Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD Infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 time4life

time4life

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 07 September 2012 - 01:17 PM

I had the Smart HDD virus infect my computer about a week ago and I thought I had it removed using your "Remove Smart HDD (Uninstall Guide)", but it came back. I have since tried a few additional things reading the forums, short of using Combofix, because I did not want to take a chance on doing this without expert help(per your advice). At this point I am afraid to use the computer because it may still be there, ready to reactivate itself. The reason I believe this is because of an ESET scan that came back with 8 items that it was unable to clean. There is not much else I can do, but to request help from this incredibly generous and helpful community.

I reviewed your "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and the following is the requested log information from DDS, GMER, and also ESET.

Thank you in advance for your help!

DDS log contents:
---------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Evaluseek Publishing at 17:58:22 on 2012-09-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2019 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\TuneClone\TuneClone.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\InstantEyedropper\InstantEyedropper.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uSearch Bar = res://c:\windows\downloaded program files\CopernicMeta.dll/SearchBar_htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {de09d68e-0488-4df0-bd46-5bf35f2d1f2a} - c:\windows\downlo~1\COPERN~1.DLL
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 6\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Copernic Meta: {f79ad27f-8140-4e33-8b1d-c4fc6b663cca} - c:\windows\downloaded program files\CopernicMeta.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 6\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Copernic Meta: {1c6c294b-8c56-48fa-b4d7-2132fbde8668} - c:\windows\downloaded program files\CopernicMeta.dll
EB: Copernic Agent Results (Meta): {7c684fb9-d59e-4e84-9356-c7f53db0c44e} - c:\windows\downloaded program files\CopernicMeta.dll
EB: Copernic Meta: {f79ad27f-8140-4e33-8b1d-c4fc6b663cca} - c:\windows\downloaded program files\CopernicMeta.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [pdfSaver3] "c:\program files\mindjet\mindmanager 7\pdf-xchange\pdfsaver\pdfSaver3.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Google Update] "c:\documents and settings\evaluseek publishing\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [instanteyedropper] "c:\program files\instanteyedropper\InstantEyedropper.exe"
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.2; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\nero\lib\NeroCheck.exe"
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [FinePrint Dispatcher v5] "c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe" /source=HKLM
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [OSSelectorReinstall] "c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe"
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [pdfSaver3]
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [c:\program files\free video zilla\FVZilla.exe]
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 7\MMReminderService.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TuneClone] c:\program files\tuneclone\TuneClone.exe /silence
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Search Using Copernic Meta - c:\windows\downloaded program files\CopernicMeta.dll/HTML/SearchExt
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: ICF.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Copernic Meta - file:///C:/DOCUME~1/EVALUS~1/LOCALS~1/Temp/CopernicMeta0000.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://www.aventuratechnologies.com/livedemo/WebClient.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} - hxxps://www.acsenterprisesystem.com/CAB%20and%20license%20files/SPR32X60.cab
DPF: {57B2CA01-6C40-44BB-9FCC-BFA7FADAA6E3} - hxxp://images.sightspeed.com/files/sightspeed_ssam_install.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192202157593
DPF: {73B1BB72-18BB-41AE-B53C-43704B5B5315} - hxxp://video.envysion.com/jslib/controller/EnvysionCtrl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c12/v19.111/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.internetvideorecorder.net/activex/AxisCamControl.cab
DPF: {94BAAD53-7450-4403-9A1D-24601D64052B} - hxxp://www.vmscctv.com/Libraries/WDVRViewerX.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://70.107.225.97/program/SonySncRz25View.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://webcam.geovision.com.tw/cab/OCXChecker_8198.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kekaha.senterkauai.com:91/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} - hxxps://www.acsenterprisesystem.com/Reserved.ReportViewerWebControl.axd?ReportSession=k2pto2553fegss2wmmt3hl55&ControlID=4a4284877f8544c4bf48676f886d6013&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://webcam.geovision.com.tw/cab/DownloadCenter_8200.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28F33A06-D20A-4A19-B804-47F2A838E2B1} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - c:\windows\downlo~1\COPERN~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\evaluseek publishing\application data\mozilla\firefox\profiles\8mxc84w1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\evaluseek publishing\application data\mozilla\firefox\profiles\8mxc84w1.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\evaluseek publishing\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2009-12-8 20352]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-29 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-29 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-29 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-29 83392]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-30 655944]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-8-6 241424]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-3-17 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-30 22344]
S0 jjbrp;jjbrp;c:\windows\system32\drivers\bedel.sys --> c:\windows\system32\drivers\bedel.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c99dd99197dde3;Google Update Service (gupdate1c99dd99197dde3);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-9 129976]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zlportio;zlportio;\??\c:\program files\ultrastar deluxe\zlportio.sys --> c:\program files\ultrastar deluxe\zlportio.sys [?]
.
=============== Created Last 30 ================
.
2012-09-03 20:16:23 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\f-secure
2012-09-03 20:16:08 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2012-09-03 20:03:59 -------- d-----w- c:\documents and settings\evaluseek publishing\local settings\application data\Sun
2012-09-03 20:02:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 20:02:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 19:58:53 -------- d-----w- c:\program files\ESET
2012-08-31 19:55:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 19:54:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 21:39:49 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\DVD Flick
2012-08-29 21:34:31 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2012-08-29 21:34:31 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2012-08-29 21:34:31 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2012-08-29 21:34:30 212240 ----a-w- c:\windows\system32\richtx32.ocx
2012-08-29 21:34:30 -------- d-----w- c:\program files\DVD Flick
2012-08-29 20:53:05 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\MPEG Streamclip
2012-08-29 15:25:53 -------- d-----w- c:\documents and settings\evaluseek publishing\application data\Avira
2012-08-29 15:20:25 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-29 15:20:25 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-29 15:20:24 -------- d-----w- c:\program files\Avira
2012-08-29 15:20:24 -------- d-----w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2012-09-03 20:02:36 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-03 20:02:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-02 03:03:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 03:03:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 17:59:31.64 ===============



GMER log contents:
------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-07 13:53:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000070 ST3500630AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\EVALUS~1\LOCALS~1\Temp\fxldapoc.sys


---- System - GMER 1.0.15 ----

SSDT B86F4804 ZwClose
SSDT B86F47BE ZwCreateKey
SSDT B86F480E ZwCreateSection
SSDT B86F47B4 ZwCreateThread
SSDT B86F47C3 ZwDeleteKey
SSDT B86F47CD ZwDeleteValueKey
SSDT B86F47FF ZwDuplicateObject
SSDT B86F47D2 ZwLoadKey
SSDT B86F47A0 ZwOpenProcess
SSDT B86F47A5 ZwOpenThread
SSDT B86F4827 ZwQueryValueKey
SSDT B86F47DC ZwReplaceKey
SSDT B86F4818 ZwRequestWaitReplyPort
SSDT B86F47D7 ZwRestoreKey
SSDT B86F4813 ZwSetContextThread
SSDT B86F481D ZwSetSecurityObject
SSDT B86F47C8 ZwSetValueKey
SSDT B86F4822 ZwSystemDebugControl
SSDT B86F47AF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6685380, 0x5414D5, 0xE8000020]
? C:\DOCUME~1\EVALUS~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EEFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EF6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F09B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 19, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912AFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912B6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912C9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F3FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F46D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F59B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 1E, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9102FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91036D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91049B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 2D, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4724] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90FAFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FB6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FC9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 25, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912AFC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912B6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912C9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 34, 00] {SUB [EAX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 34, 00] {SUB [EBX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 34, 00] {TEST AL, 0x1; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9109FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 34, 00] {TEST AL, 0x2; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910A6D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 34, 00] {TEST AL, 0x0; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910B9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 34, 00] {SUB [ECX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 34, 00] {SUB [EDX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 34, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F8FC
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F96D
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FA9B
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]}
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 23, 00]
.text C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6132] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \Driver\nvata \Device\00000070 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\nvata \Device\00000071 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\nvata \Device\00000074 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\nvata \Device\00000075 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\nvata \Device\NvAta0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\nvata \Device\NvAta1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\VClone \Device\Scsi\VClone1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\VClone \Device\Scsi\VClone1Port3Path0Target0Lun0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----


ESET log contents:
------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed24070298689c4b8ab33c232604005e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-01 08:40:21
# local_time=2012-09-01 04:40:21 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 79493362 79493362 0 0
# compatibility_mode=1792 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=533594
# found=8
# cleaned=0
# scan_time=43316
C:\Documents and Settings\Evaluseek Publishing\Application Data\Sun\Java\Deployment\cache\6.0\41\29d614a9-43e36207 Java/Exploit.CVE-2012-4681.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Downloaded Installations\{03684A14-B722-4564-909D-EFD641C97101}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Laplink\PCmover\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Downloaded Installations\{570713D0-36B6-45A3-AB49-78451DBD2DC4}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
D:\My Documents\Downloads\cdbxp_setup_4.4.1.3341.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
F:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Downloaded Installations\{03684A14-B722-4564-909D-EFD641C97101}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
F:\Program Files\Laplink\PCmover\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I
F:\WINDOWS\Downloaded Installations\{570713D0-36B6-45A3-AB49-78451DBD2DC4}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:53 AM

Posted 09 September 2012 - 12:57 PM

Please run the following:

Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 10 September 2012 - 11:11 AM

Thanks for your help. I am running Combofix now and will post log when it's complete.

Update: I just got a blue screen error (A problems has been detected and Windows has been shut down to... ...Beginning dump of physical memory...). It is stopped at the blue screen. I will not do anything, but await further instructions from you.

Edited by time4life, 10 September 2012 - 11:39 AM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:53 AM

Posted 10 September 2012 - 01:57 PM

please boot into safe mode and run ComboFix in safe mode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 10 September 2012 - 02:31 PM

Here is the Combofix log after running it in Safe Mode. My computer is still in Safe Mode (without networking), so assume this when giving directions for your next step.

---------------------------------
ComboFix 12-09-10.03 - Evaluseek Publishing 09/10/2012 15:12:48.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2623 [GMT -4:00]
Running from: c:\documents and settings\Evaluseek Publishing\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Evaluseek Publishing\Application Data\inst.exe
c:\documents and settings\Evaluseek Publishing\Application Data\ubot
c:\documents and settings\Evaluseek Publishing\Application Data\vso_ts_preview.xml
c:\documents and settings\Evaluseek Publishing\g2mdlhlpx.exe
c:\documents and settings\Evaluseek Publishing\Start Menu\Programs\System Fix
c:\documents and settings\Evaluseek Publishing\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\Evaluseek Publishing\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\program files\alexa toolbar
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\ijl11.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-03 20:16 . 2012-09-03 20:16 -------- d-----w- c:\documents and settings\Evaluseek Publishing\Application Data\f-secure
2012-09-03 20:16 . 2012-09-03 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2012-09-03 20:03 . 2012-09-03 20:03 -------- d-----w- c:\documents and settings\Evaluseek Publishing\Local Settings\Application Data\Sun
2012-09-03 20:02 . 2012-09-03 20:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 20:02 . 2012-09-03 20:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 19:48 . 2012-09-03 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-08-31 19:58 . 2012-08-31 19:58 -------- d-----w- c:\program files\ESET
2012-08-31 19:55 . 2012-08-31 19:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 19:54 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 21:39 . 2012-08-30 13:13 -------- d-----w- c:\documents and settings\Evaluseek Publishing\Application Data\DVD Flick
2012-08-29 21:34 . 2008-08-31 17:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2012-08-29 21:34 . 2007-08-31 22:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2012-08-29 21:34 . 2003-01-26 17:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2012-08-29 21:34 . 2012-08-29 21:34 -------- d-----w- c:\program files\DVD Flick
2012-08-29 21:34 . 2004-03-09 04:00 212240 ----a-w- c:\windows\system32\richtx32.ocx
2012-08-29 20:53 . 2012-08-29 20:53 -------- d-----w- c:\documents and settings\Evaluseek Publishing\Application Data\MPEG Streamclip
2012-08-29 15:25 . 2012-08-29 15:25 -------- d-----w- c:\documents and settings\Evaluseek Publishing\Application Data\Avira
2012-08-29 15:20 . 2012-07-18 22:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-29 15:20 . 2012-07-18 22:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-29 15:20 . 2012-07-18 22:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-29 15:20 . 2012-08-29 15:20 -------- d-----w- c:\program files\Avira
2012-08-29 15:20 . 2012-08-29 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-08-27 21:38 . 2012-08-27 21:38 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 20:02 . 2010-06-02 20:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-03 20:02 . 2007-10-11 01:03 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-02 03:03 . 2012-04-05 18:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 03:03 . 2011-06-07 19:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-09 21:02 . 2012-07-09 21:02 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
"pdfSaver3"="c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 68856]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-11-11 3124160]
"instanteyedropper"="c:\program files\InstantEyedropper\InstantEyedropper.exe" [2007-10-17 352256]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-18 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-10-27 507904]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2011-12-23 1628944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"CTHelper"="CTHELPER.EXE" [2005-11-09 16384]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2008-04-10 37144]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"TuneClone"="c:\program files\TuneClone\TuneClone.exe" [2009-01-15 4530176]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Boxee\\BOXEE.exe"=
"c:\\Program Files\\Boxee\\system\\players\\flashplayer\\bxflplayer-win32.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=
"c:\\Program Files\\Internet Content Filter\\Pop3Proxy.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [12/8/2009 11:36 PM 20352]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [3/17/2009 10:12 PM 33792]
S0 jjbrp;jjbrp;c:\windows\system32\drivers\bedel.sys --> c:\windows\system32\drivers\bedel.sys [?]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [8/29/2012 11:20 AM 36000]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/29/2012 11:20 AM 86224]
S2 gupdate1c99dd99197dde3;Google Update Service (gupdate1c99dd99197dde3);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2009 5:30 PM 133104]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/30/2012 3:54 PM 655944]
S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [9/2/2003 3:06 PM 20064]
S2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [8/6/2010 10:50 AM 241424]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 2:17 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2009 5:30 PM 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/30/2012 3:54 PM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/9/2012 5:02 PM 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/4/2008 12:57 AM 47360]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 zlportio;zlportio;\??\c:\program files\UltraStar Deluxe\zlportio.sys --> c:\program files\UltraStar Deluxe\zlportio.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:03]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 21:30]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 21:30]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-725345543-1003Core.job
- c:\documents and settings\Evaluseek Publishing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 23:47]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-725345543-1003UA.job
- c:\documents and settings\Evaluseek Publishing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 23:47]
.
2012-09-10 c:\windows\Tasks\User_Feed_Synchronization-{312DFB66-F5B3-4628-8894-7E3CBF360823}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Search Using Copernic Meta - c:\windows\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
LSP: ICF.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
Handler: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - c:\windows\DOWNLO~1\COPERN~1.DLL
DPF: Copernic Meta - file:///C:/DOCUME~1/EVALUS~1/LOCALS~1/Temp/CopernicMeta0000.cab
DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://www.aventuratechnologies.com/livedemo/WebClient.cab
DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} - hxxps://www.acsenterprisesystem.com/CAB%20and%20license%20files/SPR32X60.cab
DPF: {57B2CA01-6C40-44BB-9FCC-BFA7FADAA6E3} - hxxp://images.sightspeed.com/files/sightspeed_ssam_install.exe
DPF: {73B1BB72-18BB-41AE-B53C-43704B5B5315} - hxxp://video.envysion.com/jslib/controller/EnvysionCtrl.cab
DPF: {94BAAD53-7450-4403-9A1D-24601D64052B} - hxxp://www.vmscctv.com/Libraries/WDVRViewerX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kekaha.senterkauai.com:91/activex/AMC.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://webcam.geovision.com.tw/cab/DownloadCenter_8200.cab
FF - ProfilePath - c:\documents and settings\Evaluseek Publishing\Application Data\Mozilla\Firefox\Profiles\8mxc84w1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
HKLM-Run-nwiz - nwiz.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-The Logo Creator v4 - c:\windows\unvise32.exe
AddRemove-WampServer 2_is1 - d:\wamp\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Evaluseek Publishing\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 15:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-484763869-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9a,f2,15,98,fa,36,73,45,17,80,d4,19,56,42,89,99,3a,07,f3,fe,24,ef,e3,
29,34,0b,49,4d,f9,76,31,94,e8,35,9f,1e,43,a0,ca,ef,d0,47,c9,99,f1,63,b3,38,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
[HKEY_USERS\S-1-5-21-1547161642-484763869-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2d,a6,8e,dc,93,60,42,64,53,8b,0e,23,76,1d,9d,2d,97,70,02,f6,aa,
98,72,40,99,11,67,45,5f,c5,8a,6e,01,5f,dc,5d,75,e9,60,6c,f3,bb,9c,db,d5,5c,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-09-10 15:24:06
ComboFix-quarantined-files.txt 2012-09-10 19:23
.
Pre-Run: 190,295,375,872 bytes free
Post-Run: 190,890,323,968 bytes free
.
- - End Of File - - 3330122490552AA26030F3C2905CBF83

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:53 AM

Posted 10 September 2012 - 02:58 PM

Please do the following:



Click Start and type cmd in Start Search.
When cmd.exe populates in the window above, right click it and select Run as Administrator to open an elevated command prompt.


Type the following commands one at a time at the command prompt, hitting enter after each.


sc stop jjbrp
sc delete jjbrp
exit


Reboot the machine.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 10 September 2012 - 03:25 PM

Reboot into Safe Mode or normal reboot? I have actually already rebooted normally. I hope that's OK and I am able to do the two steps in normal reboot.

Edited by time4life, 10 September 2012 - 03:29 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:53 AM

Posted 10 September 2012 - 03:27 PM

yes, please continue in normal mode

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 10 September 2012 - 04:05 PM

Internet is not working on the normal reboot. I need the Internet to follow your directions. What now?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:53 AM

Posted 10 September 2012 - 04:20 PM

Please do a system restore to a time before you ran ComboFix

step by step instructions can be found here

http://support.microsoft.com/kb/306084

let me know if that restores your connection

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 10 September 2012 - 09:37 PM

I rebooted again and the internet was back. No need to do system restore thankfully. I did create a new restore point just in case we need to undo something during the process. MBAM was run and found nothing. The ESET site is down right now, but I will run it in the morning when the site is back up. All logs will follow. Stand by.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:53 AM

Posted 11 September 2012 - 04:16 PM

well that's good news

while you are waiting for the ESET scan, please run the following, we need to check if any of your programs are out of date or if any or your services are broken


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 12 September 2012 - 08:17 AM

Here are the two log files you requested.

MBAM log:
--------------------------

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.10.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Evaluseek Publishing :: E521 [administrator]

9/10/2012 8:01:21 PM
mbam-log-2012-09-10 (20-01-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218354
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET log:
--------------------------

C:\Documents and Settings\Evaluseek Publishing\Application Data\Sun\Java\Deployment\cache\6.0\41\29d614a9-43e36207 Java/Exploit.CVE-2012-4681.F trojan
C:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Downloaded Installations\{03684A14-B722-4564-909D-EFD641C97101}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
C:\Program Files\Laplink\PCmover\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application
C:\WINDOWS\Downloaded Installations\{570713D0-36B6-45A3-AB49-78451DBD2DC4}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
D:\My Documents\Downloads\cdbxp_setup_4.4.1.3341.exe Win32/OpenCandy application
F:\Documents and Settings\Evaluseek Publishing\Local Settings\Application Data\Downloaded Installations\{03684A14-B722-4564-909D-EFD641C97101}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application
F:\Program Files\Laplink\PCmover\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application
F:\WINDOWS\Downloaded Installations\{570713D0-36B6-45A3-AB49-78451DBD2DC4}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application

#14 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 12 September 2012 - 08:20 AM

I had to let ESET go overnight and did not get your latest reply until I posted the two logs. Do you still want me to do MiniToolBox and Farbar next, or something else based on the above two logs?

#15 time4life

time4life
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 12 September 2012 - 09:37 AM

MiniToolBox and Farbar were pretty quick results, so I went ahead and did them. Here are the logs.

MiniToolBox
----------------------------

iniToolBox by Farbar Version: 23-07-2012
Ran by Evaluseek Publishing (administrator) on 12-09-2012 at 10:33:27
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

7-Zip 9.15 beta
A1 Sitemap Generator (Version: 2.1.1)
AAC Decoder (Version: 7.1.0)
Acronis Disk Director Suite (Version: 10.0.2117)
Acronis True Image Home (Version: 11.0.8027)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader 8.1.1 (Version: 8.1.1)
Adobe Shockwave Player (Version: 11)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AnyDVD
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Athlon 64 Processor Driver (Version: 1.3.2.0)
Audacity 1.2.6
AutoUpdate (Version: 1.1)
Avira Free Antivirus (Version: 12.0.0.1199)
AviSynth 2.5
AXIS Media Control Embedded
BCL easyPDF Printer Driver 5.1 (Version: 5.1.54)
Bonjour (Version: 3.0.0.10)
Boxee
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
Broadcom Management Programs (Version: 10.15.03)
Brother MFL-Pro Suite (Version: 1.00)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Camtasia Studio 3 (Version: 3.1)
CDBurnerXP (Version: 4.0.022.370)
CherryPicker (Version: 1.0.3)
CherryPicker (Version: v1.0.3)
ClearPlay Easy Updates (Version: 1.0.1.7)
CloneDVD2
CloneDVDmobile (Version: 1.7.0.0)
Combat Arms
CommentKahuna (Version: 2.5.8)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Conference Client Uninstall
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
Copernic Meta
Creating Fat Content Course
Crysis Wars®
Crysis Wars® (Version: 1.0)
Crysis® (Version: 1.20.0000)
Desktop Spider 3.0
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
Download Manager 2.3.7 (Version: 2.3.7)
Dr. Andy's Internet Search Browser 1.0
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
eFax Messenger 4.3 (Version: 4.3)
ESET Online Scanner v3
Exact Audio Copy 0.99pb3 (Version: 0.99pb3)
Excel Extract URLs Software 7.0
FeedDemon
FeedForAll v2.0 (Version: v2.0)
FeedStation
FileZilla Client 3.5.3 (Version: 3.5.3)
FinePrint
GemMaster Mystic
GeoVision ADPCM
GeoVision H264
GeoVision JPEG
GeoVision MPEG2
GeoVision MPEG4 ASP
GeoVision MPEG4 AVC
GIMP 2.6.8
GIMP LqR Plug-In (Version: PlugIn: 0.7.1 - Lib: 0.4.1)
GoodSync (Version: 8.3.2.2)
Google Chrome (Version: 21.0.1180.89)
Google Gears (Version: 0.5.3600)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
GSiteCrawler (Version: v1.23)
H.264 Decoder (Version: 1.0.0)
Handbrake 0.9.4 (Version: 0.9.4)
InBoxer for Outlook 2.1 (Version: 2.1)
Instant Eyedropper 1.75
Instant PopOver (Version: 3.00.1000)
iPhoneBrowser (Version: 1.8.1)
iTunes (Version: 10.5.1.42)
IZArc 3.81 (Version: 3.81 Build 1550)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 31 (Version: 6.0.310)
Jing (Version: 2.6.12032.1)
Keyword Blaze (Version: 1.2.3)
KRA Pro v4
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
Macromedia Dreamweaver MX 2004 (Version: 7.0.1)
Macromedia Extension Manager (Version: 1.5)
Macromedia Fireworks MX 2004 (Version: 7.0.2)
magicolor 2300 DL
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Market Samurai (Version: 0.87.79)
Micro Niche Finder 5.0 (Version: 5.0.10.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Media Content Deluxe (Version: 10.0.2619.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Publisher 2002 (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser (Version: 8.70.1104.04)
Mindjet MindManager Lite 7 (Version: 7.1.394)
Mindjet MindManager Viewer 7 (Version: 7.0.472)
MKV Splitter (Version: 1.0.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MPEG Video Wizard 4.0.4.111 (12/2008) (Version: 4.0.4.111 (12/2008))
MPEG Video Wizard 4.0.4.112 (12/2008)
MPEG Video Wizard DVD 4.0.4.111 (12/2008) (Version: 4.0.4.111 (12/2008))
MPEG Video Wizard DVD 4.0.4.112 (12/2008)
Mpeg2Decoder 1.3
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero 8 Trial (Version: 8.2.89)
neroxml (Version: 1.0.0)
Niche Blueprints v3
Notepad++ (Version: 6.1.5)
NovaMind 5 (Version: 5.7.3)
NVIDIA Display Control Panel (Version: 1.6)
NVIDIA Drivers (Version: 1.10)
NVIDIA nView Desktop Manager (Version: 6.14.10.00)
NVIDIA PhysX (Version: 9.09.0814)
OptiTools
Otto
PaperPort Image Printer (Version: 1.00.0000)
PDF-XChange 3.0
Pinnacle Studio 12 (Version: 12.1.3.6605)
Pinnacle Video Driver (Version: 12.1.0.029)
Pinnacle VideoSpin (Version: 2.0.0.669)
PowerDVD
QuickTime (Version: 7.69.80.9)
Real Alternative 1.52 (Version: 1.52)
Real Link Finder (Version: 1.3.8)
Riva FLV Player (Version: 1.0.0000)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
RoboForm 7-6-3 (All Users) (Version: 7-6-3)
RSS Submit v2.36
Safe Eyes (Version: 6.0.244)
ScanSoft PaperPort 11 (Version: 11.1.0000)
SEO SpyGlass
ShellExView (Version: 1.19)
SnagIt 6 (Version: 6.2)
Sonic Encoders (Version: 1.00)
StreamDown
Switch (remove only)
System Requirements Lab
TheBestSpinner3
Traffic Launch Pad PRO (Version: 2.0.12)
Traffic Launch Pad PRO (Version: V2.0.12)
TuneClone 1.35
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0322)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0213)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0165)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0963)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0408)
TurboTax 2008 wnciper (Version: 008.000.0129)
TurboTax 2008 wrapper (Version: 008.000.0062)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.1480)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0282)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0218)
TurboTax 2009 wnciper (Version: 009.000.0559)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wnciper (Version: 010.000.1304)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wnciper (Version: 011.000.1545)
TurboTax 2011 wrapper (Version: 011.000.0121)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2) (Version: 2)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Card Reader
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
Videora iPod Converter 3.07 (Version: 3.07)
VirtualCloneDrive
VLC media player 2.0.2 (Version: 2.0.2)
VSO Image Resizer 4.0.0.54 (Version: 4.0.0.54)
Web Content Studio LITE (Version: 1.0.0.01)
WebFldrs XP (Version: 9.50.7523)
WFAS-10
WFAS-11
WFAS-12
WFAS-13
WFAS-14
WFAS-15
WFAS-16
WFAS-17
WFAS-18
WFAS-19
WFAS-2
WFAS-20
WFAS-3
WFAS-4
WFAS-5
WFAS-6
WFAS-7
WFAS-8
WFAS-9
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinSCP 4.1.8 (Version: 4.1.8)

**** End of log ****


Farbar
----------------------------

Farbar Service Scanner Version: 06-08-2012
Ran by Evaluseek Publishing (administrator) on 12-09-2012 at 10:34:22
Running from "C:\Documents and Settings\Evaluseek Publishing\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-10 07:00] - [2008-06-20 07:40] - 0138496 ____A (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users