message Heading: Isass.exe - Operation failed
Message Body: The requested operation is Unsuccessful. With an OK Push Button.

When my computer boots up with win 2003 server, it flashes up the above error and automatically restart the computer. This cycle repeates till I shut off my laptop. This laptop has Intel PM45 chipset.

Thank you.

The problem of Renga Gopal was resolved by our support team.

Problem Summary: issas.exe system error

during start up that error comes up and i click ok then it will just reboot even in safe mode of any other start up methods.

We examined this request and answered Trevor by email.

Problem Summary: isass.exe-operation failed

isass.exe unable to load recovery program

Reply of our support team was forwarded to Rick Rockwell via email.

Problem Summary: \"Insufficient system resources exist to complete the API\".

i am using Windows XP. Everytime i turn on this pc, it pops up a window that says \"Insufficient system resources exist to complete the API\". When i click OK, it just go into endless loop. I can\'t get into Windows XP and do anything.

We worked out the solution of descirbed problem and sent our suggestions to sam.

Problem Summary: ISSAC.exe error showing while booting

My system is not booting after sometimes it displaying a dialog box ISSAC.exe error message.

Selvakumar G received email with possible solutions of his problem.

Problem Summary: Trojans and other viruses

i have a \'Heur.Trojan.Generic\' virus in my system process named lsass.exe
My Kaspersky v8.0.0505 has detected it but is unable to take any action
plz help ........wen i tried to end the process the comp shuts down.Nowadays the shutting down problem is getting very acute and the comp keeps on getting hanged(frozen).
When i tru to end the the Lsass.exe process the sysem shuts down and i cant delete it from system32 because the fike is in use
it is affecting different dlls in my system32 folder


Also i have been getting a lot of pop-ups in internet explorer which i cannot stop.the virus is in the Temporary folder and in the add-ons folder(as detected by kaspersky

there are viruses in \'Internet Browser Help Objects\' and the Browser add-ons.I cannot use Internet Explorer because there are many pop-ups named\'Free Antivirus removal tools\' which even if i cancel redirects me into another site



Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 12:17:37 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\PROGRA~1\\COMMON~1\\Stardock\\SDMCP.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\igfxtray.exe
C:\\WINDOWS\\system32\\hkcmd.exe
C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\WINDOWS\\VMSnap1.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe
C:\\Program Files\\AnVir Task Manager Pro\\AnVir.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe
C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\PROGRA~1\\SPEEDB~1\\VideoAcceleratorService.exe
C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\PROGRA~1\\SPEEDB~1\\VideoAcceleratorEngine.exe
C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe
C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe
C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.co.in/ig?hl=en&source=iglk
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,AutoConfigURL = file://C:\\PROGRA~1\\SPEEDB~1\\vaproxy.pac
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = 172.100.*.*
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\\Program Files\\HP\\Smart Web Printing\\hpswp_framework.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\\WINDOWS\\system32\\nnnMGwuV.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A35BF570-630A-4290-9A58-11CD700D621B} - C:\\WINDOWS\\system32\\rqRlMdca.dll (file missing)
O2 - BHO: (no name) - {C0BBC7BB-523B-4B9F-BCE2-6AA1B380401D} - C:\\WINDOWS\\system32\\ddcDvwxv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [googletalk] C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart
O4 - HKLM\\..\\Run: [Synchronization Manager] %SystemRoot%\\system32\\mobsync.exe /logon
O4 - HKLM\\..\\Run: [SpeedBitVideoAccelerator] \"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe\"
O4 - HKLM\\..\\Run: [HP Software Update] C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [VMSnap1] C:\\WINDOWS\\VMSnap1.exe
O4 - HKLM\\..\\Run: [NSLauncher] C:\\Program Files\\Nokia\\Nokia Software Launcher\\NSLauncher.exe /startup
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\\..\\Run: [AVP] \"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe\"
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [MsnMsgr] \"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background
O4 - HKCU\\..\\Run: [Google Update] \"C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c
O4 - HKCU\\..\\Run: [AnVir Task Manager Pro] \"C:\\Program Files\\AnVir Task Manager Pro\\AnVir.exe\" Minimized
O4 - HKUS\\S-1-5-18\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe (User \'SYSTEM\')
O4 - HKUS\\S-1-5-18\\..\\RunOnce: [FlashPlayerUpdate] C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9e.exe (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe (User \'Default user\')
O4 - HKUS\\.DEFAULT\\..\\RunOnce: [FlashPlayerUpdate] C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9e.exe (User \'Default user\')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\\Program Files\\HP\\Smart Web Printing\\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\\Program Files\\HP\\Smart Web Printing\\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O15 - Trusted Zone: http://www.meragana.com
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.zapak.com/games/702/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.19/uploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.zapak.com/games/215/DinerDash2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188003636984
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.zapak.com/games/300/ddfotg.1.0.0.33.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.zapak.com/popcaploader/popcaploader_v10.cab
O20 - AppInit_DLLs: jggbek.dll gtqdlb.dll oofgfd.dll lyjdcu.dll figoqz.dll nlizud.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll jvixgu.dll xqejkx.dll rjisrc.dll nyzzbx.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\\Program Files\\Norton2009Reset.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\\PROGRA~1\\SPEEDB~1\\VideoAcceleratorService.exe

--
End of file - 9811 bytes




GMER 1.0.14.14536 - http://www.gmer.net


Rootkit scan 2008-11-08 12:27:39
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAAC2F224]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xAAC2F7F8]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xAAC31234]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xAAC30BE6]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xAAC2E99A]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAAC32BC6]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xAAC2F5F8]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xAAC2EDDC]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xAAC2EFDC]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xAAC30EF6]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xAAC330CE]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xAAC2F0F2]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xAAC2F15A]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xAAC30DA8]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xAAC3266A]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xAAC30A42]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xAAC2EAFC]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xAAC2F3FC]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xAAC32BF0]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xAAC2F348]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xAAC2F1C2]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xAAC2EEC6]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xAAC2ECA4]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xAAC328D2]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xAAC2E61C]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xAAC31ABE]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xAAC2E77E]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xAAC32FA0]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xAAC2E41A]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xAAC310D6]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xAAC2F6F6]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xAAC32764]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xAAC32C1A]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xAAC2EB52]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xAAC32CFE]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xAAC32E2A]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xAAC32596]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xAAC2F4C8]
SSDT \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xAAC2F53A]

INT 0x62 ? 82FDEBF8
INT 0x63 ? 82DC9BF8
INT 0x73 ? 82DC9BF8
INT 0x82 ? 82FDEBF8
INT 0x83 ? 82DC9BF8
INT 0xB4 ? 82DC9BF8

Code \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous





---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF74 5 Bytes JMP AAC46874 \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF902 5 Bytes JMP AAC46C2E \\SystemRoot\\system32\\DRIVERS\\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [ FE, 2C, C3, AA, 2A, 2E, C3, ... ]
? sppu.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F73B08AC 5 Bytes JMP 82DC91D8
.text aqempw94.SYS F72EA384 1 Byte [ 20 ]
.text aqempw94.SYS F72EA386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text aqempw94.SYS F72EA3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text aqempw94.SYS F72EA3C4 3 Bytes [ 00, 00, 00 ]
.text aqempw94.SYS F72EA3C9 1 Byte [ 00 ]
.text ...

---- User code sections - GMER 1.0.14 ----

? C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe[600] C:\\WINDOWS\\system32\\kernel32.dll time/date stamp mismatch;
.text C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe[600] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ]
? C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe[892] C:\\WINDOWS\\system32\\kernel32.dll time/date stamp mismatch;
.text C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe[892] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[1984] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2148] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[2604] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 15, 00 ]
.text C:\\Documents and Settings\\ecgc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe[3896] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ]





---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F82B7046] sppu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F82B7142] sppu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F82B70C4] sppu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F82B77CE] sppu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F82B76A4] sppu.sys
IAT \\SystemRoot\\system32\\DRIVERS\\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82C2D7A] sppu.sys
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \\SystemRoot\\System32\\Drivers\\aqempw94.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \\SystemRoot\\system32\\DRIVERS\\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7BEBDF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \\SystemRoot\\system32\\DRIVERS\\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7BEBDF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)





---- Devices - GMER 1.0.14 ----

Device \\FileSystem\\Ntfs \\Ntfs 82FDD1F8
Device \\Driver\\Tcpip \\Device\\Ip sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \\Driver\\Tcpip \\Device\\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \\Driver\\usbuhci \\Device\\USBPDO-0 82DC81F8
Device \\Driver\\dmio \\Device\\DmControl\\DmIoDaemon 82F701F8
Device \\Driver\\dmio \\Device\\DmControl\\DmConfig 82F701F8
Device \\Driver\\dmio \\Device\\DmControl\\DmPnP 82F701F8
Device \\Driver\\dmio \\Device\\DmControl\\DmInfo 82F701F8
Device \\Driver\\usbuhci \\Device\\USBPDO-1 82DC81F8
Device \\Driver\\usbuhci \\Device\\USBPDO-2 82DC81F8
Device \\Driver\\usbuhci \\Device\\USBPDO-3 82DC81F8
Device \\Driver\\usbehci \\Device\\USBPDO-4 82D9A500
Device \\Driver\\NetBT \\Device\\NetBT_Tcpip_{52C00A51-2981-4B3C-B019-3EBEF373B8A8} 82BCA500
Device \\Driver\\Tcpip \\Device\\Tcp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \\Driver\\Tcpip \\Device\\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \\Driver\\Ftdisk \\Device\\HarddiskVolume1 82FDF1F8
Device \\Driver\\Ftdisk \\Device\\HarddiskVolume2 82FDF1F8
Device \\Driver\\Cdrom \\Device\\CdRom0 82D7D1F8
Device \\Driver\\Cdrom \\Device\\CdRom1 82D7D1F8
Device \\Driver\\Cdrom \\Device\\CdRom2 82D7D1F8
Device \\Driver\\NetBT \\Device\\NetBt_Wins_Export 82BCA500
Device \\Driver\\NetBT \\Device\\NetbiosSmb 82BCA500
Device \\Driver\\USBSTOR \\Device\\00000079 82D52500
Device \\Driver\\PCI_PNP9300 \\Device\\0000004e sppu.sys
Device \\Driver\\Tcpip \\Device\\Udp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \\Driver\\Tcpip \\Device\\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \\Driver\\Tcpip \\Device\\RawIp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \\Driver\\Tcpip \\Device\\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \\Driver\\usbuhci \\Device\\USBFDO-0 82DC81F8
Device \\Driver\\sptd \\Device\\1468925550 sppu.sys
Device \\Driver\\USBSTOR \\Device\\0000007a 82D52500
Device \\Driver\\usbuhci \\Device\\USBFDO-1 82DC81F8
Device \\FileSystem\\MRxSmb \\Device\\LanmanDatagramReceiver 82D55500
Device \\Driver\\Tcpip \\Device\\IPMULTICAST sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \\Driver\\usbuhci \\Device\\USBFDO-2 82DC81F8
Device \\FileSystem\\MRxSmb \\Device\\LanmanRedirector 82D55500
Device \\Driver\\usbuhci \\Device\\USBFDO-3 82DC81F8
Device \\Driver\\usbehci \\Device\\USBFDO-4 82D9A500
Device \\Driver\\Ftdisk \\Device\\FtControl 82FDF1F8
Device \\Driver\\aqempw94 \\Device\\Scsi\\aqempw941Port2Path0Target0Lun0 82D542D0
Device \\Driver\\aqempw94 \\Device\\Scsi\\aqempw941 82D542D0
Device \\FileSystem\\Cdfs \\Cdfs 82D5F500






---- Registry - GMER 1.0.14 ----

Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0xD5 0xC2 0x90 ...
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh 0x33 0x0F 0xEC 0x93 ...
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40
Reg HKLM\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40@khjeh 0x81 0xFD 0xDD 0x39 ...
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0xD5 0xC2 0x90 ...
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh 0x33 0x0F 0xEC 0x93 ...
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40@khjeh 0x81 0xFD 0xDD 0x39 ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0xD5 0xC2 0x90 ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh 0x33 0x0F 0xEC 0x93 ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40@khjeh 0x81 0xFD 0xDD 0x39 ...
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0xD5 0xC2 0x90 ...
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh 0x33 0x0F 0xEC 0x93 ...
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40
Reg HKLM\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40@khjeh 0x81 0xFD 0xDD 0x39 ...
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0xD5 0xC2 0x90 ...
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh 0x33 0x0F 0xEC 0x93 ...
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40
Reg HKLM\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40@khjeh 0x81 0xFD 0xDD 0x39 ...
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s1 771343423
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s2 285507792
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@h0 1
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0xD5 0xC2 0x90 ...
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh

Several possible methods of solving the problem mentioned by Nishant Nair were sent to the provided email address.

Problem Summary: system slow and hang on startup

my system work very slow and hand on startup what can i do?

Our support team answered the request of GAGAN by email.

Problem Summary: WONT BOOT UP XP PROBLEM WITH ISASS.EXE

THATS ALL OF IT
MRN

MERLE NELSON, please check your email for our answer.

Problem Summary: Win XP hang up \"lsass.exe\" error

Hi,

My name is Florin and I have the following error.
When trying to boot my PC it hangs after the Win XP logo appears on the screen and the following pop-up error appears : \"lsass.exe - Insufficient system resources exist to complete the API\".
I\'ve tried to boot in Safe Mode but it doesn\'t work, the system reboots automaticaly.
I\'ve read that the problem could be a lack of memory/space but all the solutions involed running several things from within the WINDOWS (which does not start ... so I can\'t apply any of those).
One other thing is that when I entered BIOS at the system CPU speed I had a very nasty message \"During last boot, your system hung for an improper CPU speed. It\'s now running in Safe Mode. Make sure the CPU speed conforms to the specifications.\"
Are these two error related somehow?

Please let me know if there\'s any chance I can do smoething about it!

Your help is highly appreciated.

Thanks

Florin, we sent the solution of this problem to your mailbox.

 

Узнать больше о TROJ_ISAPASS.A и ISASS.EXE »

« Вернуться в каталог