Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Service function NtUnloadkey hook -> uphcleanhlp.sys +0x6D0


  • This topic is locked This topic is locked
5 replies to this topic

#1 Tim Hanks

Tim Hanks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 11 May 2011 - 06:40 PM

This was detected after an AVG update.
AVG detects it but I am unable to find it whenever I try to locate the file manually.

"Object name";"C:\WINDOWS\system32\Drivers\uphcleanhlp.sys"
"Detection name";"Service function NtUnloadKey hook -> uphcleanhlp.sys +0x6D0"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""

Here are the requested logs:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 17:15:50.37 on 11/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.259 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\New Folder\7ir8h25h.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\New Folder\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com.jm/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Search with Google - c:\windows\web\google.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\d3whq4vo.default\
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-19 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]
S3 ADASPROT;SYSTWEAKASO;\??\d:\program files\advanced system optimizer 3\adasprot32.sys --> d:\program files\advanced system optimizer 3\adasprot32.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-7 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-7-28 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-7-28 11104]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34384]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-10-8 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-11 08:22:31 217127 -c--a-w- c:\windows\system32\drv43260.dll
2011-05-11 08:22:31 102439 -c--a-w- c:\windows\system32\sipr3260.dll
2011-05-11 08:22:30 65602 -c--a-w- c:\windows\system32\cook3260.dll
2011-05-11 08:22:30 208935 -c--a-w- c:\windows\system32\drv33260.dll
2011-05-11 08:22:30 176165 -c--a-w- c:\windows\system32\drv23260.dll
2011-05-11 08:22:28 1184984 -c--a-w- c:\windows\system32\wvc1dmod.dll
2011-05-05 12:45:50 -------- dc----w- c:\program files\WOT
2011-05-04 06:48:05 218112 -c--a-w- c:\windows\system32\wordpad.exe
2011-05-03 05:07:25 -------- dc----w- c:\docume~1\owner\locals~1\applic~1\Cooliris
2011-04-26 23:24:28 -------- dc----w- c:\docume~1\owner\applic~1\HideIPEasy
2011-04-26 23:24:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\HideIPEasy
2011-04-19 15:59:41 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-19 15:59:36 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-19 15:59:36 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-15 19:36:31 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2011-04-15 19:36:30 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-04-15 19:36:30 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2011-04-15 19:36:29 149504 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2011-04-15 19:36:28 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2011-04-14 08:39:02 103864 -c--a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 08:39:02 103864 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-04-29 23:20:07 44544 ----a-w- c:\windows\system32\alg.exe
2011-04-08 16:13:41 53 -c--a-w- c:\windows\SW_Win3112X32.DLL
2011-04-08 15:39:56 87608 -c--a-w- c:\docume~1\owner\applic~1\inst.exe
2011-04-08 15:39:55 47360 -c--a-w- c:\docume~1\owner\applic~1\pcouffin.sys
2011-03-24 21:03:38 56936 -c--a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-21 22:13:34 20053096 -c--a-w- c:\windows\RTHDCPL.EXE
2011-03-07 05:31:47 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:35:38 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 -c--a-w- c:\windows\system32\win32k.sys
2011-02-26 00:37:00 1284712 -c--a-w- c:\windows\RtlExUpd.dll
2011-02-22 23:27:04 919552 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:27:04 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:27:04 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2011-02-18 12:08:32 385024 -c--a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 13:05:45 290432 -c--a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 17:17:03.57 ===============


GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-11 18:38:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340810A rev.3.64
Running: 7ir8h25h.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA510738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBA5107DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA510878]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB9E666D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA510914]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Definitely not easy being patient when your security could be compromised.

So i will be receiving assistance when?

EDIT: Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 9 days. ~Budapest

Edited by Budapest, 16 May 2011 - 11:36 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:05 PM

Posted 21 May 2011 - 08:12 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Tim Hanks

Tim Hanks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 22 May 2011 - 03:56 AM

I eagerly await further instructions.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:05 PM

Posted 22 May 2011 - 09:01 AM

The file C:\WINDOWS\system32\Drivers\uphcleanhlp.sys is a legitimate WINDOWS file. It's the user profile hive cleanup utility and is being flagged by AVG probably because it is hidden - this is also why you can't find it. Also, these types of files take a bit longer to get dealt with because you can't grab a copy and upload it to them to analyse. This in turn means that they can't set the program to ignore it as it has not yet been updated.

If this is the only issue then your machine is clean. Let me know.

Edited by m0le, 24 May 2011 - 08:14 PM.

Posted Image
m0le is a proud member of UNITE

#5 Tim Hanks

Tim Hanks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 24 May 2011 - 08:08 PM

Yes, this is my only issue at this time.
Thank you for you advice, I am indeed grateful and I will do my best to inform others of this amazing site.


Respect and Thanks,
T. Hanks

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:05 PM

Posted 24 May 2011 - 08:15 PM

You're welcome, Tim :thumbup2:

------------------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users