Spybot has not been able to remove it. Thank you very much for any help.
------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:29 PM, on 2/28/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Classic PDF Editor\PDFVPrinter.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\8.6\searchmeToolbarIE.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O3 - Toolbar: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\8.6\searchmeToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [Snap] C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files\Classic PDF Editor\PDFVPrinter.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [SacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
O4 - HKCU\..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Block frame with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher -
http://www.admuncher.com/request_wil...d=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher -
http://www.admuncher.com/request_wil...enu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers -
http://www.admuncher.com/request_wil...menu_ie_report
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CFUACProxy_officeguardianv2 - Storage Appliance Corp. - C:\ProgramData\OfficeGuardianV2\UACProxy.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\STacSV.exe
--
End of file - 11676 bytes
------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518
Run by Owner at 20:12:21 on 2014-02-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1450 [GMT -8:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\OfficeGuardianV2\UACProxy.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\STacSV.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Classic PDF Editor\PDFVPrinter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SearchMe Toolbar: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - c:\program files\searchme toolbar\ie\8.6\searchmeToolbarIE.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: SearchMe Toolbar: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - c:\program files\searchme toolbar\ie\8.6\searchmeToolbarIE.dll
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ShowBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" show
uRun: [SacReminderHDDV2] c:\programdata\officeguardianv2\reminder\SacReminder.exe
uRun: [StartNow Search Protect] "c:\program files\startnow toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [Snap] c:\program files\usb 2.0 pc camera\Camera Snap.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [SearchProtection] c:\programdata\search protection\_run.bat
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [PDFVPrinter] c:\program files\classic pdf editor\PDFVPrinter.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\o nenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block frame with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_frame
IE: Block image with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_image
IE: Block link with Ad Muncher -
http://www.admuncher.com/request_wil...d=menu_ie_link
IE: Don't filter page with Ad Muncher -
http://www.admuncher.com/request_wil...enu_ie_exclude
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Report page to the Ad Muncher developers -
http://www.admuncher.com/request_wil...menu_ie_report
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 168.150.253.2 168.150.253.1 75.101.19.192
TCP: Interfaces\{88B56E80-767A-411C-805B-E6E5627351EF} : DHCPNameServer = 168.150.253.2 168.150.253.1 192.168.1.1
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF} : DHCPNameServer = 168.150.253.2 168.150.253.1 75.101.19.192
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\2375942554736393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\34963736F66303030353 : DHCPNameServer = 168.150.253.2 168.150.253.1
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\356484F4354554C4 : DHCPNameServer = 208.201.224.11 208.201.224.33 4.2.2.2
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\966496870254C656364727F6E6963637 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\0cazx7f7.default-1385247547231\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-19 13560]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutra l_24288096a5cd99f6\AEstSrv.exe [2011-3-7 73728]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\offi ceguardianv2\UACProxy.exe [2011-12-24 83792]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-19 1153368]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-19 43368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-12 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-1 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 usbcamcl;Driver for usbcamcl Device;c:\windows\system32\drivers\usbcamcl.sys [2011-8-18 28416]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-26 12:12:49 -------- d-----w- c:\windows\Migration
2014-02-13 06:14:17 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 21:51:55 -------- d-----w- c:\program files\McAfee Security Scan
2014-02-12 15:59:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 15:59:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 15:59:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 15:59:08 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 15:58:59 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 15:58:58 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 15:58:57 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 15:58:55 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 15:58:54 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 15:58:53 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 15:58:53 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-12 15:58:52 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 15:58:52 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
.
==================== Find3M ====================
.
2014-02-21 01:12:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 01:12:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 20:18:14.25 ===============
------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/7/2011 5:45:16 PM
System Uptime: 2/28/2014 7:03:53 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | Microprocessor | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 73.957 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP297: 2/12/2014 10:12:38 PM - Windows Update
RP298: 2/20/2014 1:17:31 PM - Scheduled Checkpoint
RP299: 2/26/2014 4:03:59 AM - Windows Update
RP300: 2/27/2014 9:43:26 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware Antivirus
Ad-Aware Security Add-on
Ad Muncher v4.91 Build 32562
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.5)
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
BatteryBar (remove only)
Bonjour
Cisco Connect
Classic PDF Editor 12.0
CoffeeCup HTML Editor
CuteFTP 8 Home
Dell Touchpad
DHTML Editing Component
Document Express DjVu Plug-in
Eraser 6.0.10.2620
FileZilla Client 3.5.3
GIMP 2.6.12
Google Chrome
Google Earth Plug-in
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
K-Lite Mega Codec Pack 5.7.0
Macromedia Dreamweaver MX
Macromedia Extension Manager
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.9)
Notepad++
NoteTab Light 6 (Remove only)
Paint Shop Pro 6.02 EVAL
Picasa 3
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SearchMe Toolbar v8.6
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
SigmaTel Audio
Skype Click to Call
Skype 6.0
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 PC CAMERA
VLC media player 1.0.5
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/27/2014 5:01:13 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
2/27/2014 10:59:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/23/2014 6:18:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
------------------------------------------------------------------------------------------
GMER 2.1.19357 -
http://www.gmer.net
Rootkit scan 2014-02-28 20:45:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS542516K9SA00 rev.BBCOC32P 149.05GB
Running: 1jos37o3.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E78A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB2212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!WSASend 77A44406 6 Bytes JMP 719A0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!GetAddrInfoW 77A44889 6 Bytes JMP 71AF0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!FreeAddrInfoW 77A44B1B 6 Bytes JMP 71A90F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!recv 77A46B0E 6 Bytes JMP 719D0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!send 77A46F01 6 Bytes JMP 71A00F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!WSARecv 77A47089 6 Bytes JMP 71970F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!WSAGetOverlappedResult 77A47489 6 Bytes JMP 71940F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!GetAddrInfoExW 77A4D1EA 6 Bytes JMP 71A60F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!FreeAddrInfoEx 77A4E14D 6 Bytes JMP 71A30F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, 5C, 01, 01] {SUB [ECX+EAX+0x1], BL}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, 5F, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, 5C, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, 5D, 01, 01] {TEST AL, 0x5d; ADD [ECX], EAX}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, 5E, 01, 01] {TEST AL, 0x5e; ADD [ECX], EAX}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, 5D, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, 5E, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, 5C, 01, 01] {TEST AL, 0x5c; ADD [ECX], EAX}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, 5D, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, 5E, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, 5F, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!WSASend 77A44406 6 Bytes JMP 719A0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!GetAddrInfoW 77A44889 6 Bytes JMP 71AF0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!FreeAddrInfoW 77A44B1B 6 Bytes JMP 71A90F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!recv 77A46B0E 6 Bytes JMP 719D0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!send 77A46F01 6 Bytes JMP 71A00F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!WSARecv 77A47089 6 Bytes JMP 71970F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!WSAGetOverlappedResult 77A47489 6 Bytes JMP 71940F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!GetAddrInfoExW 77A4D1EA 6 Bytes JMP 71A60F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!FreeAddrInfoEx 77A4E14D 6 Bytes JMP 71A30F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, A8, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, AB, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, A8, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, A9, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, AA, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, A9, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, AA, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, A8, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, A9, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, AA, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, AB, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, 00, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + 6 77945C6E 1 Byte [28]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, 03, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, 00, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, 01, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, 02, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, 01, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, 02, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, 00, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, 01, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, 02, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 1 Byte [68]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, 03, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, F4, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, F7, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, F4, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, F5, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, F6, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, F5, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, F6, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, F4, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, F5, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, F6, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, F7, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, 7C, 8A, 00] {SUB [EDX+ECX*4+0x0], BH}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, 7F, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, 7C, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, 7D, 8A, 00] {TEST AL, 0x7d; MOV AL, [EAX]}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, 7E, 8A, 00] {TEST AL, 0x7e; MOV AL, [EAX]}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, 7D, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, 7E, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, 7C, 8A, 00] {TEST AL, 0x7c; MOV AL, [EAX]}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, 7D, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, 7E, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, 7F, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
Device \Driver\gfiark \Device\GFIARK 9AB9E992
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}
Reg HKLM\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}@ 0x4D 0x35 0x29 0xB5 ...
Reg HKLM\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}
Reg HKLM\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}@ 0xD9 0x59 0x3D 0xB5 ...
Reg HKLM\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}
Reg HKLM\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}@ 0xDD 0x26 0x9C 0xB3 ...
Reg HKLM\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}
Reg HKLM\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}@ 0xDF 0x7B 0x65 0xB5 ...
---- EOF - GMER 2.1 ----