1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Personal Internet Security 2011/+Web Redirect+

Discussion in 'Virus & Other Malware Removal' started by JustinOutlaw, Jan 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. JustinOutlaw

    JustinOutlaw Thread Starter

    Joined:
    Sep 2, 2007
    Messages:
    41
    A month or so ago I downloaded a "free online virus scan" to give my baby a checkup, and of course it would come loaded with a pestering virus that none of my three AV's would pick up.

    After ignoring endless popups for as long as I could, I restarted in safe mode, ran rKill, CCleaner and MBAM, and rid myself of the Personal Internet Security foe I had faced. (Actually it took several more tries than I said here, but this is my latest step)

    After a few days of a clean (lol) desktop, I noticed my Chrome browser had been doing a lot of redirecting. Was Google playing tricks on me? No, in fact I've come to realize this redirecting problem is fairly aggravating around these parts.

    I begun searching for similar requests, and found a very common theme in the area of "Try this", "Didn't work", "Hmm. Try this", "Nope..." "Hmmm......"

    I'm not arguing that this is a difficult virus, or that your work hasn't been tremendous and tiring, but surely there's a better way of narrowing down the options? Or at the very least, having one method that works better over the others, though however perceptual?

    OK, not the place for philosophy. What can I do, doc?

    [[ I ran Hijackthis and mid-scan it told me my hosts file wasn't allowed for writing, and I needed to delete what they told me to. But I'm not sure that part to delete.]]


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:31:06 PM, on 1/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17093)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\notepad.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25522
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 88.198.198.206 www.google.com
    O1 - Hosts: 88.198.198.206 google.com
    O1 - Hosts: 88.198.198.206 google.com.au
    O1 - Hosts: 88.198.198.206 www.google.com.au
    O1 - Hosts: 88.198.198.206 google.be
    O1 - Hosts: 88.198.198.206 www.google.be
    O1 - Hosts: 88.198.198.206 google.com.br
    O1 - Hosts: 88.198.198.206 www.google.com.br
    O1 - Hosts: 88.198.198.206 google.ca
    O1 - Hosts: 88.198.198.206 www.google.ca
    O1 - Hosts: 88.198.198.206 google.ch
    O1 - Hosts: 88.198.198.206 www.google.ch
    O1 - Hosts: 88.198.198.206 google.de
    O1 - Hosts: 88.198.198.206 www.google.de
    O1 - Hosts: 88.198.198.206 google.dk
    O1 - Hosts: 88.198.198.206 www.google.dk
    O1 - Hosts: 88.198.198.206 google.fr
    O1 - Hosts: 88.198.198.206 www.google.fr
    O1 - Hosts: 88.198.198.206 google.ie
    O1 - Hosts: 88.198.198.206 www.google.ie
    O1 - Hosts: 88.198.198.206 google.it
    O1 - Hosts: 88.198.198.206 www.google.it
    O1 - Hosts: 88.198.198.206 google.co.jp
    O1 - Hosts: 88.198.198.206 www.google.co.jp
    O1 - Hosts: 88.198.198.206 google.nl
    O1 - Hosts: 88.198.198.206 www.google.nl
    O1 - Hosts: 88.198.198.206 google.no
    O1 - Hosts: 88.198.198.206 www.google.no
    O1 - Hosts: 88.198.198.206 google.co.nz
    O1 - Hosts: 88.198.198.206 www.google.co.nz
    O1 - Hosts: 88.198.198.206 google.pl
    O1 - Hosts: 88.198.198.206 www.google.pl
    O1 - Hosts: 88.198.198.206 google.se
    O1 - Hosts: 88.198.198.206 www.google.se
    O1 - Hosts: 88.198.198.206 google.co.uk
    O1 - Hosts: 88.198.198.206 www.google.co.uk
    O1 - Hosts: 88.198.198.206 google.co.za
    O1 - Hosts: 88.198.198.206 www.google.co.za
    O1 - Hosts: 88.198.198.206 www.google-analytics.com
    O1 - Hosts: 88.198.198.206 www.bing.com
    O1 - Hosts: 88.198.198.206 search.yahoo.com
    O1 - Hosts: 88.198.198.206 www.search.yahoo.com
    O1 - Hosts: 88.198.198.206 uk.search.yahoo.com
    O1 - Hosts: 88.198.198.206 ca.search.yahoo.com
    O1 - Hosts: 88.198.198.206 de.search.yahoo.com
    O1 - Hosts: 88.198.198.206 fr.search.yahoo.com
    O1 - Hosts: 88.198.198.206 au.search.yahoo.com
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: Trillian Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    O4 - HKLM\..\Run: [GEST] m‘|\ü
    O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [TNDDOCK] "C:\Program Files\Rand McNally\Rand McNally TND Dock\TNDDock.exe" -auto
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
    O4 - HKCU\..\Run: [BID Drop Box] "C:\Program Files\Bulk Image Downloader\BIDDropBox.exe"
    O4 - HKCU\..\Run: [Bionix Wallpaper] "C:\Program Files\BioniX Wallpaper\Bionix Wallpaper.exe"
    O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [mnumsg.exe] C:\Program Files\MyShoppingGenie\mnumsg.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steampowered\Steam.exe" -silent
    O4 - HKCU\..\Run: [Screenshot Studio] "C:\Program Files\Screenshot Studio\sstudio.exe"
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Kevin\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O4 - Global Startup: Taggtool.lnk = C:\Program Files\Taggtool\Taggtool Desktop\Tagg.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
    O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
    O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
    O8 - Extra context menu item: Open current page with BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
    O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

    --
    End of file - 19905 bytes
     
  2. JustinOutlaw

    JustinOutlaw Thread Starter

    Joined:
    Sep 2, 2007
    Messages:
    41
    Also, could someone tell me what's in the Hijackthis log file I posted? I'm interested in learning these things. Thanks!
    -JO
     
  3. JustinOutlaw

    JustinOutlaw Thread Starter

    Joined:
    Sep 2, 2007
    Messages:
    41
    DDS:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
    Run by Kevin at 19:46:18.96 on Tue 01/11/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2715 [GMT -8:00]

    AV: Personal Internet Security 2011 *Enabled/Updated* {13A89E2B-8C3D-42B0-9EAD-4B987F546F91}
    AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Personal Internet Security 2011 *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\downloads\Chrome Downloads\e60mwt8g.exe
    C:\Downloads\Orbit Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1:25522
    uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
    uRun: [fsm]
    uRun: [BID Drop Box] "c:\program files\bulk image downloader\BIDDropBox.exe"
    uRun: [Bionix Wallpaper] "c:\program files\bionix wallpaper\Bionix Wallpaper.exe"
    uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
    uRun: [mnumsg.exe] c:\program files\myshoppinggenie\mnumsg.exe
    uRun: [Steam] "c:\program files\steampowered\Steam.exe" -silent
    uRun: [Screenshot Studio] "c:\program files\screenshot studio\sstudio.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
    mRun: [GEST] m‘|\ü
    mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe
    mRun: [AlcWzrd] ALCWZRD.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
    mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [TNDDOCK] "c:\program files\rand mcnally\rand mcnally tnd dock\TNDDock.exe" -auto
    dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kevin\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taggtool.lnk - c:\program files\taggtool\taggtool desktop\Tagg.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
    IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
    IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm
    IE: Open current page with BID Link Explorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\e7jqlnch.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=30-04-2010&tb_mrud=30-04-2010
    FF - prefs.js: browser.search.selectedEngine - search
    FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
    FF - prefs.js: network.proxy.http - 218.248.45.51
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\documents and settings\kevin\application data\mozilla\firefox\profiles\e7jqlnch.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\kevin\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Cooliris: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
    FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
    FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    FF - Ext: Linky: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: PageTweak: {15312e9a-4905-48da-aae4-15b24bdc2a24} - %profile%\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}
    FF - Ext: Page Scheduler: pageScheduler@kinshuk - %profile%\extensions\pageScheduler@kinshuk
    FF - Ext: My Weekly Browsing Schedule: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: GicExt: {86BC10F5-D0DD-4421-8DF0-544F602F6694} - %profile%\extensions\{86BC10F5-D0DD-4421-8DF0-544F602F6694}
    FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc
    FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: Search Toolbar: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============

    R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-1-12 12032]
    S0 vtqwoejq;vtqwoejq;c:\windows\system32\drivers\tlcmlbls.sys --> c:\windows\system32\drivers\tlcmlbls.sys [?]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-1-3 270928]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-3 163280]
    S1 avgio;avgio;\??\g:\temp\avira\antivir desktop\avgio.sys --> g:\temp\avira\antivir desktop\avgio.sys [?]
    S1 DVDHlp;DVDHlp Driver;c:\windows\system32\drivers\dvdhlp.sys --> c:\windows\system32\drivers\DVDHlp.sys [?]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-3 19024]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-23 60936]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-10 68136]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
    S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-27 10384]
    S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
    S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2010-4-25 66944]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-8-18 19056]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"g:\temp\avira\antivir desktop\sched.exe" --> g:\temp\avira\antivir desktop\sched.exe [?]
    S4 AntiVirService;Avira AntiVir Guard;"g:\temp\avira\antivir desktop\avguard.exe" --> g:\temp\avira\antivir desktop\avguard.exe [?]

    =============== Created Last 30 ================

    2011-01-12 02:27:07 98816 ----a-w- c:\windows\sed.exe
    2011-01-12 02:27:07 89088 ----a-w- c:\windows\MBR.exe
    2011-01-12 02:27:07 256512 ----a-w- c:\windows\PEV.exe
    2011-01-12 02:27:07 161792 ----a-w- c:\windows\SWREG.exe
    2011-01-12 02:26:42 -------- d-s---w- C:\ComboFix
    2011-01-12 01:32:58 388096 ----a-r- c:\docume~1\kevin\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-12 01:32:58 -------- d-----w- c:\program files\Trend Micro
    2011-01-11 05:25:45 -------- d-----w- C:\.jagex_cache_32
    2011-01-09 09:21:47 -------- d-----w- c:\documents and settings\kevin\kwork
    2011-01-08 10:49:27 -------- d-----w- c:\program files\Speccy
    2011-01-06 03:33:52 -------- d-----w- c:\docume~1\kevin\locals~1\applic~1\Rand_McNally
    2011-01-06 03:33:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\TNDDock
    2011-01-06 03:33:51 -------- d-----w- C:\logs
    2011-01-06 03:33:35 -------- d-----w- c:\program files\Rand McNally
    2011-01-05 02:52:43 418816 ----a-w- c:\docume~1\alluse~1\applic~1\QunMknIyHJtwbe.dll
    2011-01-05 02:37:02 467456 ----a-w- c:\docume~1\alluse~1\applic~1\LBSYdYrDlalNvk.exe
    2011-01-05 02:37:01 467456 ----a-w- c:\windows\system32\update.exe
    2011-01-04 04:22:53 -------- d-----w- c:\program files\MBAM2
    2011-01-04 04:16:49 -------- d-----w- C:\Google
    2011-01-04 03:49:29 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PIMGRS
    2011-01-04 03:48:03 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\097ca0
    2011-01-04 03:22:15 270928 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-01-03 03:03:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-01-02 00:22:51 -------- d-----w- c:\docume~1\kevin\applic~1\Taggtool
    2010-12-28 03:41:41 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\System Restore
    2010-12-28 03:27:29 -------- d-----w- c:\program files\Screenshot Studio
    2010-12-24 04:38:06 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2010-12-24 04:33:57 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2010-12-24 04:33:57 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2010-12-24 04:33:57 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2010-12-24 04:33:56 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2010-12-24 04:33:56 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2010-12-24 04:33:55 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2010-12-23 03:54:07 -------- d-----w- c:\program files\Steampowered
    2010-12-22 04:43:01 -------- d-----w- c:\docume~1\kevin\locals~1\applic~1\Mindjet
    2010-12-22 04:42:47 5632 ----a-w- c:\windows\system32\pxc25pm.dll
    2010-12-22 04:42:43 258352 ----a-w- c:\windows\system32\unicows.dll
    2010-12-22 04:41:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Mindjet
    2010-12-22 04:41:55 -------- d-----w- c:\program files\Mindjet
    2010-12-22 04:41:15 -------- d-----w- c:\docume~1\kevin\locals~1\applic~1\{59187FCC-F4A4-40DF-8044-753DD94A7B6D}
    2010-12-20 06:11:13 -------- d-----w- c:\docume~1\kevin\applic~1\Dropbox
    2010-12-16 21:39:52 -------- d-----w- c:\docume~1\kevin\applic~1\Local
    2010-12-16 03:31:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-16 03:27:17 -------- d-----w- c:\windows\.jagex_cache_32
    2010-12-16 03:26:25 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    ==================== Find3M ====================

    2011-01-12 01:15:55 16608 ----a-w- c:\windows\gdrv.sys
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-17 07:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3500320AS rev.SD81 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-12

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ADCA555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8add07b0]; MOV EAX, [0x8add082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8AD50AB8]
    3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000071[0x8ADF5420]
    5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8AE36A48]
    \Driver\atapi[0x8AC8DF38] -> IRP_MJ_CREATE -> 0x8ADCA555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-12 -> \??\IDE#DiskST3500320AS_____________________________SD81____#5&29ceaffc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8ADCA39B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 19:48:16.21 ===============


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ark.txt
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-11 20:01:09
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST3500320AS rev.SD81
    Running: e60mwt8g.exe; Driver: C:\DOCUME~1\Kevin\LOCALS~1\Temp\pxtdqpob.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D2000A
    .text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D3000A
    .text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D1000C
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\WINDOWS\System32\svchost.exe[3332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AF000A
    .text C:\WINDOWS\System32\svchost.exe[3332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B0000A
    .text C:\WINDOWS\System32\svchost.exe[3332] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AE000C
    .text C:\WINDOWS\System32\svchost.exe[3332] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 012E000A
    .text C:\WINDOWS\System32\svchost.exe[3332] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F2000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1396] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1412] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1428] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1464] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1480] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1524] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1956] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010
    IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00300010

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8ADCA39B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8ADCA39B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8ADCA39B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8ADCA39B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8ADCA39B
    Device \Device\Ide\IdeDeviceP1T0L0-12 -> \??\IDE#DiskST3500320AS_____________________________SD81____#5&29ceaffc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Thanks in advance!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Attached Files:

  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974146