Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Scour virus on Chrome :(

(In Progress)
(!)

beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
25-Aug-2012, 07:28 PM #1
Scour virus on Chrome :(
Hello. My silly boyfriend downloaded an infected copy of a game from a link he found on Reddit. Now we are getting redirects on searches in Chrome, add-ons that keep reinstalling themselves (appbario and 'video downloader' extension), new programs being added into the start menu (Optimizer Pro, Strongvault Online Backup and SpeedUpMyPC) and the whole system feels more... clunky. I think we're infected!

I did all the logs as requested (posted below). Note that this is a computer we were gifted from his dad, so there's tons of stuff left on here from back then.

Thanks in advance for all your help!!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:01:01 PM, on 8/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\My Documents\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll
O2 - BHO: CrossriderApp0005060 - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WhiteSmoke US New - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files\WhiteSmoke_US_New\prxtbWhit.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files\WhiteSmoke_US_New\prxtbWhit.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing

Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SMessaging] C:\Documents and Settings\Bobby\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [LogMeIn] rundll32.exe "C:\Documents and Settings\Bobby\Local Settings\Application

Data\Microsoft\LogMeIn\yrjivhp.dll",CreateInstance
O4 - HKUS\S-1-5-19\..\Run: [LogMeIn] rundll32.exe "C:\Documents and Settings\Bobby\Local Settings\Application

Data\Microsoft\LogMeIn\yrjivhp.dll",CreateInstance (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LogMeIn] rundll32.exe "C:\Documents and Settings\Bobby\Local Settings\Application

Data\Microsoft\LogMeIn\yrjivhp.dll",CreateInstance (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-602162358-1957994488-682003330-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Stab')
O4 - HKUS\S-1-5-18\..\Run: [LogMeIn] rundll32.exe "C:\Documents and Settings\Bobby\Local Settings\Application

Data\Microsoft\LogMeIn\yrjivhp.dll",CreateInstance (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LogMeIn] rundll32.exe "C:\Documents and Settings\Bobby\Local Settings\Application

Data\Microsoft\LogMeIn\yrjivhp.dll",CreateInstance (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Epson scanner Registration.lnk = I:\Common\EpsonReg\Ereg.exe
O4 - Global Startup: TweetDeck.lnk = C:\Program Files\TweetDeck\TweetDeck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 10153 bytes
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
25-Aug-2012, 07:29 PM #2
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Helen at 16:02:31 on 2012-08-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.609 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Helen\My Documents\Downloads\HijackThis (1).exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - c:\program files\vid-saver\Vid-Saver.dll
BHO: Savings Sidekick: {11111111-1111-1111-1111-110011501160} - c:\program files\savings sidekick\Savings Sidekick.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - c:\program files\whitesmoke_us_new\prxtbWhit.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - c:\program files\whitesmoke_us_new\prxtbWhit.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\helen\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [LogMeIn] rundll32.exe "c:\documents and settings\bobby\local settings\application data\microsoft\logmein\yrjivhp.dll",CreateInstance
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [SMessaging] c:\documents and settings\bobby\local settings\application data\strongvault online backup\SMessaging.exe
dRun: [LogMeIn] rundll32.exe "c:\documents and settings\bobby\local settings\application data\microsoft\logmein\yrjivhp.dll",CreateInstance
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\helen\startm~1\programs\startup\epsons~1.lnk - i:\common\epsonreg\Ereg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tweetd~1.lnk - c:\program files\tweetdeck\TweetDeck.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9DC90C21-ABEE-4E85-B841-A23843DBD7B9} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 MpKslb34ef277;MpKslb34ef277;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cf7bac6-b7f7-4f22-8440-17a6b48bdcc1}\MpKslb34ef277.sys [2012-8-25 29904]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-5-14 47640]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-08-25 20:30:34 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cf7bac6-b7f7-4f22-8440-17a6b48bdcc1}\MpKslb34ef277.sys
2012-08-25 17:01:06 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cf7bac6-b7f7-4f22-8440-17a6b48bdcc1}\mpengine.dll
2012-08-25 02:03:17 -------- d-----w- c:\program files\MSXML 4.0
2012-08-24 16:06:00 -------- d-----w- c:\program files\Uniblue
2012-08-24 16:02:51 -------- d-----w- c:\program files\Optimizer Pro
2012-08-24 16:02:31 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-08-24 16:02:25 -------- d-----w- c:\program files\Vid-Saver
2012-08-24 16:02:25 -------- d-----w- c:\documents and settings\all users\application data\Strongvault Online Backup
2012-08-24 16:02:24 -------- d-----w- c:\program files\Strongvault Online Backup
2012-08-24 16:01:41 -------- d-----w- c:\program files\Conduit
2012-08-24 16:01:36 -------- d-----w- c:\program files\WhiteSmoke_US_New
2012-08-24 12:01:52 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-21 14:30:15 -------- d-----w- c:\documents and settings\helen\local settings\application data\adaware
2012-08-21 02:01:23 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
2012-08-21 01:55:57 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-08-21 01:45:54 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-08-21 01:44:32 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-08-21 01:40:50 -------- d-----w- c:\documents and settings\all users\application data\IBUpdaterService
2012-08-21 01:40:46 666272 ----a-w- c:\program files\uninstall information\ib_uninst_514\uninstall.exe
2012-08-21 01:39:32 666272 ----a-w- c:\program files\uninstall information\ib_uninst_569\uninstall.exe
2012-08-21 01:39:29 666272 ----a-w- c:\program files\uninstall information\ib_uninst_566\uninstall.exe
2012-08-21 01:39:29 -------- d-----w- c:\windows\system32\Extensions
2012-08-21 01:39:28 -------- d-----w- c:\windows\system32\searchplugins
2012-08-21 01:39:19 666272 ----a-w- c:\program files\uninstall information\ib_uninst_383\uninstall.exe
2012-08-21 01:38:53 666272 ----a-w- c:\program files\uninstall information\ib_uninst_342\uninstall.exe
2012-08-21 01:38:51 -------- d-----w- c:\program files\Savings Sidekick
2012-08-18 18:44:40 -------- d-----w- c:\documents and settings\helen\application data\My Games
2012-08-16 00:13:04 -------- d-----w- c:\program files\Firaxis Games
2012-08-16 00:09:22 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-15 01:29:14 -------- d-----w- c:\program files\XMedia Recode
2012-08-15 01:11:03 -------- d-----w- c:\program files\Combined Community Codec Pack
2012-08-15 00:57:28 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-08-15 00:57:16 -------- d-----w- c:\program files\Windows Media Connect 2
.
==================== Find3M ====================
.
2012-07-13 02:10:39 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 02:10:39 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-07-13 02:10:38 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-13 02:10:38 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-07-01 22:56:00 81920 ----a-w- c:\windows\ALCFDRTM.VER
2012-07-01 22:56:00 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 16:03:23.64 ===============
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
25-Aug-2012, 07:31 PM #3
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-25 18:21:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3200822AS rev.3.02
Running: 7ykrsnrl.exe; Driver: C:\DOCUME~1\Helen\LOCALS~1\Temp\ugtdypod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB834A000, 0x1C5D38, 0xE8000020]
? C:\DOCUME~1\Helen\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3C, 00] {SUB [EAX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3C, 00] {SUB [EBX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3C, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3C, 00] {TEST AL, 0x1; CMP AL, 0x0}
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91121A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3C, 00] {TEST AL, 0x2; CMP AL, 0x0}
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3C, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3C, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91128B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3C, 00] {TEST AL, 0x0; CMP AL, 0x0}
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9113B9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3C, 00] {SUB [ECX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3C, 00] {SUB [EDX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3C, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2068] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01760001
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912A1A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912A8B
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912BB9
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 54, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5952] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6196] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6488] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6528] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6584] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 31, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91071A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 31, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 31, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91078B
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9108B9
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 31, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6784] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01750001
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7660] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017A0001
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7880] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7932] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01720001
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8044] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91051A
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91058B
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9106B9
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2F, 00]
.text C:\Documents and Settings\Stab\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
28-Aug-2012, 02:09 AM #4
Bump
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
30-Aug-2012, 04:45 PM #5
Sorry to bump this again - I don't know what to do as the virus scan just keeps finding more instances of it and I'm worried it's affecting my work as I work from home on it.

I'm very grateful for your help.
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
03-Sep-2012, 05:24 PM #6
Bump.
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
07-Sep-2012, 12:06 PM #7
Sorry to keep hassling, but is there anyone that can help? Our anti-virus has now been turned off and will not turn back on!! Pleeeease!!
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
09-Sep-2012, 12:21 PM #8
Is there anyone that can look at this? It's been two weeks since my original post and we're going to have to take it in to a repair shop soon if not - antivirus on this user space won't turn on, every other thing I do on the web redirects to another site, we can't seem to remove random programs that have installed themselves. I'm worried that we're putting all our documents at risk by leaving this virus on here.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Sep-2012, 01:47 PM #9
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
13-Sep-2012, 05:18 PM #10
ComboFix 12-09-13.03 - Helen 09/13/2012 15:42:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1399 [GMT -5:00]
Running from: c:\documents and settings\Helen\Desktop\helen123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bobby\Local Settings\Application Data\Vid-Saver
c:\documents and settings\Bobby\Local Settings\Application Data\Vid-Saver\Chrome\Vid-Saver.crx
c:\documents and settings\Bobby\My Documents\~WRL0046.tmp
c:\documents and settings\Bobby\My Documents\~WRL3661.tmp
c:\documents and settings\Bobby\My Documents\~WRL3790.tmp
c:\documents and settings\Stab\Local Settings\Application Data\Savings Sidekick
c:\documents and settings\Stab\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\program files\Savings Sidekick
c:\program files\Savings Sidekick\Savings Sidekick.ico
c:\program files\Savings Sidekick\Savings Sidekick.ini
c:\program files\Savings Sidekick\Savings SidekickInstaller.log
c:\program files\Vid-Saver
c:\program files\Vid-Saver\ButtonUtil.dll
c:\program files\Vid-Saver\Vid-Saver-bg.exe
c:\program files\Vid-Saver\Vid-Saver.exe
c:\program files\Vid-Saver\Vid-Saver.ico
c:\program files\Vid-Saver\Vid-Saver.ini
c:\program files\Vid-Saver\Vid-SaverInstaller.log
c:\windows\system32\sqlite3.dll
H:\Autorun.inf
L:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 20:27 . 2012-09-13 20:27 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A589A4C8-FA45-4759-AC89-B56CC83BFA29}\MpKsl798d8601.sys
2012-09-13 08:38 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A589A4C8-FA45-4759-AC89-B56CC83BFA29}\mpengine.dll
2012-09-11 23:51 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-01 23:19 . 2012-09-13 20:29 -------- d-----w- c:\documents and settings\Helen\Local Settings\Application Data\Spotify
2012-09-01 23:19 . 2012-09-13 20:29 -------- d-----w- c:\documents and settings\Helen\Application Data\Spotify
2012-08-29 16:00 . 2010-10-24 05:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-29 16:00 . 2012-08-29 16:01 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-24 16:01 . 2012-08-24 16:01 -------- d-----w- c:\program files\Conduit
2012-08-24 16:01 . 2012-08-24 16:01 -------- d-----w- c:\program files\WhiteSmoke_US_New
2012-08-24 15:45 . 2012-08-24 15:49 -------- d-----w- c:\documents and settings\Bobby
2012-08-21 14:30 . 2012-08-21 14:30 -------- d-----w- c:\documents and settings\Helen\Local Settings\Application Data\adaware
2012-08-21 02:01 . 2012-08-21 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-08-21 01:58 . 2012-08-21 01:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-08-21 01:55 . 2012-08-21 01:56 -------- d-----w- c:\documents and settings\Stab\Local Settings\Application Data\adaware
2012-08-21 01:55 . 2012-09-13 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-08-21 01:45 . 2012-08-21 02:01 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-08-21 01:45 . 2012-08-21 01:54 -------- d-----w- c:\documents and settings\Stab\Local Settings\Application Data\Downloaded Installations
2012-08-21 01:40 . 2012-08-21 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-08-21 01:40 . 2012-08-21 01:40 -------- d-----w- c:\documents and settings\Stab\Local Settings\Application Data\CRE
2012-08-21 01:39 . 2012-08-21 01:39 -------- d-----w- c:\windows\system32\Extensions
2012-08-21 01:39 . 2012-08-21 01:39 -------- d-----w- c:\windows\system32\searchplugins
2012-08-18 18:44 . 2012-08-18 18:44 -------- d-----w- c:\documents and settings\Helen\Application Data\My Games
2012-08-16 00:35 . 2012-08-16 00:35 -------- d-----w- c:\documents and settings\Stab\Application Data\My Games
2012-08-16 00:13 . 2012-08-16 00:13 -------- d-----w- c:\program files\Firaxis Games
2012-08-16 00:09 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-16 00:08 . 2012-08-16 00:08 -------- d-----w- c:\documents and settings\Stab\Application Data\InstallShield
2012-08-16 00:01 . 2012-08-16 00:01 -------- d-----w- c:\documents and settings\Stab\Application Data\XMedia Recode
2012-08-15 01:29 . 2012-08-15 01:29 -------- d-----w- c:\program files\XMedia Recode
2012-08-15 01:11 . 2012-08-15 01:11 -------- d-----w- c:\program files\Combined Community Codec Pack
2012-08-15 00:58 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-08-15 00:57 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-08-15 00:57 . 2012-08-15 00:57 -------- d-----w- c:\program files\Windows Media Connect 2
2012-08-15 00:55 . 2012-08-15 00:56 -------- d-----w- c:\windows\system32\drivers\UMDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 02:10 . 2012-05-14 22:56 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-13 02:10 . 2012-05-14 22:56 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 02:10 . 2012-05-14 22:56 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-13 02:10 . 2012-05-14 22:56 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-06 13:58 . 2001-08-23 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-07-23 21:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2012-01-27 00:53 385024 ----a-w- c:\windows\system32\html.iec
2012-07-01 22:56 . 2012-07-01 22:55 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2012-07-01 22:56 . 2012-07-01 22:55 81920 ----a-w- c:\windows\ALCFDRTM.VER
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WhiteSmoke_US_New\prxtbWhit.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{462be121-2b54-4218-bf00-b9bf8135b23f}"= "c:\program files\WhiteSmoke_US_New\prxtbWhit.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{462be121-2b54-4218-bf00-b9bf8135b23f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2011-11-23 7608832]
"Spotify Web Helper"="c:\documents and settings\Helen\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-09-01 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SMessaging"="c:\documents and settings\Bobby\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe" [2012-04-04 31664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Helen\Start Menu\Programs\Startup\
Epson scanner Registration.lnk - i:\common\EpsonReg\Ereg.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TweetDeck.lnk - c:\program files\TweetDeck\TweetDeck.exe [2012-2-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-13 02:10 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Helen\\Application Data\\Spotify\\spotify.exe"=
.
R1 MpKsl798d8601;MpKsl798d8601;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A589A4C8-FA45-4759-AC89-B56CC83BFA29}\MpKsl798d8601.sys [9/13/2012 3:27 PM 29904]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/31/2012 8:30 PM 374184]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 1:10 PM 12856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 7:51 PM 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL798D8601
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1006Core.job
- c:\documents and settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 15:00]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1006UA.job
- c:\documents and settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 15:00]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1007Core.job
- c:\documents and settings\Stab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 01:08]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1007UA.job
- c:\documents and settings\Stab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 01:08]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1009Core.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 16:02]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1009UA.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 16:02]
.
2012-09-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 15:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2012-09-13 15:50:33
ComboFix-quarantined-files.txt 2012-09-13 20:50
.
Pre-Run: 80,864,882,688 bytes free
Post-Run: 82,472,833,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 35840688BF09367E6CD29F42A375A85F
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
13-Sep-2012, 05:24 PM #11
next

Please download Malwarebytes' Anti-Malware to your desktop
from HERE orHERE

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
13-Sep-2012, 05:56 PM #12
Thank you for doing this btw...


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.13.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Helen :: VIOLET [administrator]

Protection: Enabled

9/13/2012 4:48:41 PM
mbam-log-2012-09-13 (16-48-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245930
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Sep-2012, 11:14 AM #13
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

or to
http://www.bleepingcomputer.com/subm...php?channel=38
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
beefykoala's Avatar
beefykoala beefykoala is offline
Computer Specs
Member with 34 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
14-Sep-2012, 12:30 PM #14
ComboFix 12-09-14.03 - Helen 09/14/2012 10:59:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1359 [GMT -5:00]
Running from: c:\documents and settings\Helen\Desktop\helen123.exe
Command switches used :: c:\documents and settings\Helen\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
file zipped: c:\program files\WhiteSmoke_US_New\prxtbWhit.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WhiteSmoke_US_New
c:\program files\WhiteSmoke_US_New\GottenAppsContextMenu.xml
c:\program files\WhiteSmoke_US_New\ldrtbWhit.dll
c:\program files\WhiteSmoke_US_New\OtherAppsContextMenu.xml
c:\program files\WhiteSmoke_US_New\prxtbWhit.dll
c:\program files\WhiteSmoke_US_New\SharedAppsContextMenu.xml
c:\program files\WhiteSmoke_US_New\tbWhit.dll
c:\program files\WhiteSmoke_US_New\toolbar.cfg
c:\program files\WhiteSmoke_US_New\ToolbarContextMenu.xml
c:\program files\WhiteSmoke_US_New\uninstall.exe
c:\program files\WhiteSmoke_US_New\WhiteSmoke_US_NewToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))
.
.
2012-09-14 12:04 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA417A40-55EE-4B75-9206-E6FFD078FF62}\mpengine.dll
2012-09-13 21:37 . 2012-09-13 21:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-13 21:37 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 21:37 . 2012-09-13 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-13 21:17 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-01 23:19 . 2012-09-13 20:29 -------- d-----w- c:\documents and settings\Helen\Local Settings\Application Data\Spotify
2012-09-01 23:19 . 2012-09-13 20:29 -------- d-----w- c:\documents and settings\Helen\Application Data\Spotify
2012-08-29 16:00 . 2010-10-24 05:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-29 16:00 . 2012-08-29 16:01 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-26 23:42 . 2012-08-26 23:42 -------- d-----w- c:\program files\Strongvault Online Backup
2012-08-26 23:28 . 2012-08-26 23:28 -------- d-----w- c:\documents and settings\Helen\Application Data\Malwarebytes
2012-08-26 18:47 . 2012-08-26 18:47 -------- d-----w- c:\documents and settings\Stab\Application Data\Malwarebytes
2012-08-26 18:46 . 2012-08-26 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-26 18:45 . 2012-08-26 23:42 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-08-26 18:40 . 2012-08-26 18:40 -------- d-----w- c:\program files\CCleaner
2012-08-26 18:06 . 2012-08-26 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-26 18:06 . 2012-08-26 18:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-25 02:03 . 2012-08-25 02:03 -------- d-----w- c:\program files\MSXML 4.0
2012-08-24 16:02 . 2012-08-26 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Strongvault Online Backup
2012-08-24 16:01 . 2012-08-24 16:01 -------- d-----w- c:\program files\Conduit
2012-08-24 15:45 . 2012-08-24 15:49 -------- d-----w- c:\documents and settings\Bobby
2012-08-21 14:30 . 2012-08-21 14:30 -------- d-----w- c:\documents and settings\Helen\Local Settings\Application Data\adaware
2012-08-21 02:01 . 2012-08-21 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-08-21 01:58 . 2012-08-21 01:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-08-21 01:55 . 2012-08-21 01:56 -------- d-----w- c:\documents and settings\Stab\Local Settings\Application Data\adaware
2012-08-21 01:55 . 2012-09-14 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-08-21 01:45 . 2012-08-21 02:01 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-08-21 01:45 . 2012-08-21 01:54 -------- d-----w- c:\documents and settings\Stab\Local Settings\Application Data\Downloaded Installations
2012-08-21 01:40 . 2012-08-21 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-08-21 01:40 . 2012-08-21 01:40 -------- d-----w- c:\documents and settings\Stab\Local Settings\Application Data\CRE
2012-08-21 01:39 . 2012-08-21 01:39 -------- d-----w- c:\windows\system32\Extensions
2012-08-21 01:39 . 2012-08-21 01:39 -------- d-----w- c:\windows\system32\searchplugins
2012-08-18 18:44 . 2012-08-18 18:44 -------- d-----w- c:\documents and settings\Helen\Application Data\My Games
2012-08-16 00:35 . 2012-08-16 00:35 -------- d-----w- c:\documents and settings\Stab\Application Data\My Games
2012-08-16 00:13 . 2012-08-16 00:13 -------- d-----w- c:\program files\Firaxis Games
2012-08-16 00:09 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-16 00:08 . 2012-08-16 00:08 -------- d-----w- c:\documents and settings\Stab\Application Data\InstallShield
2012-08-16 00:01 . 2012-08-16 00:01 -------- d-----w- c:\documents and settings\Stab\Application Data\XMedia Recode
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 02:10 . 2012-05-14 22:56 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-13 02:10 . 2012-05-14 22:56 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 02:10 . 2012-05-14 22:56 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-13 02:10 . 2012-05-14 22:56 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-06 13:58 . 2001-08-23 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-07-23 21:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2012-01-27 00:53 385024 ----a-w- c:\windows\system32\html.iec
2012-07-01 22:56 . 2012-07-01 22:55 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2012-07-01 22:56 . 2012-07-01 22:55 81920 ----a-w- c:\windows\ALCFDRTM.VER
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-13_20.48.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-14 16:06 . 2012-09-14 16:06 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2011-11-23 7608832]
"Spotify Web Helper"="c:\documents and settings\Helen\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-09-01 1193176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SMessaging"="c:\documents and settings\Bobby\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe" [2012-04-04 31664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Helen\Start Menu\Programs\Startup\
Epson scanner Registration.lnk - i:\common\EpsonReg\Ereg.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TweetDeck.lnk - c:\program files\TweetDeck\TweetDeck.exe [2012-2-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-13 02:10 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Helen\\Application Data\\Spotify\\spotify.exe"=
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/31/2012 8:30 PM 374184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/13/2012 4:42 PM 399432]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 1:10 PM 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/13/2012 4:37 PM 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/13/2012 4:37 PM 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/13/2012 4:37 PM 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 7:51 PM 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1006Core.job
- c:\documents and settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 15:00]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1006UA.job
- c:\documents and settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 15:00]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1007Core.job
- c:\documents and settings\Stab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 01:08]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1007UA.job
- c:\documents and settings\Stab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 01:08]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1009Core.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 16:02]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1957994488-682003330-1009UA.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 16:02]
.
2012-09-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WhiteSmoke_US_New Toolbar - c:\program files\WhiteSmoke_US_New\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-14 11:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-09-14 11:28:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-14 16:28
ComboFix2.txt 2012-09-13 20:50
.
Pre-Run: 82,409,066,496 bytes free
Post-Run: 82,484,948,992 bytes free
.
- - End Of File - - 66944AD4A9629E5B98A6A9C7BDA8BE80
Upload was successful
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Sep-2012, 01:36 PM #15
how is it now

are you having any problems still
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑