Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re-Directing google Virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 CommonCents

CommonCents

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 03 July 2010 - 05:04 PM

Paste Log Below: Thank you in advance for you help.


ComboFix 10-07-01.02 - RSJ 07/02/2010 16:58:27.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.2044 [GMT -4:00]
Running from: c:\users\RSJ\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\RSJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\_WQScZDlD.tmp
c:\users\RSJ\AppData\Roaming\inst.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-02 21:05 . 2010-07-02 21:06 -------- d-----w- c:\users\RSJ\AppData\Local\temp
2010-07-02 20:54 . 2010-07-02 20:55 -------- d-----w- C:\32788R22FWJFW
2010-06-30 10:41 . 2010-06-30 10:41 -------- d-----w- c:\users\RSJ\AppData\Roaming\AVG9
2010-06-30 00:27 . 2010-04-19 14:25 2117704 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-06-29 23:54 . 2010-06-29 23:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-29 23:54 . 2010-06-29 23:54 -------- d-----w- c:\windows\PCHEALTH
2010-06-29 23:54 . 2010-06-29 23:54 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-06-29 23:54 . 2010-06-29 23:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-29 23:49 . 2010-06-29 23:49 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-29 03:32 . 2010-06-29 03:32 -------- d-----w- c:\users\RSJ\AppData\Local\AVG Security Toolbar
2010-06-28 10:28 . 2010-07-02 20:01 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-28 10:28 . 2010-06-30 00:27 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-28 10:26 . 2010-06-28 10:26 -------- d-----w- c:\program files\AVG
2010-06-28 10:26 . 2010-06-28 10:26 -------- d-----w- c:\programdata\avg9
2010-06-28 02:16 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-28 02:16 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-28 00:57 . 2010-06-28 05:29 -------- d-----w- c:\users\RSJ\AppData\Roaming\Spyware Terminator
2010-06-28 00:57 . 2010-06-28 05:29 -------- d-----w- c:\programdata\Spyware Terminator
2010-06-28 00:57 . 2010-06-28 05:29 -------- d-----w- c:\program files\Spyware Terminator
2010-06-27 14:41 . 2010-06-27 14:41 -------- d-----w- c:\users\RSJ\AppData\Roaming\Malwarebytes
2010-06-27 14:41 . 2010-06-27 14:41 -------- d-----w- c:\programdata\Malwarebytes
2010-06-27 14:41 . 2010-06-28 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-23 07:02 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:02 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:02 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:02 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:02 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 04:24 . 2010-06-23 04:25 -------- d-----w- c:\programdata\PEERNET
2010-06-23 04:24 . 2009-10-21 12:49 19272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\PNWnPrt8.dll
2010-06-23 04:24 . 2010-06-23 04:24 -------- d-----w- c:\program files\PDF Image Printer 8.0
2010-06-23 04:24 . 2010-06-23 04:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-23 04:03 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 04:03 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 04:03 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-15 13:59 . 2010-06-15 14:01 -------- d-----w- c:\users\Guest\AppData\Local\Adobe
2010-06-15 13:51 . 2010-06-15 13:51 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-06-15 13:50 . 2009-11-17 08:01 -------- d-----w- c:\users\Guest\AppData\Local\Microsoft Help
2010-06-15 13:50 . 2009-07-14 07:48 -------- d-----w- c:\users\Guest\AppData\Roaming\Media Center Programs
2010-06-15 13:50 . 2010-07-02 20:56 -------- d-----w- c:\users\Guest
2010-06-10 17:23 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 17:23 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 17:23 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-10 17:23 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 17:23 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16857\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16857\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16857\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16857\AcrobatUpdater.exe
2010-06-07 00:17 . 2010-06-07 00:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 21:27 . 2010-06-03 21:27 2944904 ----a-w- c:\users\RSJ\AppData\Roaming\Mozilla\Firefox\Profiles\lq2kdhhm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 21:06 . 2010-02-27 20:57 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-02 04:37 . 2009-10-28 22:01 -------- d-----w- c:\program files\Trillian
2010-06-30 00:26 . 2009-11-01 14:32 108824 ----a-w- c:\users\RSJ\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-30 00:04 . 2009-11-15 19:58 -------- d-----w- c:\programdata\Microsoft Help
2010-06-29 23:55 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-29 23:54 . 2010-04-06 02:45 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 22:27 . 2010-06-28 22:27 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-28 22:27 . 2010-06-28 22:27 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-28 22:27 . 2010-06-28 22:27 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-06-28 22:27 . 2010-06-28 10:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-28 22:27 . 2010-06-28 22:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-28 22:27 . 2010-06-28 10:28 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-28 22:27 . 2010-06-28 10:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-28 22:24 . 2010-06-28 22:24 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-06-28 22:24 . 2010-06-28 22:24 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-06-28 22:24 . 2010-06-28 22:24 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-06-28 22:24 . 2010-06-28 22:24 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-06-28 10:28 . 2010-06-28 10:28 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-28 05:29 . 2010-05-08 22:20 -------- d-----w- c:\program files\Boilsoft Video Joiner
2010-06-24 23:08 . 2009-11-04 02:41 -------- d-----w- c:\users\RSJ\AppData\Roaming\uTorrent
2010-06-23 04:18 . 2009-11-06 02:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-23 03:58 . 2009-12-02 04:13 -------- d-----w- c:\program files\Visual CertExam Suite
2010-06-19 00:07 . 2009-11-14 23:39 -------- d-----w- c:\users\RSJ\AppData\Roaming\Vso
2010-06-17 00:15 . 2010-03-01 01:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-11 19:45 . 2010-04-12 02:17 -------- d-----w- c:\program files\PeerGuardian2
2010-06-11 14:05 . 2010-04-02 04:33 -------- d-----w- c:\program files\Ask.com
2010-05-23 13:37 . 2010-05-23 13:37 -------- d-----w- c:\program files\Common Files\Java
2010-05-23 13:37 . 2009-11-03 02:23 -------- d-----w- c:\program files\Java
2010-05-21 18:14 . 2009-10-28 22:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 07:02 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 03:26 . 2010-01-09 01:39 -------- d-----w- c:\users\RSJ\AppData\Roaming\eBookPro6
2010-05-11 11:03 . 2010-05-11 10:42 -------- d-----w- c:\program files\StorageCrypt
2010-05-11 10:58 . 2010-05-11 10:58 7168 ----a-w- c:\users\RSJ\AppData\Roaming\Thinstall\Password Protect USB 3.6.1\40000015b00002i\password-protect.exe
2010-05-11 10:57 . 2010-05-11 10:57 7168 ----a-w- c:\users\RSJ\AppData\Roaming\Thinstall\Password Protect USB 3.6.1\4000003500002i\ncfpsys.exe
2010-05-11 10:57 . 2010-05-11 10:57 -------- d-----w- c:\users\RSJ\AppData\Roaming\Thinstall
2010-05-09 23:15 . 2010-05-09 23:13 -------- d-----w- c:\program files\Allok AVI DivX MPEG to DVD Converter
2010-05-09 23:06 . 2010-05-09 23:06 -------- d-----w- c:\program files\4U Computing
2010-04-23 07:13 . 2010-05-25 21:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-13 00:19 . 2010-04-13 00:19 354744 ----a-w- c:\users\RSJ\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-04-13 00:19 . 2010-04-13 00:19 79872 ----a-w- c:\users\RSJ\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2010-04-13 00:19 . 2010-04-13 00:19 574344 ----a-w- c:\users\RSJ\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2010-04-12 21:29 . 2010-05-23 13:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 23:56 . 2010-04-11 23:56 249856 ------w- c:\windows\Setup1.exe
2010-04-11 23:56 . 2010-04-11 23:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 06:20 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\RSJ\Documents\Downloads\uTorrent.exe" [2010-06-10 322352]
"SansaDispatch"="c:\users\RSJ\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-04-13 79872]
"Google Update"="c:\users\RSJ\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-13 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2009-06-15 182208]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-28 2065760]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-13 18:42 135664 ----atw- c:\users\RSJ\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-06-10 23:01 322352 ----a-w- c:\users\RSJ\Documents\Downloads\uTorrent.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PEERNET Spooler Service;PEERNET Spooler Service;c:\windows\system32\spool\DRIVERS\W32X86\3\PNSvc8.exe [2010-05-27 134984]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-28 52872]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-07 64288]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-28 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-28 243024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-28 308136]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4145063835-86868463-1141474233-1001Core.job
- c:\users\RSJ\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-13 18:42]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4145063835-86868463-1141474233-1001UA.job
- c:\users\RSJ\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-13 18:42]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\RSJ\AppData\Roaming\Mozilla\Firefox\Profiles\lq2kdhhm.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\RSJ\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\RSJ\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-02 17:09:28
ComboFix-quarantined-files.txt 2010-07-02 21:09

Pre-Run: 434,439,913,472 bytes free
Post-Run: 436,915,859,456 bytes free

- - End Of File - - 9D1C1712A20ABDA2F46E9CD5E070C33B


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 07 July 2010 - 06:31 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 CommonCents

CommonCents
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 08 July 2010 - 10:10 PM

OTL logfile created on: 7/8/2010 10:36:25 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\RSJ\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683.57 Gb Total Space | 401.51 Gb Free Space | 58.74% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.26 Gb Free Space | 55.05% Space Free | Partition Type: NTFS
Drive E: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RSJ-PC
Current User Name: RSJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/08 22:35:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\RSJ\Downloads\OTL.exe
PRC - [2010/07/06 18:24:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/06 18:24:16 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/06 18:24:15 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/06 18:24:13 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/06 18:24:01 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/07/06 18:23:47 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/07/06 18:23:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/06 18:23:34 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/07/06 18:23:31 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/07/05 23:50:21 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/02 16:48:38 | 003,725,496 | R--- | M] () -- C:\Users\RSJ\Desktop\ComboFix.exe
PRC - [2010/06/28 22:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/28 18:27:23 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/16 20:15:22 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/12 20:19:27 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\RSJ\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/04/12 17:29:28 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 15:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/08 22:35:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\RSJ\Downloads\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/06 18:24:01 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/07/06 18:23:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/06 18:23:31 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/07/05 23:50:21 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/05 23:48:38 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/04/25 03:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/19 10:25:46 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/07/06 18:24:55 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/07/06 18:24:54 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/06 18:24:48 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/06 18:24:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/06 18:23:37 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/07/06 18:23:35 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/07/06 18:23:35 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/07/06 18:23:23 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/06/28 06:28:58 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/06/06 20:16:25 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 75 4F 73 3C 1E CB 01 [binary data]
IE - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {461c8984-1ae2-8681-4ba6-ee06c173ef17}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/07/08 21:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/08 21:09:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 21:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 21:10:39 | 000,000,000 | ---D | M]

[2010/07/08 21:17:40 | 000,000,000 | ---D | M] -- C:\Users\RSJ\AppData\Roaming\Mozilla\Extensions
[2010/07/08 21:17:40 | 000,000,000 | ---D | M] -- C:\Users\RSJ\AppData\Roaming\Mozilla\Firefox\Profiles\lq2kdhhm.default\extensions
[2010/07/08 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\RSJ\AppData\Roaming\Mozilla\Firefox\Profiles\lq2kdhhm.default\extensions\toolbar@ask.com
[2010/07/08 21:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/08 21:10:38 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{461c8984-1ae2-8681-4ba6-ee06c173ef17}
[2010/07/08 21:10:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKU\.DEFAULT..\Run: [EPSON Stylus CX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-18..\Run: [EPSON Stylus CX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-4145063835-86868463-1141474233-1001..\Run: [EPSON Stylus CX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-4145063835-86868463-1141474233-1001..\Run: [SansaDispatch] C:\Users\RSJ\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-4145063835-86868463-1141474233-1001..\Run: [uTorrent] C:\Users\RSJ\Documents\Downloads\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4145063835-86868463-1141474233-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.7 213.109.72.139
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 01:01:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/09 00:52:55 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010/07/09 00:50:51 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010/07/08 22:01:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/08 21:08:14 | 000,000,000 | --SD | C] -- C:\Users\RSJ\AppData\Roaming\Microsoft
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Videos
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Saved Games
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Pictures
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Music
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Links
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Favorites
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Downloads
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\My Documents
[2010/07/08 21:08:14 | 000,000,000 | R--D | C] -- C:\Users\RSJ\Desktop
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\AppData\Local\Temporary Internet Files
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Templates
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Start Menu
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\SendTo
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Recent
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\PrintHood
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\NetHood
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Documents\My Videos
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Documents\My Pictures
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Documents\My Music
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\My Documents
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Local Settings
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\AppData\Local\History
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Cookies
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\Application Data
[2010/07/08 21:08:14 | 000,000,000 | -HSD | C] -- C:\Users\RSJ\AppData\Local\Application Data
[2010/07/08 21:08:14 | 000,000,000 | -H-D | C] -- C:\Users\RSJ\AppData
[2010/07/08 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\RSJ\AppData\Local\Temp
[2010/07/08 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\RSJ\AppData\Local\Microsoft
[2010/07/08 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\RSJ\AppData\Roaming\Media Center Programs
[2010/07/08 21:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/07/08 21:03:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/08 19:06:10 | 000,000,000 | ---D | C] -- C:\Users\RSJ\AppData\Roaming\AVG9
[2010/07/06 18:24:56 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/06 18:24:55 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/07/06 18:24:53 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/06 18:24:47 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/06 18:24:46 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/07/06 18:24:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/07/06 18:23:23 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/07/06 06:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/06 06:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/05 23:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/07/05 10:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/07/05 10:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/07/05 10:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/07/05 10:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/02 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/07/02 16:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/02 16:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/29 19:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/29 19:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/29 19:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/28 23:32:48 | 000,000,000 | ---D | C] -- C:\Users\RSJ\AppData\Local\AVG Security Toolbar
[2010/06/28 07:07:06 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/06/28 06:28:58 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/06/28 06:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/06/28 06:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/28 06:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/06/27 22:16:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/27 20:57:28 | 000,000,000 | ---D | C] -- C:\Users\RSJ\AppData\Roaming\Spyware Terminator
[2010/06/27 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010/06/27 20:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010/06/27 10:41:43 | 000,000,000 | ---D | C] -- C:\Users\RSJ\AppData\Roaming\Malwarebytes
[2010/06/27 10:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/27 10:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/23 00:40:23 | 000,000,000 | ---D | C] -- C:\Users\RSJ\Documents\OneNote Notebooks
[2010/06/23 00:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PEERNET
[2010/06/23 00:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Image Printer 8.0
[2010/06/18 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\RSJ\Desktop\Xbox
[2010/06/09 11:54:58 | 000,000,000 | ---D | C] -- C:\Users\RSJ\Desktop\C_

========== Files - Modified Within 30 Days ==========

[2010/07/09 01:01:15 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/08 22:38:08 | 003,670,016 | -HS- | M] () -- C:\Users\RSJ\NTUSER.DAT
[2010/07/08 21:57:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4145063835-86868463-1141474233-1001UA.job
[2010/07/08 21:51:42 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/08 21:51:42 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/08 21:48:02 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/08 21:48:02 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/08 21:48:02 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/08 21:45:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/08 21:42:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/08 21:41:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/08 21:41:33 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 21:40:20 | 001,092,614 | -H-- | M] () -- C:\Users\RSJ\AppData\Local\IconCache.db
[2010/07/08 21:38:31 | 000,001,409 | ---- | M] () -- C:\Users\RSJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/08 21:36:18 | 000,000,020 | -HS- | M] () -- C:\Users\RSJ\ntuser.ini
[2010/07/08 21:31:48 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/07/08 21:25:43 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2010/07/08 21:22:07 | 000,408,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/08 21:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\RSJ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 21:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\RSJ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 21:08:16 | 000,065,536 | -HS- | M] () -- C:\Users\RSJ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/07/08 21:05:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/07/08 21:05:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/08 20:24:43 | 000,003,056 | ---- | M] () -- C:\Users\RSJ\Desktop\Windows Compatibility Report.htm
[2010/07/08 20:20:45 | 000,003,252 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/07/08 20:16:14 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/07/08 19:57:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4145063835-86868463-1141474233-1001Core.job
[2010/07/08 17:19:29 | 061,776,119 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/07 19:13:45 | 000,120,960 | ---- | M] () -- C:\Users\RSJ\Desktop\FSU.jpg
[2010/07/07 15:35:24 | 000,600,040 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/07/06 18:24:58 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/06 18:24:58 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/07/06 18:24:55 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/07/06 18:24:54 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/06 18:24:48 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/06 18:24:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/07/06 18:24:45 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/07/06 18:23:23 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/07/06 06:36:40 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/06 00:45:00 | 000,002,389 | ---- | M] () -- C:\Users\RSJ\Desktop\Google Chrome.lnk
[2010/07/05 23:55:27 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/05 10:21:53 | 000,028,672 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/03 18:26:28 | 000,051,200 | ---- | M] () -- C:\Users\RSJ\Desktop\Resume.doc
[2010/07/02 16:48:38 | 003,725,496 | R--- | M] () -- C:\Users\RSJ\Desktop\ComboFix.exe
[2010/07/02 16:43:39 | 000,026,624 | ---- | M] () -- C:\Users\RSJ\Desktop\Book1.xls
[2010/06/28 06:28:58 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/06/23 18:30:28 | 059,357,453 | ---- | M] () -- C:\Users\RSJ\Desktop\CompTIA.TestInside.N10-004.v2010-04-21.by.Sigal.pdf
[2010/06/23 00:39:32 | 007,287,351 | ---- | M] () -- C:\Users\RSJ\Desktop\CompTIA.Braindump.SY0-201.v2010-03-09.pdf
[2010/06/18 20:07:11 | 000,000,671 | ---- | M] () -- C:\Users\RSJ\AppData\Roaming\vso_ts_preview.xml
[2010/06/17 08:03:47 | 000,001,406 | ---- | M] () -- C:\Users\RSJ\Desktop\favicon.ico

========== Files Created - No Company Name ==========

[2010/07/08 21:45:59 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/08 21:36:18 | 000,000,020 | -HS- | C] () -- C:\Users\RSJ\ntuser.ini
[2010/07/08 21:33:07 | 2414,284,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 21:25:43 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/07/08 21:08:14 | 000,524,288 | -HS- | C] () -- C:\Users\RSJ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 21:08:14 | 000,524,288 | -HS- | C] () -- C:\Users\RSJ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 21:08:14 | 000,262,144 | -HS- | C] () -- C:\Users\RSJ\ntuser.dat.LOG1
[2010/07/08 21:08:14 | 000,065,536 | -HS- | C] () -- C:\Users\RSJ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/07/08 21:08:14 | 000,000,290 | ---- | C] () -- C:\Users\RSJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/08 21:08:14 | 000,000,272 | ---- | C] () -- C:\Users\RSJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/08 21:08:14 | 000,000,000 | -HS- | C] () -- C:\Users\RSJ\ntuser.dat.LOG2
[2010/07/08 21:08:13 | 003,670,016 | -HS- | C] () -- C:\Users\RSJ\NTUSER.DAT
[2010/07/08 21:05:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/08 21:05:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/08 20:20:13 | 000,003,056 | ---- | C] () -- C:\Users\RSJ\Desktop\Windows Compatibility Report.htm
[2010/07/08 20:15:48 | 000,003,252 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/07/08 20:15:48 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/07/07 19:13:44 | 000,120,960 | ---- | C] () -- C:\Users\RSJ\Desktop\FSU.jpg
[2010/07/06 18:24:58 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/07/06 18:24:45 | 061,776,119 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/06 18:24:45 | 000,600,040 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/07/06 18:24:45 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/07/05 10:21:53 | 000,028,672 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/02 16:55:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/02 16:48:28 | 003,725,496 | R--- | C] () -- C:\Users\RSJ\Desktop\ComboFix.exe
[2010/06/23 18:19:26 | 059,357,453 | ---- | C] () -- C:\Users\RSJ\Desktop\CompTIA.TestInside.N10-004.v2010-04-21.by.Sigal.pdf
[2010/06/23 00:37:59 | 007,287,351 | ---- | C] () -- C:\Users\RSJ\Desktop\CompTIA.Braindump.SY0-201.v2010-03-09.pdf
[2010/06/17 08:03:47 | 000,001,406 | ---- | C] () -- C:\Users\RSJ\Desktop\favicon.ico
[2010/05/09 19:06:26 | 000,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/11/22 23:15:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/30 06:47:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2009/10/30 06:47:07 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
< End of report >


OTL Extras logfile created on: 7/8/2010 10:36:25 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\RSJ\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683.57 Gb Total Space | 401.51 Gb Free Space | 58.74% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.26 Gb Free Space | 55.05% Space Free | Partition Type: NTFS
Drive E: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RSJ-PC
Current User Name: RSJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4145063835-86868463-1141474233-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Allok AVI DivX MPEG to DVD Converter_is1" = Allok AVI DivX MPEG to DVD Converter 2.2.0429
"AVG9Uninstall" = AVG 9.0
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PeerGuardian_is1" = PeerGuardian 2.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = SimulationExams Net+ Practice Tests ...
"Trillian" = Trillian
"uTorrent" = µTorrent
"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4145063835-86868463-1141474233-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2010 6:22:52 PM | Computer Name = RSJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswRdr. System Error: The system cannot find the file specified. .

Error - 7/6/2010 6:22:52 PM | Computer Name = RSJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswSP. System Error: The system cannot find the file specified. .

Error - 7/6/2010 6:22:52 PM | Computer Name = RSJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary avast! Network Shield Support. System Error: The system cannot find the
file specified. .

Error - 7/6/2010 6:22:52 PM | Computer Name = RSJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service avast! Antivirus since QueryServiceConfig API failed System Error: The
system cannot find the file specified. .

Error - 7/7/2010 3:37:52 PM | Computer Name = RSJ-PC | Source = VSS | ID = 8194
Description =

Error - 7/8/2010 8:36:35 PM | Computer Name = RSJ-PC | Source = RpcNs | ID = 2
Description =

Error - 7/8/2010 9:22:30 PM | Computer Name = RSJ-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 9:22:41 PM | Computer Name = RSJ-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVG\AVG9\avgameh.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 9:24:35 PM | Computer Name = RSJ-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 9:37:18 PM | Computer Name = RSJ-PC | Source = ESENT | ID = 215
Description = WinMail (4596) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

[ System Events ]
Error - 7/8/2010 9:29:22 PM | Computer Name = RSJ-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 7/8/2010 9:29:22 PM | Computer Name = RSJ-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 7/8/2010 9:29:22 PM | Computer Name = RSJ-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 7/8/2010 9:31:08 PM | Computer Name = RSJ-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%2

Error - 7/8/2010 9:33:23 PM | Computer Name = RSJ-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/8/2010 9:33:23 PM | Computer Name = RSJ-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/8/2010 9:34:46 PM | Computer Name = RSJ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgfwfd

Error - 7/8/2010 9:41:46 PM | Computer Name = RSJ-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/8/2010 9:41:46 PM | Computer Name = RSJ-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/8/2010 9:42:22 PM | Computer Name = RSJ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgfwfd


< End of report >




















GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-08 22:56:13
Windows 6.1.7600
Running: s96eoudu.exe; Driver: C:\Users\RSJ\AppData\Local\Temp\pwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x829F5730]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x829F57E0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x829F5880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x829F5920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83414634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83414898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83045579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83069F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 830719E8 4 Bytes [30, 57, 9F, 82]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83071CB8 8 Bytes [E0, 57, 9F, 82, 80, 58, 9F, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 83071D2C 4 Bytes [20, 59, 9F, 82]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92626000, 0x2D5378, 0xE8000020]
.text peauth.sys A0A2AC9D 28 Bytes [1E, 00, 8E, 15, 21, 40, 6E, ...]
.text peauth.sys A0A2ACC1 28 Bytes [1E, 00, 8E, 15, 21, 40, 6E, ...]
.text autochk.exe 001C1204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 001C120C 1 Byte [00]
.text autochk.exe 001C1210 1 Byte [00]
.text autochk.exe 001C1214 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 001C1218 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4232] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4384] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4392] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4540] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4660] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5344] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5492] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5708] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5828] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5860] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6032] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6060] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtCreateFile + 6 77244A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtCreateFile + B 77244A1B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtMapViewOfSection + 6 77245076 1 Byte [28]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtMapViewOfSection + 6 77245076 4 Bytes [28, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtMapViewOfSection + B 7724507B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenFile + 6 77245126 4 Bytes [68, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenFile + B 7724512B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenProcess + 6 772451D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenProcess + B 772451DB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenProcessToken + B 772451EB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenProcessTokenEx + 6 772451F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenProcessTokenEx + B 772451FB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenThread + 6 77245256 4 Bytes [68, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenThread + B 7724525B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenThreadToken + 6 77245266 4 Bytes [68, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenThreadToken + B 7724526B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtOpenThreadTokenEx + B 7724527B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtQueryAttributesFile + 6 77245386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtQueryAttributesFile + B 7724538B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtQueryFullAttributesFile + B 7724543B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtSetInformationFile + 6 77245A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtSetInformationFile + B 77245A8B 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtSetInformationThread + 6 77245AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtSetInformationThread + B 77245AEB 1 Byte [E2]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 1 Byte [68]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtUnmapViewOfSection + 6 77245E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\RSJ\AppData\Local\Google\Chrome\Application\chrome.exe[6072] ntdll.dll!NtUnmapViewOfSection + B 77245E0B 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[3368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[3368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[3368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[3368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5760] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5760] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5760] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5760] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5760] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5760] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [584C9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [584CA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [584C94D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [584C94E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [584C92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [584C94B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [584C94A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [584CAA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [584C92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [584C9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [584C92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [584C92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [584CA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [584C9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [584C92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [584C92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [584C9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [584C9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [584C92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Users\RSJ\Desktop\ComboFix.exe[8072] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [752B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.UYVY msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YUY2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVYU msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.IYUV iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.i420 iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVU9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\Windows\System32\l3codeca.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo8 VfWWDM32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.dvsd mcdvd_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs avgrsstx.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 09 July 2010 - 04:30 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 21 July 2010 - 06:20 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 CommonCents

CommonCents
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 21 July 2010 - 04:42 PM

QUOTE(elise025 @ Jul 21 2010, 07:20 AM) View Post
Hello, are you still there?


I am, I'm sorry. went on vacation!

So are you asking me to download combofix again?

Edited by CommonCents, 21 July 2010 - 04:43 PM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 22 July 2010 - 03:44 PM

Yes please; download a new copy and run it. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 CommonCents

CommonCents
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 25 July 2010 - 12:49 AM

QUOTE(elise025 @ Jul 22 2010, 04:44 PM) View Post
Yes please; download a new copy and run it. Post me the resulting log.


For some reason, it's not running anymore. I've disabled my antivirus/adware. The green bar for combofix will load but nothing shows after that.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 25 July 2010 - 08:32 AM

Can you try to run it in safe mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 CommonCents

CommonCents
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 27 July 2010 - 09:41 PM

QUOTE(elise025 @ Jul 25 2010, 09:32 AM) View Post
Can you try to run it in safe mode?


Is it possible that this virus could be gone? It have had the issue in about a week.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 28 July 2010 - 02:57 PM

Well, that is extremely difficult to say without seeing a log. I strongly recommend to try combofix in safe mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 CommonCents

CommonCents
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 28 July 2010 - 07:16 PM

ComboFix 10-07-27.05 - RSJ 07/28/2010 19:59:14.1.4 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1764 [GMT -4:00]
Running from: c:\users\RSJ\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\RSJ\AppData\Roaming\inst.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 00:04 . 2010-07-29 00:08 -------- d-----w- c:\users\RSJ\AppData\Local\temp
2010-07-29 00:04 . 2010-07-29 00:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-29 00:04 . 2010-07-29 00:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-29 00:04 . 2010-07-29 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 23:57 . 2010-07-28 23:58 -------- d-----w- C:\32788R22FWJFW
2010-07-25 22:04 . 2010-07-25 22:04 -------- d-----w- c:\program files\NCH Software
2010-07-25 21:53 . 2010-07-25 21:53 -------- d-----w- c:\users\RSJ\AppData\Roaming\NCH Swift Sound
2010-07-25 21:53 . 2010-07-25 21:53 -------- d-----w- c:\programdata\NCH Swift Sound
2010-07-25 21:53 . 2010-07-25 21:53 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-22 03:39 . 2010-07-22 03:39 -------- d-----w- c:\program files\Java
2010-07-22 03:15 . 2010-07-22 03:15 -------- d-----w- c:\program files\Common Files\Java
2010-07-22 03:08 . 2010-07-22 03:08 0 ----a-w- c:\windows\nsreg.dat
2010-07-22 03:03 . 2010-07-22 03:03 -------- d-----w- c:\users\RSJ\AppData\Local\Opera
2010-07-22 03:02 . 2010-07-22 03:21 -------- d-----w- c:\program files\Opera
2010-07-20 00:39 . 2010-07-20 01:01 -------- d-----w- c:\program files\Exam Formatter
2010-07-12 23:40 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-12 02:19 . 2010-07-12 02:19 -------- d-----w- c:\users\RSJ\AppData\Roaming\motorola
2010-07-12 02:19 . 2010-07-12 02:19 -------- d-----w- c:\programdata\motorola
2010-07-12 02:18 . 2010-07-12 02:18 -------- d-----w- c:\program files\Common Files\Nero
2010-07-12 02:17 . 2010-07-29 00:06 -------- d-----w- c:\program files\Motorola Media Link
2010-07-12 02:17 . 2010-07-12 02:17 -------- d-----w- c:\users\RSJ\AppData\Local\Motorola
2010-07-12 02:16 . 2010-07-12 02:16 -------- d-----w- c:\program files\Motorola
2010-07-12 02:16 . 2010-07-12 02:16 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-07-10 13:53 . 2010-07-10 13:53 -------- d-----w- c:\program files\CCleaner
2010-07-10 07:01 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-10 02:24 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-10 02:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-10 02:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-10 02:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-10 02:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-10 02:20 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-10 02:19 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-10 00:41 . 2010-07-25 16:22 -------- d-----w- c:\users\RSJ\AppData\Roaming\Media Player Classic
2010-07-10 00:33 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-07-10 00:33 . 2010-06-28 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-10 00:33 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-10 00:33 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-10 00:33 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-10 00:33 . 2010-07-10 00:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-09 21:52 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-09 21:52 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-09 21:52 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-09 21:52 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-09 21:52 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-09 11:26 . 2010-07-09 11:26 108824 ----a-w- c:\users\RSJ\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-09 10:42 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-07-09 10:39 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-07-09 05:01 . 2010-07-09 01:36 -------- d-----w- c:\windows\Panther
2010-07-09 04:52 . 2010-07-09 01:27 -------- d-----w- C:\$WINDOWS.~Q
2010-07-09 04:50 . 2010-07-09 04:52 -------- d-----w- C:\$INPLACE.~TR
2010-07-09 01:38 . 2010-07-25 22:16 -------- d-----w- c:\windows\system32\wbem\Performance
2010-07-09 01:37 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-07-09 01:37 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-07-09 01:25 . 2010-07-09 01:25 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-09 01:20 . 2010-07-09 01:20 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-07-09 01:07 . 2010-07-09 01:07 -------- d-----w- c:\programdata\EPSON
2010-07-09 01:05 . 2010-07-09 01:05 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-08 23:06 . 2010-07-09 01:16 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG9
2010-07-08 23:06 . 2010-07-09 01:17 -------- d-----w- c:\users\RSJ\AppData\Roaming\AVG9
2010-07-07 01:03 . 2010-07-09 01:16 -------- d-----w- c:\users\Guest\AppData\Local\AVG Security Toolbar
2010-07-06 22:24 . 2010-07-06 22:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-06 22:24 . 2010-07-06 22:24 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-07-06 22:24 . 2010-07-06 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-06 22:24 . 2010-07-06 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-06 22:24 . 2010-07-06 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-06 22:24 . 2010-07-28 23:53 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-06 22:23 . 2010-07-06 22:23 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-07-06 10:29 . 2010-07-09 01:10 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-07-06 03:24 . 2010-07-09 01:11 -------- d-----w- c:\programdata\Alwil Software
2010-07-05 14:21 . 2010-07-05 14:21 28672 ---ha-w- C:\SZKGFS.dat
2010-07-05 14:20 . 2010-07-09 01:11 -------- d-----w- c:\programdata\SITEguard
2010-07-05 14:18 . 2010-07-09 01:11 -------- d-----w- c:\programdata\STOPzilla!
2010-07-05 14:18 . 2010-07-09 01:10 -------- d-----w- c:\program files\STOPzilla!
2010-07-05 14:18 . 2010-07-09 01:09 -------- d-----w- c:\program files\Common Files\iS3
2010-07-03 00:58 . 2010-07-05 14:25 -------- d-----w- c:\program files\uTorrent
2010-06-29 23:54 . 2010-07-09 01:10 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-06-29 23:54 . 2010-07-09 01:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-29 23:49 . 2010-07-09 01:10 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-29 03:32 . 2010-07-09 01:16 -------- d-----w- c:\users\RSJ\AppData\Local\AVG Security Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 00:07 . 2010-02-27 20:57 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-27 11:25 . 2010-04-12 02:17 -------- d-----w- c:\program files\PeerGuardian2
2010-07-27 03:40 . 2009-10-28 22:01 -------- d-----w- c:\program files\Trillian
2010-07-25 21:48 . 2009-11-04 02:41 -------- d-----w- c:\users\RSJ\AppData\Roaming\uTorrent
2010-07-22 03:39 . 2010-05-23 13:37 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-20 21:17 . 2010-07-20 21:17 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-20 21:16 . 2010-07-20 21:16 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-20 21:16 . 2010-07-20 21:16 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-20 21:16 . 2010-07-20 21:16 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 01:52 . 2009-12-02 04:13 -------- d-----w- c:\program files\Visual CertExam Suite
2010-07-14 07:02 . 2009-11-15 19:58 -------- d-----w- c:\programdata\Microsoft Help
2010-07-12 02:17 . 2009-11-14 23:29 -------- d-----w- c:\programdata\Nero
2010-07-10 00:18 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-07-09 01:17 . 2009-11-14 23:39 -------- d-----w- c:\users\RSJ\AppData\Roaming\Vso
2010-07-09 01:17 . 2010-06-28 00:57 -------- d-----w- c:\users\RSJ\AppData\Roaming\Spyware Terminator
2010-07-09 01:17 . 2010-05-11 10:57 -------- d-----w- c:\users\RSJ\AppData\Roaming\Thinstall
2010-07-09 01:17 . 2009-10-28 22:02 -------- d-----w- c:\users\RSJ\AppData\Roaming\Trillian
2010-07-09 01:17 . 2010-04-13 00:16 -------- d-----w- c:\users\RSJ\AppData\Roaming\SanDisk
2010-07-09 01:17 . 2009-10-31 15:35 -------- d-----w- c:\users\RSJ\AppData\Roaming\Move Networks
2010-07-09 01:17 . 2010-06-27 14:41 -------- d-----w- c:\users\RSJ\AppData\Roaming\Malwarebytes
2010-07-09 01:17 . 2010-02-22 03:18 -------- d-----w- c:\users\RSJ\AppData\Roaming\acccore
2010-07-09 01:17 . 2010-01-09 01:39 -------- d-----w- c:\users\RSJ\AppData\Roaming\eBookPro6
2010-07-09 01:17 . 2009-11-14 23:30 -------- d-----w- c:\users\RSJ\AppData\Roaming\Ahead
2010-07-09 01:17 . 2009-10-28 22:05 -------- d-----w- c:\users\RSJ\AppData\Roaming\COWON
2010-07-09 01:17 . 2009-10-28 22:03 -------- d-----w- c:\users\RSJ\AppData\Roaming\InstallShield
2010-07-09 01:10 . 2010-06-28 00:57 -------- d-----w- c:\program files\Spyware Terminator
2010-07-09 01:09 . 2009-11-23 03:14 -------- d-----w- c:\program files\epson
2010-07-09 01:05 . 2010-07-09 01:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-28 10:28 . 2010-06-28 10:28 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-07 00:16 . 2010-06-07 00:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-27 07:24 . 2010-07-09 10:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-07-09 10:31 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-28 22:13 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-07-09 10:31 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-11 10:58 . 2010-05-11 10:58 7168 ----a-w- c:\users\RSJ\AppData\Roaming\Thinstall\Password Protect USB 3.6.1\40000015b00002i\password-protect.exe
2010-05-11 10:57 . 2010-05-11 10:57 7168 ----a-w- c:\users\RSJ\AppData\Roaming\Thinstall\Password Protect USB 3.6.1\4000003500002i\ncfpsys.exe
2010-05-09 09:14 . 2010-07-09 10:38 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-07-09 10:38 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-01 14:49 . 2010-07-09 10:38 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 06:20 561552 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\RSJ\Documents\Downloads\uTorrent.exe" [2010-06-10 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-28 22:27 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-10-18 09:01 143360 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-13 18:42 135664 ----atw- c:\users\RSJ\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2010-04-13 00:19 79872 ----a-w- c:\users\RSJ\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-06-10 23:01 322352 ----a-w- c:\users\RSJ\Documents\Downloads\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe

R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-06 24856]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1343400]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-07-06 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-28 52872]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-07 64288]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-06 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-06 243024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-06 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-07-06 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-06-30 87336]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-06 1352832]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-07-06 122448]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-07-06 30288]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-07-06 20560]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:15]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4145063835-86868463-1141474233-1001Core.job
- c:\users\RSJ\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-13 18:42]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4145063835-86868463-1141474233-1001UA.job
- c:\users\RSJ\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-13 18:42]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\RSJ\AppData\Roaming\Mozilla\Firefox\Profiles\rc3sxk9o.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\RSJ\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\RSJ\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-28 20:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-29 00:14
ComboFix2.txt 2010-07-02 21:09

Pre-Run: 426,983,088,128 bytes free
Post-Run: 426,699,313,152 bytes free

- - End Of File - - 231A4C906A6D7B5AF39B6F558746DB47


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 29 July 2010 - 03:23 AM

Hello, that looks good indeed.


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:11 PM

Posted 16 August 2010 - 07:00 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users