Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
This topic is locked
I had the Smart HDD virus infect my computer about a week ago and I thought I had it removed using your "Remove Smart HDD (Uninstall Guide)", but it came back. I have since tried a few additional things reading the forums, short of using Combofix, because I did not want to take a chance on doing this without expert help(per your advice). At this point I am afraid to use the computer because it may still be there, ready to reactivate itself. The reason I believe this is because of an ESET scan that came back with 8 items that it was unable to clean. There is not much else I can do, but to request help from this incredibly generous and helpful community.
I reviewed your "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and the following is the requested log information from DDS, GMER, and also ESET.
Thank you in advance for your help!
DDS log contents:
---------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Evaluseek Publishing at 17:58:22 on 2012-09-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2019 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\TuneClone\TuneClone.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\InstantEyedropper\InstantEyedropper.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uSearch Bar = res://c:\windows\downloaded program files\CopernicMeta.dll/SearchBar_htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {de09d68e-0488-4df0-bd46-5bf35f2d1f2a} - c:\windows\downlo~1\COPERN~1.DLL
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 6\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Copernic Meta: {f79ad27f-8140-4e33-8b1d-c4fc6b663cca} - c:\windows\downloaded program files\CopernicMeta.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 6\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Copernic Meta: {1c6c294b-8c56-48fa-b4d7-2132fbde8668} - c:\windows\downloaded program files\CopernicMeta.dll
EB: Copernic Agent Results (Meta): {7c684fb9-d59e-4e84-9356-c7f53db0c44e} - c:\windows\downloaded program files\CopernicMeta.dll
EB: Copernic Meta: {f79ad27f-8140-4e33-8b1d-c4fc6b663cca} - c:\windows\downloaded program files\CopernicMeta.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [pdfSaver3] "c:\program files\mindjet\mindmanager 7\pdf-xchange\pdfsaver\pdfSaver3.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Google Update] "c:\documents and settings\evaluseek publishing\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [instanteyedropper] "c:\program files\instanteyedropper\InstantEyedropper.exe"
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.2; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\nero\lib\NeroCheck.exe"
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [FinePrint Dispatcher v5] "c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe" /source=HKLM
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [OSSelectorReinstall] "c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe"
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [pdfSaver3]
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [c:\program files\free video zilla\FVZilla.exe]
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 7\MMReminderService.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TuneClone] c:\program files\tuneclone\TuneClone.exe /silence
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Search Using Copernic Meta - c:\windows\downloaded program files\CopernicMeta.dll/HTML/SearchExt
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: ICF.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Copernic Meta - file:///C:/DOCUME~1/EVALUS~1/LOCALS~1/Temp/CopernicMeta0000.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://www.aventuratechnologies.com/livedemo/WebClient.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} - hxxps://www.acsenterprisesystem.com/CAB%20and%20license%20files/SPR32X60.cab
DPF: {57B2CA01-6C40-44BB-9FCC-BFA7FADAA6E3} - hxxp://images.sightspeed.com/files/sightspeed_ssam_install.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192202157593
DPF: {73B1BB72-18BB-41AE-B53C-43704B5B5315} - hxxp://video.envysion.com/jslib/controller/EnvysionCtrl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c12/v19.111/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.internetvideorecorder.net/activex/AxisCamControl.cab
DPF: {94BAAD53-7450-4403-9A1D-24601D64052B} - hxxp://www.vmscctv.com/Libraries/WDVRViewerX.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://70.107.225.97/program/SonySncRz25View.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://webcam.geovision.com.tw/cab/OCXChecker_8198.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kekaha.senterkauai.com:91/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} - hxxps://www.acsenterprisesystem.com/Reserved.ReportViewerWebControl.axd?ReportSession=k2pto2553fegss2wmmt3hl55&ControlID=4a4284877f8544c4bf48676f886d6013&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://webcam.geovision.com.tw/cab/DownloadCenter_8200.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28F33A06-D20A-4A19-B804-47F2A838E2B1} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - c:\windows\downlo~1\COPERN~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\evaluseek publishing\application data\mozilla\firefox\profiles\8mxc84w1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\evaluseek publishing\application data\mozilla\firefox\profiles\8mxc84w1.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\evaluseek publishing\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2009-12-8 20352]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-29 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-29 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-29 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-29 83392]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-30 655944]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-8-6 241424]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-3-17 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-30 22344]
S0 jjbrp;jjbrp;c:\windows\system32\drivers\bedel.sys --> c:\windows\system32\drivers\bedel.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c99dd99197dde3;Google Update Service (gupdate1c99dd99197dde3);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-9 129976]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zlportio;zlportio;\??\c:\program files\ultrastar deluxe\zlportio.sys --> c:\program files\ultrastar deluxe\zlportio.sys [?]
.
=============== Created Last 30 ================
.
2012-09-03 20:16:23 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\f-secure
2012-09-03 20:16:08 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2012-09-03 20:03:59 -------- d-----w- c:\documents and settings\evaluseek publishing\local settings\application data\Sun
2012-09-03 20:02:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 20:02:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 19:58:53 -------- d-----w- c:\program files\ESET
2012-08-31 19:55:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 19:54:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 21:39:49 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\DVD Flick
2012-08-29 21:34:31 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2012-08-29 21:34:31 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2012-08-29 21:34:31 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2012-08-29 21:34:30 212240 ----a-w- c:\windows\system32\richtx32.ocx
2012-08-29 21:34:30 -------- d-----w- c:\program files\DVD Flick
2012-08-29 20:53:05 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\MPEG Streamclip
2012-08-29 15:25:53 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\Avira
2012-08-29 15:20:25 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-29 15:20:25 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-29 15:20:24 -------- d-----w- c:\program files\Avira
2012-08-29 15:20:24 -------- d-----w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2012-09-03 20:02:36 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-03 20:02:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-02 03:03:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 03:03:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 17:59:31.64 ===============
GMER log contents:
------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-07 13:53:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000070 ST3500630AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\EVALUS~1\LOCALS~1\Temp\fxldapoc.sys
---- System - GMER 1.0.15 ----
SSDT B86F4804 ZwClose
SSDT B86F47BE ZwCreateKey
SSDT B86F480E ZwCreateSection
SSDT B86F47B4 ZwCreateThread
SSDT B86F47C3 ZwDeleteKey
SSDT B86F47CD ZwDeleteValueKey
SSDT B86F47FF ZwDuplicateObject
SSDT B86F47D2 ZwLoadKey
SSDT B86F47A0 ZwOpenProcess
SSDT B86F47A5 ZwOpenThread
SSDT B86F4827 ZwQueryValueKey
SSDT B86F47DC ZwReplaceKey
SSDT B86F4818 ZwRequestWaitReplyPort
SSDT B86F47D7 ZwRestoreKey
SSDT B86F4813 ZwSetContextThread
SSDT B86F481D ZwSetSecurityObject
SSDT B86F47C8 ZwSetValueKey
SSDT B86F4822 ZwSystemDebugControl
SSDT B86F47AF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6685380, 0x5414D5, 0xE8000020]
? C:\DOCUME~1\EVALUS~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EEFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EF6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F09B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912AFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912B6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912C9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F3FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F46D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F59B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9102FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91036D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91049B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90FAFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FB6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FC9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912AFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912B6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912C9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 34, 00] {SUB [EAX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 34, 00] {SUB [EBX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 34, 00] {TEST AL, 0x1; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9109FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 34, 00] {TEST AL, 0x2; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910A6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 34, 00] {TEST AL, 0x0; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910B9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 34, 00] {SUB [ECX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 34, 00] {SUB [EDX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F8FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F96D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FA9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
Device \Driver\nvata \Device\00000070 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\nvata \Device\00000071 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\nvata \Device\00000074 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\nvata \Device\00000075 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\nvata \Device\NvAta0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\nvata \Device\NvAta1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\VClone \Device\Scsi\VClone1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\VClone \Device\Scsi\VClone1Port3Path0Target0Lun0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
ESET log contents:
------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed24070298689c4b8ab33c232604005e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-01 08:40:21
# local_time=2012-09-01 04:40:21 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 79493362 79493362 0 0
# compatibility_mode=1792 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=533594
# found=8
# cleaned=0
# scan_time=43316
C:\Documents and Settings\Evaluseek Publishing\Application Data\Sun\Java\Deployment\cache\6.0\41\29d614a9-43e36207 Java/Exploit.CVE-2012-4681.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Downloaded Installations\{03684A14-B722-4564-909D-EFD641C97101}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Laplink\PCmover\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Downloaded Installations\{570713D0-36B6-45A3-AB49-78451DBD2DC4}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
D:\My Documents\Downloads\cdbxp_setup_4.4.1.3341.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
F:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Downloaded Installations\{03684A14-B722-4564-909D-EFD641C97101}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
F:\Program Files\Laplink\PCmover\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
F:\WINDOWS\Downloaded Installations\{570713D0-36B6-45A3-AB49-78451DBD2DC4}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
Back to top
