Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected?


  • This topic is locked This topic is locked
9 replies to this topic

#1 queesy

queesy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 19 May 2010 - 05:11 AM

So I was surfing the net noticed some weird virus scanner I have never seen Antivirus Soft or something like that.
Fearing for my computer I scanned with AVG, Adaware and CCleaner and found nothing.
I proceeded to restart my computer and run safe mode, where I again ran AVG and adaware along with Spybot Search and Destroy.
Still Found nothing.

I then downloaded HijackThis and created a log:

[codebox]Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:55:46 AM, on 5/19/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kevin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Kevin\Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE /FU "C:\Windows\TEMP\E_S1F2C.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8167 bytes
[/codebox]

I will try to add more data as I move along, thank you for your help!

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:56 AM

Posted 20 May 2010 - 07:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 queesy

queesy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 23 May 2010 - 05:48 PM

First of all, thanks for all the help and responding! I tried my best to do what you had instructed.


DDS:
[codebox]
DDS (Ver_10-03-17.01) - NTFSx86
Run by Kevin at 15:23:57.36 on Sun 05/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3326.1055 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Kevin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kevin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EPSON Stylus Photo 1400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe /fu "c:\windows\temp\E_S1F2C.tmp" /EF "HKCU"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\ptldz7ry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kevin\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\kevin\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-26 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-9 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-9 1153368]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-17 5010288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-19 278560]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-17 16168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

=============== Created Last 30 ================

2010-05-22 09:12:44 0 d-----w- c:\program files\common files\PC Tools
2010-05-22 09:12:30 0 d-----w- c:\programdata\TEMP
2010-05-20 05:13:56 218 ----a-w- c:\users\kevin\.recently-used.xbel
2010-05-19 19:31:30 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-05-19 19:31:27 132608 ----a-w- c:\windows\system32\cabview.dll
2010-05-19 19:31:21 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-19 19:31:21 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-19 19:31:21 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-19 13:03:58 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-05-19 13:03:58 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-05-19 13:03:58 278560 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-05-19 13:03:54 0 d-----w- c:\program files\Realtek
2010-05-19 12:33:33 65536 --sha-w- c:\users\kevin\ntuser.dat{8126f3b0-6338-11df-a04f-e35cfc0edee2}.TM.blf
2010-05-19 12:33:33 524288 --sha-w- c:\users\kevin\ntuser.dat{8126f3b0-6338-11df-a04f-e35cfc0edee2}.TMContainer00000000000000000002.regtrans-ms
2010-05-19 12:33:33 524288 --sha-w- c:\users\kevin\ntuser.dat{8126f3b0-6338-11df-a04f-e35cfc0edee2}.TMContainer00000000000000000001.regtrans-ms
2010-05-15 09:06:54 0 d-----w- c:\program files\AutoGK
2010-05-12 23:08:06 0 d--h--w- c:\programdata\CanonBJ
2010-05-12 23:05:47 0 d-----w- c:\program files\Canon
2010-05-04 04:26:10 527 ----a-w- c:\windows\FontExplorer.ini
2010-05-04 04:24:30 0 d-----w- c:\program files\Linotype

==================== Find3M ====================

2010-05-23 20:50:20 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-15 09:13:12 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2010-04-20 15:02:09 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-27 17:07:26 509196 ----a-w- c:\windows\fonts\Sketchetik-Light.otf
2010-03-27 17:07:12 705500 ----a-w- c:\windows\fonts\Sketchetik-Light.ttf
2010-03-26 13:05:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-16 03:53:23 15840 ----a-w- c:\windows\fonts\UV39-Normal_0.otf
2010-03-13 04:51:04 16364 ----a-w- c:\windows\fonts\EVILDEAD_1.TTF
2010-03-12 17:32:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-08 22:47:06 5010288 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-03-08 22:47:04 415600 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-03-08 22:40:46 294400 ----a-w- c:\windows\system32\Wintab32.dll
2010-03-04 07:33:23 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
1999-11-12 08:48:44 63248 ----a-w- c:\program files\sc.exe
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 11:21:21 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:26:59.98 ===============
[/codebox]


For Defogger it did not ask me to restart not sure why...


GMER

[codebox]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 15:46:58
Windows 6.1.7600
Running: z6kzt09l.exe; Driver: C:\Users\Kevin\AppData\Local\Temp\afldqpod.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A03634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A03898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A9FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spgq.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload + 1 8BB64AD7 4 Bytes JMP 860101D9
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x92232340, 0x40C2A7, 0xE8000020]
.text USBPORT.SYS!DllUnload 91B45CA0 5 Bytes JMP 867821D8
.text peauth.sys A0041C9D 28 Bytes [44, 86, C9, 9B, 76, EE, 79, ...]
.text peauth.sys A0041CC1 28 Bytes [44, 86, C9, 9B, 76, EE, 79, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 18, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4964] ntdll.dll!LdrLoadDll 7738F585 5 Bytes JMP 000F13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtCreateFile + 6 77374A16 4 Bytes [28, 00, 08, 00] {SUB [EAX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtCreateFile + B 77374A1B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtMapViewOfSection + 6 77375076 1 Byte [28]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtMapViewOfSection + 6 77375076 4 Bytes [28, 03, 08, 00] {SUB [EBX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtMapViewOfSection + B 7737507B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenFile + 6 77375126 4 Bytes [68, 00, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenFile + B 7737512B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenProcess + 6 773751D6 4 Bytes [A8, 01, 08, 00] {TEST AL, 0x1; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenProcess + B 773751DB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenProcessToken + B 773751EB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenProcessTokenEx + 6 773751F6 4 Bytes [A8, 02, 08, 00] {TEST AL, 0x2; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenProcessTokenEx + B 773751FB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenThread + 6 77375256 4 Bytes [68, 01, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenThread + B 7737525B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenThreadToken + 6 77375266 4 Bytes [68, 02, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenThreadToken + B 7737526B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtOpenThreadTokenEx + B 7737527B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtQueryAttributesFile + 6 77375386 4 Bytes [A8, 00, 08, 00] {TEST AL, 0x0; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtQueryAttributesFile + B 7737538B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtQueryFullAttributesFile + B 7737543B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtSetInformationFile + 6 77375A86 4 Bytes [28, 01, 08, 00] {SUB [ECX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtSetInformationFile + B 77375A8B 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtSetInformationThread + 6 77375AE6 4 Bytes [28, 02, 08, 00] {SUB [EDX], AL; OR [EAX], AL}
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtSetInformationThread + B 77375AEB 1 Byte [E2]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 1 Byte [68]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtUnmapViewOfSection + 6 77375E06 4 Bytes [68, 03, 08, 00]
.text C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] ntdll.dll!NtUnmapViewOfSection + B 77375E0B 1 Byte [E2]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B8B4042] \SystemRoot\System32\Drivers\spgq.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B8B46D6] \SystemRoot\System32\Drivers\spgq.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B8B4800] \SystemRoot\System32\Drivers\spgq.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B8B413E] \SystemRoot\System32\Drivers\spgq.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[148] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2076] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2824] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[2932] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EE2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EC5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EC56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EE250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73ED8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73ED4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73ED50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73ED51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73ED66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73ED82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73ED8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73ED907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EDE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ED4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4140] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4140] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4140] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4236] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4484] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4492] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4508] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4540] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[4936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[5068] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe[8128] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [753E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 860171F8
Device \FileSystem\fastfat \FatCdrom 87C221F8
Device \FileSystem\udfs \UdfsCdRom 877B43A8
Device \FileSystem\udfs \UdfsDisk 877B43A8
Device \Driver\volmgr \Device\VolMgrControl 860121F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EEC2D024-9F4D-41AF-A202-AE3EFA69CE79} 865ED1F8
Device \Driver\usbuhci \Device\USBPDO-0 867711F8
Device \Driver\usbuhci \Device\USBPDO-1 867711F8
Device \Driver\usbuhci \Device\USBPDO-2 867711F8
Device \Driver\usbehci \Device\USBPDO-3 8687E500
Device \Driver\usbuhci \Device\USBPDO-4 867711F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 867711F8
Device \Driver\usbuhci \Device\USBPDO-6 867711F8
Device \Driver\USBSTOR \Device\00000070 877FD1F8
Device \Driver\volmgr \Device\HarddiskVolume1 860121F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 8687E500
Device \Driver\volmgr \Device\HarddiskVolume2 860121F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 865751F8
Device \Driver\volmgr \Device\HarddiskVolume3 860121F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 860141F8
Device \Driver\atapi \Device\Ide\IdePort0 860141F8
Device \Driver\atapi \Device\Ide\IdePort1 860141F8
Device \Driver\atapi \Device\Ide\IdePort2 860141F8
Device \Driver\atapi \Device\Ide\IdePort3 860141F8
Device \Driver\atapi \Device\Ide\IdePort4 860141F8
Device \Driver\atapi \Device\Ide\IdePort5 860141F8
Device \Driver\atapi \Device\Ide\IdePort6 860141F8
Device \Driver\atapi \Device\Ide\IdePort7 860141F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 860151F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 860151F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 860151F8
Device \Driver\msahci \Device\Ide\PciIde1Channel3 860151F8
Device \Driver\msahci \Device\Ide\PciIde1Channel4 860151F8
Device \Driver\msahci \Device\Ide\PciIde1Channel5 860151F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 860141F8
Device \Driver\USBSTOR \Device\00000073 877FD1F8
Device \Driver\volmgr \Device\HarddiskVolume4 860121F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000074 877FD1F8
Device \Driver\volmgr \Device\HarddiskVolume5 860121F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000075 877FD1F8
Device \Driver\volmgr \Device\HarddiskVolume6 860121F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000076 877FD1F8
Device \Driver\volmgr \Device\HarddiskVolume7 860121F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 865ED1F8
Device \Driver\USBSTOR \Device\00000077 877FD1F8
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 867711F8
Device \Driver\usbuhci \Device\USBFDO-1 867711F8
Device \Driver\usbuhci \Device\USBFDO-2 867711F8
Device \Driver\USBSTOR \Device\0000006f 877FD1F8
Device \Driver\usbehci \Device\USBFDO-3 8687E500
Device \Driver\usbuhci \Device\USBFDO-4 867711F8
Device \Driver\usbuhci \Device\USBFDO-5 867711F8
Device \Driver\usbuhci \Device\USBFDO-6 867711F8
Device \Driver\usbehci \Device\USBFDO-7 8687E500
Device \FileSystem\fastfat \Fat 87C221F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----
[/codebox]

Attached Files


Edited by queesy, 23 May 2010 - 06:44 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:56 AM

Posted 24 May 2010 - 03:10 PM

Nothing there but there was the Antivirus Soft term that you used.

Have you seen any evidence of any changes in your PC since then?
Posted Image
m0le is a proud member of UNITE

#5 queesy

queesy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 24 May 2010 - 10:46 PM

when i got that antivirus soft i closed it and tried to scan with avg but it would not let me, so i proceeded to do a restart but i have not seen it since, however i notice my internet explorer and google chrome do not connect to the net while firefox still does. but i ahve not see the antivirus soft since i restarted, do you think its gone?

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:56 AM

Posted 25 May 2010 - 03:08 PM

What error message are you getting when you try to run IE or Chrome?
Posted Image
m0le is a proud member of UNITE

#7 queesy

queesy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 25 May 2010 - 10:47 PM

just that it cannot display page, no matter what website i go to.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:56 AM

Posted 26 May 2010 - 03:42 PM

Run Combofix for me please

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:56 AM

Posted 29 May 2010 - 06:18 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:56 AM

Posted 01 June 2010 - 12:24 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users