Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found Chinese folder in my jumplist this morning...


  • This topic is locked This topic is locked
6 replies to this topic

#1 craggadee

craggadee

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 08 June 2012 - 10:23 PM

Woke up this morning and found a folder with a bunch of chinese characters in the Windows Explorer taskbar jumplist - the folder was gone before I found it but it remained in the jumplist for some reason as evidence it was there, you can see the folder here http://i.imgur.com/aYqNY.jpg

So I'm not sure what made it but I'd love some help from you knowledgable fellows in working it out...

DDS Log below, I'll post the GMER and Hijack This! logs in subsequent posts...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by craggadee at 13:02:40 on 2012-06-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3583.2236 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Razer\Arctosa\razerhid.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Users\craggadee\Local Settings\Apps\F.lux\flux.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Arctosa\razertra.exe
C:\Users\craggadee\AppData\Local\Akamai\netsession_win.exe
G:\Program Files\Things & Stuff\Touchpad Server\TouchpadServer.exe
C:\Users\craggadee\AppData\Local\Akamai\netsession_win.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\craggadee\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
uRun: [F.lux] "c:\users\craggadee\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Akamai NetSession Interface] "c:\users\craggadee\appdata\local\akamai\netsession_win.exe"
mRun: [PWRISOVM.EXE] g:\program files\poweriso\PWRISOVM.EXE
mRun: [WheelMouse] c:\advanc~1\wh_exec.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Arctosa] "c:\program files\razer\arctosa\razerhid.exe"
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [StartCCC] "g:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\cragga~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\touchp~1.lnk - g:\program files\things & stuff\touchpad server\TouchpadServer.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\cragga~1\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\cragga~1\appdata\local\temp\ixp001.tmp\InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\cragga~1\appdata\local\temp\f5tmp\urxhost.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0B4713DD-DA1F-4027-9A91-9FA4CAC651D4} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{2793759F-C7C9-48DF-BE8A-8C9E9850ECB8} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\craggadee\appdata\roaming\mozilla\firefox\profiles\im091xeh.default\
FF - prefs.js: browser.startup.homepage - hxxps://auth.csu.edu.au/login/login.pl?url=http%3a%2f%2fmy%2ecsu%2eedu%2eau%2f
FF - plugin: c:\program files\battlelog web plugins\1.96.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.3\npesnsonar.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\craggadee\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\craggadee\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: g:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: g:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: g:\program files\veetle\player\npvlc.dll
FF - plugin: g:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;g:\program files\hi-rez studios\HiPatchService.exe [2012-5-1 8704]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 SBSDWSCService;SBSD Security Center Service;g:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-9 1153368]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-6 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-6 264192]
R3 ArcFltr;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2010-8-14 16000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-18 85520]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-26 6784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-2 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-2 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-5-16 33792]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-5-16 48640]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-7 1343400]
.
=============== Created Last 30 ================
.
2012-06-09 01:00:14 388096 ----a-r- c:\users\craggadee\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-09 00:38:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-09 00:19:00 -------- d-----w- c:\users\craggadee\appdata\roaming\Malwarebytes
2012-06-09 00:18:10 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 00:18:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 00:18:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 06:47:34 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adbcf331-489b-4755-a87a-30460946ae00}\mpengine.dll
2012-05-20 00:29:50 -------- d-----w- c:\users\craggadee\appdata\roaming\Tropico 4
2012-05-20 00:28:09 -------- d-----w- c:\users\craggadee\appdata\roaming\Kalypso Media
.
==================== Find3M ====================
.
2012-05-23 06:39:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-23 06:39:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-17 07:09:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:03:08.84 ===============

GMER Log:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-09 13:22:39
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EADS-00M2B0 rev.01.00A01
Running: gmer.exe; Driver: C:\Users\CRAGGA~1\AppData\Local\Temp\uwtoapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E54369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spwb.sys The system cannot find the path specified. !
PAGE PCIIDEX.SYS!DllUnload 8C905606 5 Bytes JMP 859061D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92E1E000, 0x3C12C5, 0xE8000020]
.text USBPORT.SYS!DllUnload 916D6CA0 5 Bytes JMP 866131D8
PAGE peauth.sys 9E41BE21 100 Bytes CALL EB71B71F
? C:\Users\CRAGGA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 1C, 00] {SUB [EAX], AL; SBB AL, 0x0}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 1C, 00] {SUB [EBX], AL; SBB AL, 0x0}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 1C, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 1C, 00] {TEST AL, 0x1; SBB AL, 0x0}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 768979A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 1C, 00] {TEST AL, 0x2; SBB AL, 0x0}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 1C, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 1C, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76897A35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 1C, 00] {TEST AL, 0x0; SBB AL, 0x0}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 76897BF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 1C, 00] {SUB [ECX], AL; SBB AL, 0x0}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 1C, 00] {SUB [EDX], AL; SBB AL, 0x0}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 1C, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4868] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 768994A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76899535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 768996F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 37, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 76898AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76898B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 76898CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 2D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4940] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 7689A5A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 7689A635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 7689A7F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 48, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 3A, 00] {SUB [EAX], AL; CMP AL, [EAX]}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 3A, 00] {SUB [EBX], AL; CMP AL, [EAX]}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 3A, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 3A, 00] {TEST AL, 0x1; CMP AL, [EAX]}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 768997A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 3A, 00] {TEST AL, 0x2; CMP AL, [EAX]}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 3A, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 3A, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76899835 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 3A, 00] {TEST AL, 0x0; CMP AL, [EAX]}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 768999F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 3A, 00] {SUB [ECX], AL; CMP AL, [EAX]}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 3A, 00] {SUB [EDX], AL; CMP AL, [EAX]}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 3A, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[4964] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 76896AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76896B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 76896CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 0D, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 76896CA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76896D35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 76896EF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 0F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 76899CA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76899D35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 76899EF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 3F, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5200] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtCreateFile + 6 778955CE 4 Bytes [28, 00, 11, 00] {SUB [EAX], AL; ADC [EAX], EAX}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtCreateFile + B 778955D3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtMapViewOfSection + 6 77895C2E 1 Byte [28]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtMapViewOfSection + 6 77895C2E 4 Bytes [28, 03, 11, 00] {SUB [EBX], AL; ADC [EAX], EAX}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtMapViewOfSection + B 77895C33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenFile + 6 77895CDE 4 Bytes [68, 00, 11, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenFile + B 77895CE3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcess + 6 77895D8E 4 Bytes [A8, 01, 11, 00] {TEST AL, 0x1; ADC [EAX], EAX}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcess + B 77895D93 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessToken + 6 77895D9E 4 Bytes CALL 76896EA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessToken + B 77895DA3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessTokenEx + 6 77895DAE 4 Bytes [A8, 02, 11, 00] {TEST AL, 0x2; ADC [EAX], EAX}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessTokenEx + B 77895DB3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThread + 6 77895E0E 4 Bytes [68, 01, 11, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThread + B 77895E13 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadToken + 6 77895E1E 4 Bytes [68, 02, 11, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadToken + B 77895E23 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadTokenEx + 6 77895E2E 4 Bytes CALL 76896F35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadTokenEx + B 77895E33 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryAttributesFile + 6 77895F3E 4 Bytes [A8, 00, 11, 00] {TEST AL, 0x0; ADC [EAX], EAX}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryAttributesFile + B 77895F43 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryFullAttributesFile + 6 77895FEE 4 Bytes CALL 768970F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryFullAttributesFile + B 77895FF3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationFile + 6 7789663E 4 Bytes [28, 01, 11, 00] {SUB [ECX], AL; ADC [EAX], EAX}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationFile + B 77896643 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationThread + 6 7789669E 4 Bytes [28, 02, 11, 00] {SUB [EDX], AL; ADC [EAX], EAX}
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationThread + B 778966A3 1 Byte [E2]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 1 Byte [68]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtUnmapViewOfSection + 6 778969BE 4 Bytes [68, 03, 11, 00]
.text C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtUnmapViewOfSection + B 778969C3 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865CB1F8
Device \Driver\volmgr \Device\VolMgrControl 859051F8
Device \Driver\usbuhci \Device\USBPDO-0 866141F8
Device \Driver\usbuhci \Device\USBPDO-1 866141F8
Device \Driver\usbuhci \Device\USBPDO-2 866141F8
Device \Driver\usbuhci \Device\USBPDO-3 866141F8
Device \Driver\usbehci \Device\USBPDO-4 86A183C8
Device \Driver\volmgr \Device\HarddiskVolume1 859051F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 859051F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 868A31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 859081F8
Device \Driver\atapi \Device\Ide\IdePort0 859081F8
Device \Driver\atapi \Device\Ide\IdePort1 859081F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-5 859081F8
Device \Driver\atapi \Device\Ide\IdePort2 859081F8
Device \Driver\atapi \Device\Ide\IdePort3 859081F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 859081F8
Device \Driver\volmgr \Device\HarddiskVolume3 859051F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume4 859051F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 859051F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume6 859051F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{2793759F-C7C9-48DF-BE8A-8C9E9850ECB8} 869501F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 869501F8
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 866141F8
Device \Driver\USBSTOR \Device\0000006d 868D11F8
Device \Driver\usbuhci \Device\USBFDO-1 866141F8
Device \Driver\USBSTOR \Device\0000006e 868D11F8
Device \Driver\usbuhci \Device\USBFDO-2 866141F8
Device \Driver\USBSTOR \Device\0000006f 868D11F8
Device \Driver\usbuhci \Device\USBFDO-3 866141F8
Device \Driver\usbehci \Device\USBFDO-4 86A183C8
Device \FileSystem\cdfs \Cdfs 8706C1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x9A 0x1D 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xE9 0x27 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x9A 0x1D 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xE9 0x27 0xAC ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 craggadee

craggadee
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 08 June 2012 - 10:26 PM

Here is the HijackThis log... I'm not sure about the entries for that F5 Networks stuff or the Winsock errors?

I also ran the TDSSKiller and it found Akamai and sptd problems but doesn't seem to be able to do much.

Spybot just found a couple of tracking cookies...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:01:37 PM, on 9/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Razer\Arctosa\razerhid.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Users\craggadee\Local Settings\Apps\F.lux\flux.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Arctosa\razertra.exe
C:\Users\craggadee\AppData\Local\Akamai\netsession_win.exe
G:\Program Files\Things & Stuff\Touchpad Server\TouchpadServer.exe
C:\Users\craggadee\AppData\Local\Akamai\netsession_win.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Users\craggadee\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Arctosa] "C:\Program Files\Razer\Arctosa\razerhid.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\craggadee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [F.lux] "C:\Users\craggadee\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\craggadee\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: Touchpad Server.lnk = G:\Program Files\Things & Stuff\Touchpad Server\TouchpadServer.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\CRAGGA~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\CRAGGA~1\AppData\Local\Temp\IXP001.TMP\InstallerControl.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\CRAGGA~1\AppData\Local\Temp\f5tmp\urxhost.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - G:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe

--
End of file - 6845 bytes

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:06 AM

Posted 11 June 2012 - 08:07 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 craggadee

craggadee
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 11 June 2012 - 08:13 PM

Hey m0le,

Just a reply to let you know I'm still here and getting email updates on this thread.

Thanks a million for your time.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:06 AM

Posted 12 June 2012 - 05:57 PM

Can you run the following two programs

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And


Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:06 AM

Posted 15 June 2012 - 07:34 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:06 AM

Posted 17 June 2012 - 05:48 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users