Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer is "stuttering". Is it hardware or software-related

Started by fishmael , Jun 13 2010 06:48 PM

This topic is locked

#1
fishmael

Posted 13 June 2010 - 06:48 PM

Member

Member
13 posts

Hi all, I'm running an Acer Extensa 4640Z that came with Vista, but 6 months ago I put Windows 7 on. I haven't had many problems sans the occasional audio stuttering, no matter the program. Acer's site didn't have any specifically Windows 7 audio drivers for the computer either, so I'm not sure if that's related. But as of recent, the computer, on and off, has been stuttering, even after a reboot, and there really aren't many programs or applications on it. I got zero results with HouseCall, and Spybot cleared the few pieces of malware on it. It's a generally clean computer.

But how can I tell if my programs are hardware or software related? I'm worried, that while moving, the harddrive was damaged and that's what's responsible for the "skipping" or "stuttering" of my computer's performance. And it seems alright now, and I'm working on it right now, but I'm sure the problems will return when I get back to my apartment unless I do something soon. Here's a HijackThis log.

[size="2"]Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:47:21 PM, on 6/13/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5945 bytes

Thanks in advance, folks! I appreciate you reading my topic!

#2
fishmael

Posted 14 June 2010 - 01:37 AM

Member

Topic Starter
Member
13 posts

Bump! Want to take care of this tomorrow please

)

#3
fishmael

Posted 14 June 2010 - 01:03 PM

Member

Topic Starter
Member
13 posts

Update: This is what's going on with my computer while it's "stuttering"
see image

I'm really not sure what to do, or how I can diagnose the issue. Please help me.

#4
jwang01

Posted 16 June 2010 - 06:20 PM

Trusted Helper

Malware Removal
2,567 posts

Hello fishmael and welcome to GeeksToGo.

I am jwang01 and I will be assisting you with your issue.

Sorry for the delay.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

Let's make sure this is not a malware. Have you installed anything new on the computer right around the time the problems started?

Please go to the Malware and Spyware Cleaning Guide and follow all of the steps there. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the MBAM, GMER, and OTL Logs in this thread.

#5
fishmael

Posted 17 June 2010 - 03:57 PM

Member

Topic Starter
Member
13 posts

Hi Jwang. Thanks for trying to assist me.

No, I have not installed anything recently that might have done anything weird to my computer.
I want to note that I've run a lot of malware removal stuff already, using the Geek Squad MRI disc to run some diagnostics. It still hasn't taken care of the problem. And I'm increasingly beginning to believe that my problems are hardware related, although i don't know of any other tests to run. Perhaps my harddrive is damaged?
Anyway, with MBAM, I had no results. I didnt' see a log appear either, unfortunately.

I was running GMER and my computer actually bluescreened during my scan. I'll try it again after I post this.

OTL has been working alright, here are my logs. they are quite long. thank you.

OTL logfile created on: 6/17/2010 2:43:30 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Administrator\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 9.21 Gb Free Space | 13.25% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 38.21 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTNEWTONIANPC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/17 14:13:37 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2010/06/01 22:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/05/07 18:06:04 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/05/07 18:04:20 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/17 04:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (SafeList) ==========

MOD - [2010/06/17 14:13:37 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/12 11:45:22 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/05/07 18:04:20 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/05/07 18:01:04 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/02/27 16:13:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/12/17 15:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/09 14:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/19 08:57:14 | 000,604,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2009/06/03 18:09:26 | 005,915,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/03/15 03:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/02/18 23:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.npr.org/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ea848344-1e6a-43e9-9cf8-301358888a43}:0.1.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 00:34:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/27 00:34:47 | 000,000,000 | ---D | M]

[2009/11/12 22:44:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010/06/13 17:36:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\c4t2vlwq.default\extensions
[2010/01/26 19:36:33 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\c4t2vlwq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/19 23:20:45 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\c4t2vlwq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/10 13:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\c4t2vlwq.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/18 13:40:41 | 000,000,000 | ---D | M] (Purity) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\c4t2vlwq.default\extensions\{ea848344-1e6a-43e9-9cf8-301358888a43}
[2010/03/31 11:47:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\c4t2vlwq.default\extensions\[email protected]
[2009/12/18 13:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\c4t2vlwq.default\extensions\{ea848344-1e6a-43e9-9cf8-301358888a43}\chrome\mozapps\extensions
[2010/06/13 17:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 16:30:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/12/10 13:03:36 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [F.lux] C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.12.1.3 10.12.1.10
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a93176d-d483-11de-bd9a-001eecdebea3}\Shell - "" = AutoRun
O33 - MountPoints2\{3a93176d-d483-11de-bd9a-001eecdebea3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 19:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.IV31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: VIDC.IV32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/17 14:12:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010/06/17 14:12:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/17 14:12:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/17 14:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/17 14:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/16 22:18:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2010/06/16 21:18:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\MRI_Updates
[2010/06/15 01:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2010/06/12 16:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/12 16:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/12 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/12 11:45:38 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010/06/12 11:45:29 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010/06/12 11:45:29 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010/06/12 11:44:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010/06/12 11:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/06/12 11:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010/06/12 11:44:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/06/11 16:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/25 18:04:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\images
[2010/04/15 20:38:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\TurboTax
[2010/04/15 20:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Intuit
[2010/04/15 20:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/15 20:26:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\IsolatedStorage
[2010/04/15 20:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/04/15 20:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2010/04/15 20:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/04/05 08:53:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\instrumeaking
[2010/04/05 08:53:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\jhola bags
[2010/04/05 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\fashion
[2010/04/05 08:41:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Things images and video
[2010/04/02 16:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/03/21 11:13:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/03/21 11:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/17 14:40:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/17 14:40:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/17 14:40:29 | 1557,147,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/17 14:37:48 | 002,097,152 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2010/06/17 14:24:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3203510313-2035094674-3070609536-500UA.job
[2010/06/17 14:20:15 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3203510313-2035094674-3070609536-500Core.job
[2010/06/17 14:12:52 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:35:38 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/16 22:35:38 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 23:31:16 | 001,597,473 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010/06/14 20:44:02 | 000,027,648 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/06/14 03:08:12 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat{e52ee4ad-779b-11df-a288-001eecdebea3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/14 03:08:12 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat{e52ee4ad-779b-11df-a288-001eecdebea3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 03:08:12 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat{e52ee4ad-779b-11df-a288-001eecdebea3}.TM.blf
[2010/06/14 03:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat{0c3b4818-779b-11df-8e46-001eecdebea3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/14 03:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat{0c3b4818-779b-11df-8e46-001eecdebea3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 03:04:30 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat{0c3b4818-779b-11df-8e46-001eecdebea3}.TM.blf
[2010/06/13 17:33:16 | 000,000,036 | ---- | M] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2010/06/12 16:44:14 | 000,002,999 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/06/12 11:45:21 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/06/12 11:45:21 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010/06/11 03:26:19 | 000,421,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/06 16:34:16 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/06 16:34:16 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/06 16:34:16 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/06 16:07:27 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2010/05/31 15:00:50 | 000,079,872 | ---- | M] () -- C:\Users\Administrator\Desktop\cheka final markup 5-31.doc
[2010/05/28 15:29:56 | 000,084,992 | ---- | M] () -- C:\Users\Administrator\Desktop\MNewton Cheka 3rd Draft for Rob.doc
[2010/05/27 18:19:54 | 000,066,048 | ---- | M] () -- C:\Users\Administrator\Desktop\cheka thursday.doc
[2010/05/25 18:34:42 | 000,306,284 | ---- | M] () -- C:\Users\Administrator\Desktop\pic5.jpg
[2010/05/19 09:02:59 | 000,012,146 | ---- | M] () -- C:\Users\Administrator\Desktop\enemy.docx
[2010/05/11 05:48:00 | 000,049,152 | ---- | M] () -- C:\Users\Administrator\Desktop\cheka crappy 2nd draft.doc
[2010/05/10 22:59:52 | 000,000,162 | -H-- | M] () -- C:\Users\Administrator\Desktop\~$eka latest.doc
[2010/05/07 18:06:54 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010/05/07 18:01:18 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010/05/07 18:01:04 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010/05/05 14:21:03 | 000,430,592 | ---- | M] () -- C:\Users\Administrator\Desktop\recceleadjusted.doc
[2010/05/05 13:46:17 | 000,214,195 | ---- | M] () -- C:\Users\Administrator\Desktop\ReCreationCelebrationNew.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 11:39:44 | 000,038,400 | ---- | M] () -- C:\Users\Administrator\Desktop\cheka first draft.doc
[2010/04/18 15:40:12 | 000,063,871 | ---- | M] () -- C:\Users\Administrator\Desktop\loftoncherry.jpg
[2010/04/18 13:54:20 | 000,064,757 | ---- | M] () -- C:\Users\Administrator\Desktop\mandigo_header_1.JPG
[2010/04/15 21:28:07 | 000,214,783 | ---- | M] () -- C:\Users\Administrator\Documents\2009 Newton M Form 1040 Individual Tax Return new.pdf
[2010/04/15 21:27:52 | 000,224,127 | ---- | M] () -- C:\Users\Administrator\Documents\2009 Newton M Form 1040 Individual Tax Return.pdf
[2010/04/15 20:31:54 | 000,111,368 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/15 20:27:30 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/05 09:19:14 | 000,215,930 | ---- | M] () -- C:\Users\Administrator\Desktop\RecreationCelebration.jpg
[2010/04/05 08:42:51 | 000,095,573 | ---- | M] () -- C:\Users\Administrator\Desktop\bike icon.jpg
[2010/04/04 15:45:11 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/04/04 15:29:24 | 000,064,033 | ---- | M] () -- C:\Users\Administrator\Desktop\lifeofthings.fcp
[2010/04/04 15:28:48 | 054,003,490 | ---- | M] () -- C:\Users\Administrator\Desktop\lifeofthings.avi
[2010/03/31 11:57:26 | 000,007,835 | ---- | M] () -- C:\Users\Administrator\Desktop\bg-1024.png
[2 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/17 14:12:52 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 03:07:37 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat{e52ee4ad-779b-11df-a288-001eecdebea3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/14 03:07:37 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat{e52ee4ad-779b-11df-a288-001eecdebea3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 03:07:37 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat{e52ee4ad-779b-11df-a288-001eecdebea3}.TM.blf
[2010/06/14 03:02:47 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat{0c3b4818-779b-11df-8e46-001eecdebea3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/14 03:02:47 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat{0c3b4818-779b-11df-8e46-001eecdebea3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 03:02:46 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat{0c3b4818-779b-11df-8e46-001eecdebea3}.TM.blf
[2010/06/13 17:33:16 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2010/06/12 16:44:14 | 000,002,999 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/06/12 11:45:21 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/06/12 11:45:21 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010/06/06 17:03:37 | 000,038,400 | ---- | C] () -- C:\Users\Administrator\Desktop\cheka first draft.doc
[2010/06/06 17:03:18 | 000,079,872 | ---- | C] () -- C:\Users\Administrator\Desktop\cheka final markup 5-31.doc
[2010/06/06 17:03:12 | 000,066,048 | ---- | C] () -- C:\Users\Administrator\Desktop\cheka thursday.doc
[2010/05/31 14:53:44 | 000,084,992 | ---- | C] () -- C:\Users\Administrator\Desktop\MNewton Cheka 3rd Draft for Rob.doc
[2010/05/25 18:34:41 | 000,306,284 | ---- | C] () -- C:\Users\Administrator\Desktop\pic5.jpg
[2010/05/18 19:46:46 | 000,012,146 | ---- | C] () -- C:\Users\Administrator\Desktop\enemy.docx
[2010/05/10 22:59:52 | 000,000,162 | -H-- | C] () -- C:\Users\Administrator\Desktop\~$eka latest.doc
[2010/05/10 22:59:46 | 000,049,152 | ---- | C] () -- C:\Users\Administrator\Desktop\cheka crappy 2nd draft.doc
[2010/05/05 13:36:03 | 000,214,195 | ---- | C] () -- C:\Users\Administrator\Desktop\ReCreationCelebrationNew.jpg
[2010/04/18 13:54:13 | 000,064,757 | ---- | C] () -- C:\Users\Administrator\Desktop\mandigo_header_1.JPG
[2010/04/15 21:28:06 | 000,214,783 | ---- | C] () -- C:\Users\Administrator\Documents\2009 Newton M Form 1040 Individual Tax Return new.pdf
[2010/04/15 21:27:51 | 000,224,127 | ---- | C] () -- C:\Users\Administrator\Documents\2009 Newton M Form 1040 Individual Tax Return.pdf
[2010/04/15 20:27:30 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/05 09:19:14 | 000,215,930 | ---- | C] () -- C:\Users\Administrator\Desktop\RecreationCelebration.jpg
[2010/04/05 09:16:03 | 000,430,592 | ---- | C] () -- C:\Users\Administrator\Desktop\recceleadjusted.doc
[2010/04/05 08:42:49 | 000,095,573 | ---- | C] () -- C:\Users\Administrator\Desktop\bike icon.jpg
[2010/04/04 15:45:11 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/04/04 15:31:37 | 000,064,033 | ---- | C] () -- C:\Users\Administrator\Desktop\lifeofthings.fcp
[2010/04/04 15:31:30 | 054,003,490 | ---- | C] () -- C:\Users\Administrator\Desktop\lifeofthings.avi
[2010/03/31 14:51:47 | 000,063,871 | ---- | C] () -- C:\Users\Administrator\Desktop\loftoncherry.jpg
[2010/03/31 11:57:26 | 000,007,835 | ---- | C] () -- C:\Users\Administrator\Desktop\bg-1024.png
[2010/03/21 11:13:20 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/03/21 11:13:20 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/06/16 21:22:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\foobar2000
[2009/12/10 13:03:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit
[2010/03/18 21:30:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software
[2009/11/30 04:44:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lingoes
[2010/01/13 01:20:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Research In Motion
[2010/06/12 11:44:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010/06/16 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2010/02/18 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wizards of the Coast
[2009/07/13 21:53:46 | 000,019,960 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/11/12 14:11:48 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/17 14:40:29 | 1557,147,648 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/29 04:04:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/29 04:04:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/17 14:40:29 | 2076,196,864 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 18:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[2009/07/13 18:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 18:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll

< End of report >

OTL Extras logfile created on: 6/17/2010 2:43:30 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Administrator\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 9.21 Gb Free Space | 13.25% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 38.21 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTNEWTONIANPC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{62D53173-8A71-4CBA-B9F8-A64AB61994B8}" = Façade
"{64C85B95-E971-4705-B3ED-D4A0153C0D5B}" = SAMSUNG USB Driver for Mobile Phones V5.2.0.0
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{97E988A2-0834-4284-B12B-991835E7CB70}" = SamsungSimpleDL
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E896DA69-F993-440E-8515-EB197EFB284F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.33
"Ask Toolbar_is1" = Foxit Toolbar
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Digsby" = Digsby
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v0.9.6.9
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{97E988A2-0834-4284-B12B-991835E7CB70}" = SamsungSimpleDL
"LastFM_is1" = Last.fm 1.5.4.24567
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PowerISO" = PowerISO
"TuneUp Utilities" = TuneUp Utilities
"TurboTax 2009" = TurboTax 2009
"TVWiz" = Intel® TV Wizard
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2010 12:42:13 AM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

Error - 6/13/2010 6:40:07 PM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

Error - 6/14/2010 4:25:16 AM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

Error - 6/14/2010 6:19:54 AM | Computer Name = MattNewtonianPC | Source = Windows Search Service | ID = 1019
Description =

Error - 6/14/2010 10:33:33 PM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

Error - 6/14/2010 11:26:59 PM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 1:47:06 AM | Computer Name = MattNewtonianPC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/17/2010 3:25:35 AM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 4:25:35 AM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

Error - 6/17/2010 5:10:10 PM | Computer Name = MattNewtonianPC | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 3/8/2010 8:43:32 PM | Computer Name = MattNewtonianPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11804
seconds with 3480 seconds of active time. This session ended with a crash.

Error - 5/27/2010 2:31:53 AM | Computer Name = MattNewtonianPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 74 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/14/2010 6:17:29 AM | Computer Name = MattNewtonianPC | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 6/14/2010 6:17:29 AM | Computer Name = MattNewtonianPC | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

Error - 6/14/2010 6:18:40 AM | Computer Name = MattNewtonianPC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 6/14/2010 10:45:35 PM | Computer Name = MattNewtonianPC | Source = bowser | ID = 8003
Description =

Error - 6/14/2010 10:57:23 PM | Computer Name = MattNewtonianPC | Source = bowser | ID = 8003
Description =

Error - 6/17/2010 1:19:58 AM | Computer Name = MattNewtonianPC | Source = bowser | ID = 8003
Description =

Error - 6/17/2010 1:28:12 AM | Computer Name = MattNewtonianPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:22:04 PM on ?6/?16/?2010 was unexpected.

Error - 6/17/2010 2:32:02 AM | Computer Name = MattNewtonianPC | Source = bowser | ID = 8003
Description =

Error - 6/17/2010 5:40:33 PM | Computer Name = MattNewtonianPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:39:21 PM on ?6/?17/?2010 was unexpected.

Error - 6/17/2010 5:40:36 PM | Computer Name = MATTNEWTONIANPC | Source = BugCheck | ID = 1001
Description =

< End of report >

#6
fishmael

Posted 17 June 2010 - 04:26 PM

Member

Topic Starter
Member
13 posts

Got GMER all set. Here we are. Sorry for the google chrome crap.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-17 15:25:14
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fwtorpob.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C283F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C286F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C88599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 93088C9D 28 Bytes [9E, 15, 68, CE, DC, AD, FF, ...]
.text peauth.sys 93088CC1 28 Bytes [9E, 15, 68, CE, DC, AD, FF, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[956] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[1360] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2820] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E257EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2587D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E25A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2856] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtCreateFile + 6 76E24A16 4 Bytes [28, 00, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtCreateFile + B 76E24A1B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenFile + 6 76E25126 4 Bytes [68, 00, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenFile + B 76E2512B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcess + 6 76E251D6 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcess + B 76E251DB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessToken + 6 76E251E6 4 Bytes CALL 75E267EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessToken + B 76E251EB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessTokenEx + 6 76E251F6 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenProcessTokenEx + B 76E251FB 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThread + 6 76E25256 4 Bytes [68, 01, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThread + B 76E2525B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadToken + 6 76E25266 4 Bytes [68, 02, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadToken + B 76E2526B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadTokenEx + 6 76E25276 4 Bytes CALL 75E2687D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtOpenThreadTokenEx + B 76E2527B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryAttributesFile + 6 76E25386 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryAttributesFile + B 76E2538B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryFullAttributesFile + 6 76E25436 4 Bytes CALL 75E26A3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtQueryFullAttributesFile + B 76E2543B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationFile + 6 76E25A86 4 Bytes [28, 01, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationFile + B 76E25A8B 1 Byte [E2]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationThread + 6 76E25AE6 4 Bytes [28, 02, 16, 00]
.text C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe[2928] ntdll.dll!NtSetInformationThread + B 76E25AEB 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#7
jwang01

Posted 17 June 2010 - 06:39 PM

Trusted Helper

Malware Removal
2,567 posts

Hello,

I must say things are looking good in your logs. Let's try one more scan to be sure.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#8
fishmael

Posted 18 June 2010 - 04:47 PM

Member

Topic Starter
Member
13 posts

Hey,

For some reason I had to install the program, I think at one point I removed Internet Explorer. And it didn't save a log, but everything came up clean, there were ZERO results.

Ugh. But thanks for the suggestion.

#9
jwang01

Posted 18 June 2010 - 05:19 PM

Trusted Helper

Malware Removal
2,567 posts

Hello,

Ok, I don't think your dealing with a malware issue here. I would suggest creating a thread in the Windows Vista/Windows 7 forum and let one of the tech staff help you out as the will be able to offer more assistance in that area than I can. If you wish, you can post a link to the thread you created over there back here and I can let them know I sent you over there.

Also, in that thread, let them know you posted over here and were cleared of any malware.