Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Please check my log...Computer running S ...
Go to first new post Browser shutdown
Go to first new post Possible Search Conduit Virus or Hijack
Go to first new post AxentraLog and FXSAPIDebugLogFile
Go to first new post Click live search redirect..........Help ...
Go to first new post Sudden failure of utilities
Go to first new post Trojan virus
Go to first new post Laptop is acting weird
Go to first new post Freezing Computer and beyond ridiculousl ...
Go to first new post Pop-Ups, Webpages don't load properly
Go to first new post Infected with "Police Cybercrime In ...
Go to first new post Search Conduit Virus
Go to first new post Bsod!!!!
Go to first new post Windows 8 running slowly
Go to first new post Unable to turn on Windows Security Centr ...
Search Search
Search for:
Tech Support Guy Forums > > >

Personal Internet Security 2011/+Web Redirect+

(In Progress)
(!)

Reply
JustinOutlaw's Avatar
Member with 41 posts.
THREAD STARTER
  
Join Date: Sep 2007
Location: uranus.
Experience: I know some stuff.
11-Jan-2011, 10:36 PM #1
Angry Personal Internet Security 2011/+Web Redirect+
A month or so ago I downloaded a "free online virus scan" to give my baby a checkup, and of course it would come loaded with a pestering virus that none of my three AV's would pick up.

After ignoring endless popups for as long as I could, I restarted in safe mode, ran rKill, CCleaner and MBAM, and rid myself of the Personal Internet Security foe I had faced. (Actually it took several more tries than I said here, but this is my latest step)

After a few days of a clean (lol) desktop, I noticed my Chrome browser had been doing a lot of redirecting. Was Google playing tricks on me? No, in fact I've come to realize this redirecting problem is fairly aggravating around these parts.

I begun searching for similar requests, and found a very common theme in the area of "Try this", "Didn't work", "Hmm. Try this", "Nope..." "Hmmm......"

I'm not arguing that this is a difficult virus, or that your work hasn't been tremendous and tiring, but surely there's a better way of narrowing down the options? Or at the very least, having one method that works better over the others, though however perceptual?

OK, not the place for philosophy. What can I do, doc?

[[ I ran Hijackthis and mid-scan it told me my hosts file wasn't allowed for writing, and I needed to delete what they told me to. But I'm not sure that part to delete.]]


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:31:06 PM, on 1/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25522
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 88.198.198.206 www.google.com
O1 - Hosts: 88.198.198.206 google.com
O1 - Hosts: 88.198.198.206 google.com.au
O1 - Hosts: 88.198.198.206 www.google.com.au
O1 - Hosts: 88.198.198.206 google.be
O1 - Hosts: 88.198.198.206 www.google.be
O1 - Hosts: 88.198.198.206 google.com.br
O1 - Hosts: 88.198.198.206 www.google.com.br
O1 - Hosts: 88.198.198.206 google.ca
O1 - Hosts: 88.198.198.206 www.google.ca
O1 - Hosts: 88.198.198.206 google.ch
O1 - Hosts: 88.198.198.206 www.google.ch
O1 - Hosts: 88.198.198.206 google.de
O1 - Hosts: 88.198.198.206 www.google.de
O1 - Hosts: 88.198.198.206 google.dk
O1 - Hosts: 88.198.198.206 www.google.dk
O1 - Hosts: 88.198.198.206 google.fr
O1 - Hosts: 88.198.198.206 www.google.fr
O1 - Hosts: 88.198.198.206 google.ie
O1 - Hosts: 88.198.198.206 www.google.ie
O1 - Hosts: 88.198.198.206 google.it
O1 - Hosts: 88.198.198.206 www.google.it
O1 - Hosts: 88.198.198.206 google.co.jp
O1 - Hosts: 88.198.198.206 www.google.co.jp
O1 - Hosts: 88.198.198.206 google.nl
O1 - Hosts: 88.198.198.206 www.google.nl
O1 - Hosts: 88.198.198.206 google.no
O1 - Hosts: 88.198.198.206 www.google.no
O1 - Hosts: 88.198.198.206 google.co.nz
O1 - Hosts: 88.198.198.206 www.google.co.nz
O1 - Hosts: 88.198.198.206 google.pl
O1 - Hosts: 88.198.198.206 www.google.pl
O1 - Hosts: 88.198.198.206 google.se
O1 - Hosts: 88.198.198.206 www.google.se
O1 - Hosts: 88.198.198.206 google.co.uk
O1 - Hosts: 88.198.198.206 www.google.co.uk
O1 - Hosts: 88.198.198.206 google.co.za
O1 - Hosts: 88.198.198.206 www.google.co.za
O1 - Hosts: 88.198.198.206 www.google-analytics.com
O1 - Hosts: 88.198.198.206 www.bing.com
O1 - Hosts: 88.198.198.206 search.yahoo.com
O1 - Hosts: 88.198.198.206 www.search.yahoo.com
O1 - Hosts: 88.198.198.206 uk.search.yahoo.com
O1 - Hosts: 88.198.198.206 ca.search.yahoo.com
O1 - Hosts: 88.198.198.206 de.search.yahoo.com
O1 - Hosts: 88.198.198.206 fr.search.yahoo.com
O1 - Hosts: 88.198.198.206 au.search.yahoo.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Trillian Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TNDDOCK] "C:\Program Files\Rand McNally\Rand McNally TND Dock\TNDDock.exe" -auto
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [BID Drop Box] "C:\Program Files\Bulk Image Downloader\BIDDropBox.exe"
O4 - HKCU\..\Run: [Bionix Wallpaper] "C:\Program Files\BioniX Wallpaper\Bionix Wallpaper.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [mnumsg.exe] C:\Program Files\MyShoppingGenie\mnumsg.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steampowered\Steam.exe" -silent
O4 - HKCU\..\Run: [Screenshot Studio] "C:\Program Files\Screenshot Studio\sstudio.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Kevin\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Taggtool.lnk = C:\Program Files\Taggtool\Taggtool Desktop\Tagg.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 19905 bytes
__________________
Robot Spacers & Falling Star Chacers
JustinOutlaw's Avatar
Member with 41 posts.
THREAD STARTER
  
Join Date: Sep 2007
Location: uranus.
Experience: I know some stuff.
11-Jan-2011, 10:39 PM #2
Also, could someone tell me what's in the Hijackthis log file I posted? I'm interested in learning these things. Thanks!
-JO
JustinOutlaw's Avatar
Member with 41 posts.
THREAD STARTER
  
Join Date: Sep 2007
Location: uranus.
Experience: I know some stuff.
11-Jan-2011, 11:05 PM #3
DDS:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Kevin at 19:46:18.96 on Tue 01/11/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2715 [GMT -8:00]

AV: Personal Internet Security 2011 *Enabled/Updated* {13A89E2B-8C3D-42B0-9EAD-4B987F546F91}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Personal Internet Security 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\downloads\Chrome Downloads\e60mwt8g.exe
C:\Downloads\Orbit Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:25522
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
mWinlogon: Userinit=userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [fsm]
uRun: [BID Drop Box] "c:\program files\bulk image downloader\BIDDropBox.exe"
uRun: [Bionix Wallpaper] "c:\program files\bionix wallpaper\Bionix Wallpaper.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [mnumsg.exe] c:\program files\myshoppinggenie\mnumsg.exe
uRun: [Steam] "c:\program files\steampowered\Steam.exe" -silent
uRun: [Screenshot Studio] "c:\program files\screenshot studio\sstudio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
mRun: [GEST] m‘|\ü
mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TNDDOCK] "c:\program files\rand mcnally\rand mcnally tnd dock\TNDDock.exe" -auto
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kevin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taggtool.lnk - c:\program files\taggtool\taggtool desktop\Tagg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\e7jqlnch.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=30-04-2010&tb_mrud=30-04-2010
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
FF - prefs.js: network.proxy.http - 218.248.45.51
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\kevin\application data\mozilla\firefox\profiles\e7jqlnch.default\extensions\piclens@cooliris. com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Linky: linky@gemal.dk - %profile%\extensions\linky@gemal.dk
FF - Ext: PageTweak: {15312e9a-4905-48da-aae4-15b24bdc2a24} - %profile%\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}
FF - Ext: Page Scheduler: pageScheduler@kinshuk - %profile%\extensions\pageScheduler@kinshuk
FF - Ext: My Weekly Browsing Schedule: myweeklybrowsingschedule@gmail.com - %profile%\extensions\myweeklybrowsingschedule@gmail.com
FF - Ext: GicExt: {86BC10F5-D0DD-4421-8DF0-544F602F6694} - %profile%\extensions\{86BC10F5-D0DD-4421-8DF0-544F602F6694}
FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc
FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-1-12 12032]
S0 vtqwoejq;vtqwoejq;c:\windows\system32\drivers\tlcmlbls.sys --> c:\windows\system32\drivers\tlcmlbls.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-1-3 270928]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-3 163280]
S1 avgio;avgio;\??\g:\temp\avira\antivir desktop\avgio.sys --> g:\temp\avira\antivir desktop\avgio.sys [?]
S1 DVDHlp;DVDHlp Driver;c:\windows\system32\drivers\dvdhlp.sys --> c:\windows\system32\drivers\DVDHlp.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-3 19024]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-23 60936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-10 68136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-27 10384]
S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2010-4-25 66944]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-8-18 19056]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"g:\temp\avira\antivir desktop\sched.exe" --> g:\temp\avira\antivir desktop\sched.exe [?]
S4 AntiVirService;Avira AntiVir Guard;"g:\temp\avira\antivir desktop\avguard.exe" --> g:\temp\avira\antivir desktop\avguard.exe [?]

=============== Created Last 30 ================

2011-01-12 02:27:07 98816 ----a-w- c:\windows\sed.exe
2011-01-12 02:27:07 89088 ----a-w- c:\windows\MBR.exe
2011-01-12 02:27:07 256512 ----a-w- c:\windows\PEV.exe
2011-01-12 02:27:07 161792 ----a-w- c:\windows\SWREG.exe
2011-01-12 02:26:42 -------- d-s---w- C:\ComboFix
2011-01-12 01:32:58 388096 ----a-r- c:\docume~1\kevin\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-12 01:32:58 -------- d-----w- c:\program files\Trend Micro
2011-01-11 05:25:45 -------- d-----w- C:\.jagex_cache_32
2011-01-09 09:21:47 -------- d-----w- c:\documents and settings\kevin\kwork
2011-01-08 10:49:27 -------- d-----w- c:\program files\Speccy
2011-01-06 03:33:52 -------- d-----w- c:\docume~1\kevin\locals~1\applic~1\Rand_McNally
2011-01-06 03:33:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\TNDDock
2011-01-06 03:33:51 -------- d-----w- C:\logs
2011-01-06 03:33:35 -------- d-----w- c:\program files\Rand McNally
2011-01-05 02:52:43 418816 ----a-w- c:\docume~1\alluse~1\applic~1\QunMknIyHJtwbe.dll
2011-01-05 02:37:02 467456 ----a-w- c:\docume~1\alluse~1\applic~1\LBSYdYrDlalNvk.exe
2011-01-05 02:37:01 467456 ----a-w- c:\windows\system32\update.exe
2011-01-04 04:22:53 -------- d-----w- c:\program files\MBAM2
2011-01-04 04:16:49 -------- d-----w- C:\Google
2011-01-04 03:49:29 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PIMGRS
2011-01-04 03:48:03 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\097ca0
2011-01-04 03:22:15 270928 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-01-03 03:03:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-02 00:22:51 -------- d-----w- c:\docume~1\kevin\applic~1\Taggtool
2010-12-28 03:41:41 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\System Restore
2010-12-28 03:27:29 -------- d-----w- c:\program files\Screenshot Studio
2010-12-24 04:38:06 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-12-24 04:33:57 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-12-24 04:33:57 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-12-24 04:33:57 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-12-24 04:33:56 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-12-24 04:33:56 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-12-24 04:33:55 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-12-23 03:54:07 -------- d-----w- c:\program files\Steampowered
2010-12-22 04:43:01 -------- d-----w- c:\docume~1\kevin\locals~1\applic~1\Mindjet
2010-12-22 04:42:47 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2010-12-22 04:42:43 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-22 04:41:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Mindjet
2010-12-22 04:41:55 -------- d-----w- c:\program files\Mindjet
2010-12-22 04:41:15 -------- d-----w- c:\docume~1\kevin\locals~1\applic~1\{59187FCC-F4A4-40DF-8044-753DD94A7B6D}
2010-12-20 06:11:13 -------- d-----w- c:\docume~1\kevin\applic~1\Dropbox
2010-12-16 21:39:52 -------- d-----w- c:\docume~1\kevin\applic~1\Local
2010-12-16 03:31:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 03:27:17 -------- d-----w- c:\windows\.jagex_cache_32
2010-12-16 03:26:25 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2011-01-12 01:15:55 16608 ----a-w- c:\windows\gdrv.sys
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 07:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500320AS rev.SD81 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-12

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ADCA555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8add07b0]; MOV EAX, [0x8add082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8AD50AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000071[0x8ADF5420]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8AE36A48]
\Driver\atapi[0x8AC8DF38] -> IRP_MJ_CREATE -> 0x8ADCA555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-12 -> \??\IDE#DiskST3500320AS_____________________________SD81____#5&29ceaffc&0&0 .0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8ADCA39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 19:48:16.21 ===============


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ark.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-11 20:01:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST3500320AS rev.SD81
Running: e60mwt8g.exe; Driver: C:\DOCUME~1\Kevin\LOCALS~1\Temp\pxtdqpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D1000C
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\System32\svchost.exe[3332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\svchost.exe[3332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\svchost.exe[3332] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AE000C
.text C:\WINDOWS\System32\svchost.exe[3332] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 012E000A
.text C:\WINDOWS\System32\svchost.exe[3332] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F2000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8ADCA39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8ADCA39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8ADCA39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8ADCA39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8ADCA39B
Device \Device\Ide\IdeDeviceP1T0L0-12 -> \??\IDE#DiskST3500320AS_____________________________SD81____#5&29ceaffc&0&0 .0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks in advance!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
__________________
Robot Spacers & Falling Star Chacers
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
25-Jan-2011, 03:31 AM #4
Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
2011, internet, personal, security, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Removed Personal Internet Security 2011...BUT Fanis Virus & Other Malware Removal 2 01-Jan-2011 12:46 AM
Internet Antivirus 2011 Pratap Virus & Other Malware Removal 4 09-Dec-2010 07:08 PM
Help Uninstalling CA Internet Security Suite Plus 2009 hesstruk General Security 0 06-Jul-2009 01:04 AM
Best Internet Security Suite? bushibashir General Security 3 30-Jun-2009 10:57 AM
Norton Internet Security broncrider051990 General Security 6 17-Feb-2009 06:24 AM

TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 03:20 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑