Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:01:57 PM, on 9/16/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Gordon\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Gordon\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Gordon\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Gordon\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\XviD\CheckUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Gordon\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Download video on this page - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300
O8 - Extra context menu item: Download video this links to - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/301
O9 - Extra button: Dashlane Button - {40354A83-504E-4611-ACAE-3D137F6F595E} - C:\Users\Gordon\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O9 - Extra button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 (file missing)
O9 - Extra 'Tools' menuitem: Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
--
End of file - 9262 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Gordon at 13:02:52 on 2013-09-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3318.1317 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Gordon\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\Gordon\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - c:\users\gordon\appdata\roaming\dashlane\ie\Dashlanei.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\users\gordon\appdata\roaming\dashlane\ie\KWIEBar.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\gordon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Dashlane] "c:\users\gordon\appdata\roaming\dashlane\Dashlane.exe" autoLaunchAtStartup
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\gordon\appdata\roaming\micros~1\windows\startm~1\programs\startup\ openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download video on this page - c:\program files\tomabo\youtube video downloader\YVD_IE.dll/300
IE: Download video this links to - c:\program files\tomabo\youtube video downloader\YVD_IE.dll/301
IE: {40354A83-504E-4611-ACAE-3D137F6F595E} - {40354A83-504E-4611-ACAE-3D137F6F595E} - c:\users\gordon\appdata\roaming\dashlane\ie\Dashlanei.dll
IE: {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - c:\program files\tomabo\youtube video downloader\YVD_IE.dll/300
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{06EB4DDC-2871-400A-8EF5-C04503E69310} : DHCPNameServer = 10.0.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\ao7bauom.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\gordon\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\ao7bauom.default\e xtensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\ao7bauom.default\e xtensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-5-9 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-5-9 42120]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-5-9 17032]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-5-9 187016]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2010-6-29 127488]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2012-5-9 70280]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-5-9 24712]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-5-27 2655768]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-6-8 343592]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-27 41088]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-10 1025352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-14 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
.
=============== Created Last 30 ================
.
2013-09-16 17:00:01 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a57b436d-e6b1-4930-b50a-4dd9620c5961}\mpengine.dll
2013-09-12 02:18:42 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-10 06:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-06 09:07:48 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0045ebf6-e109-4922-8dff-6a03b5a43be9}\gapaengine.dll
2013-09-05 06:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
==================== Find3M ====================
.
2013-09-10 19:31:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 19:31:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-15 07:12:12 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-10 03:59:10 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03:07 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-20 06:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03:34 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52:10 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50:42 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05:35 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-22 22:09:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 22:09:19 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 22:09:19 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:03:15.79 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/27/2011 3:44:14 PM
System Uptime: 9/16/2013 11:48:11 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 213.265 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 135.866 GiB free.
G: is FIXED (NTFS) - 149 GiB total, 26.477 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP414: 9/12/2013 1:00:25 AM - Windows Backup
RP415: 9/12/2013 3:00:14 AM - Windows Update
RP416: 9/16/2013 11:59:13 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Amazon MP3 Downloader 1.0.12
Amazon Send to Kindle
AnswerWorks 5.0 English Runtime
Any Video Converter 5.0.7
AVG 2013
AVG Security Toolbar
Broadcom NetXtreme-I Netlink Driver and Management Installer
Canon MP Navigator EX 2.0
Canon MP240 series MP Drivers
Canon MP240 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDRoller version 7.70
Dashlane
EaseUS Todo Backup Free 4.5
Google Chrome
GoToAssist 8.0.0.514
Inkjet Printer/Scanner Extended Survey Program
Intel(R) Management Engine Components
Java 7 Update 25
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
OpenOffice.org 3.3
Quicken 2011
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SumatraPDF
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
uTorrentControl_v2 Toolbar
uTorrentControl2 Toolbar
VLC media player 2.0.6
WinRAR 4.00 (32-bit)
Xvid Video Codec
XviD Video Codec (remove only)
YouTube Video Downloader 3
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 7:53:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
9/9/2013 11:53:37 PM, Error: volsnap [35] - The shadow copies of volume E: were aborted because the shadow copy storage failed to grow.
9/13/2013 12:59:13 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/13/2013 12:55:55 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
9/10/2013 8:57:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-16 13:46:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320413AS rev.JC45 298.09GB
Running: gmer.exe; Driver: C:\Users\Gordon\AppData\Local\Temp\uxdiapob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x919D85D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x919D8700]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x919D8010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x919D8300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x919D83E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x919D8120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x919D8210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x919D84D0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A51A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8B212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82A926EC 8 Bytes [D0, 85, 9D, 91, 00, 87, 9D, ...] {ROL BYTE [EBP-0x78ff6e63], 0x1; POPF ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82A92734 4 Bytes [10, 80, 9D, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82A929F4 8 Bytes [00, 83, 9D, 91, E0, 83, 9D, ...] {ADD [EBX-0x7c1f6e63], AL; POPF ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82A92A04 8 Bytes [20, 81, 9D, 91, 10, 82, 9D, ...] {AND [ECX-0x7def6e63], AL; POPF ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82A92A78 4 Bytes [D0, 84, 9D, 91]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92E0A000, 0x38CD55, 0xE8000020]
? C:\Users\Gordon\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 20, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 23, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 20, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 21, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76322D04 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 22, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 21, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 22, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76322D95 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 20, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 76322F53 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 21, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 22, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 23, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueExA 768A14B3 5 Bytes JMP 5F40BE40 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueExW 768A14D6 5 Bytes JMP 5F40BF50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueW 768BA68A 5 Bytes JMP 5F40BC50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueA 768F0E41 5 Bytes JMP 5F40BB50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!CreateDialogParamA 751E1F42 5 Bytes JMP 5F40C3D0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!TrackPopupMenu 751E2228 5 Bytes JMP 5F40B2D0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!TrackPopupMenuEx 751F4832 5 Bytes JMP 5F40B400 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!CreateDialogParamW 751F5630 5 Bytes JMP 5F40C2A0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 98, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 9B, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 98, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 99, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76321E7C C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 9A, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 99, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 9A, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76321F0D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 98, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 763220CB C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 99, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 9A, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 9B, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes CALL 5A3056AC
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, EB, 99, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes CALL 5A305DBC
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes JMP 5A305E6C
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631F7CC C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes JMP E2FF0099
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes JMP 5A305EEC
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes JMP E2FF0099
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631F85D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes CALL 5A30601C
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631FA1B C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes JMP 5A30671C
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes JMP E2FF0099
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, EB, 99, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, EC, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, EF, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, EC, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, ED, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631B2D0 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, EE, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, ED, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, EE, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631B361 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, EC, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631B51F C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, ED, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, EE, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, EF, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] advapi32.DLL!RegSetValueExA 768A14B3 5 Bytes JMP 5F40BE40 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] advapi32.DLL!RegSetValueExW 768A14D6 5 Bytes JMP 5F40BF50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] user32.DLL!TrackPopupMenu 751E2228 5 Bytes JMP 0728A180 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\tbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] user32.DLL!TrackPopupMenuEx 751F4832 5 Bytes JMP 0728A2B0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\tbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] shell32.DLL!RealDriveType + 173D 7583FE30 4 Bytes [E5, 36, 93, 60] {IN EAX, 0x36; XCHG EBX, EAX; PUSHA }
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] shell32.DLL!RealDriveType + 1745 7583FE38 8 Bytes [1B, 57, 93, 60, A7, 83, 94, ...]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, B4, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, B7, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, B4, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, B5, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76320898 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, B6, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, B5, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, B6, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76320929 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, B4, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 76320AE7 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, B5, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, B6, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, B7, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 00, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + 6 77315C6E 1 Byte [28]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 03, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 00, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 01, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631F9E4 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 02, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 01, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 02, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631FA75 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 00, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631FC33 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 01, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 02, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 1 Byte [68]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 03, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, DC, E0, 00] {SUB AH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, DF, E0, 00] {SUB BH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, DC, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, DD, E0, 00] {TEST AL, 0xdd; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76323EC0 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, DE, E0, 00] {TEST AL, 0xde; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, DD, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, DE, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76323F51 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, DC, E0, 00] {TEST AL, 0xdc; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7632410F C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, DD, E0, 00] {SUB CH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, DE, E0, 00] {SUB DH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, DF, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 70, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 73, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 70, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 71, 8E, 00] {TEST AL, 0x71; MOV ES, [EAX]}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631EC54 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 72, 8E, 00] {TEST AL, 0x72; MOV ES, [EAX]}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 71, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 72, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631ECE5 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 70, 8E, 00] {TEST AL, 0x70; MOV ES, [EAX]}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631EEA3 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 71, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 72, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 73, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, F8, 84, 00] {SUB AL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, FB, 84, 00] {SUB BL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, F8, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, F9, 84, 00] {TEST AL, 0xf9; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631E2DC C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, FA, 84, 00] {TEST AL, 0xfa; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, F9, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, FA, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631E36D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, F8, 84, 00] {TEST AL, 0xf8; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631E52B C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, F9, 84, 00] {SUB CL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, FA, 84, 00] {SUB DL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, FB, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 60, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 63, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 60, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 61, E1, 00] {TEST AL, 0x61; LOOPZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76323F44 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 62, E1, 00] {TEST AL, 0x62; LOOPZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 61, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 62, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76323FD5 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 60, E1, 00] {TEST AL, 0x60; LOOPZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 76324193 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 61, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 62, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 63, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, A8, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, AB, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, A8, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, A9, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631AD8C C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, AA, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, A9, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, AA, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631AE1D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, A8, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631AFDB C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, A9, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, AA, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, AB, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 EUBKMON.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 EUBKMON.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 EUBKMON.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 EUBKMON.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 EUBKMON.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 EUBKMON.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 EUBKMON.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 EUBKMON.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
---- EOF - GMER 2.1 ----
Scan saved at 1:01:57 PM, on 9/16/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Gordon\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Gordon\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Gordon\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Gordon\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\XviD\CheckUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Gordon\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Download video on this page - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300
O8 - Extra context menu item: Download video this links to - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/301
O9 - Extra button: Dashlane Button - {40354A83-504E-4611-ACAE-3D137F6F595E} - C:\Users\Gordon\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O9 - Extra button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 (file missing)
O9 - Extra 'Tools' menuitem: Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
--
End of file - 9262 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Gordon at 13:02:52 on 2013-09-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3318.1317 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Gordon\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\Gordon\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - c:\users\gordon\appdata\roaming\dashlane\ie\Dashlanei.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\users\gordon\appdata\roaming\dashlane\ie\KWIEBar.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\gordon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Dashlane] "c:\users\gordon\appdata\roaming\dashlane\Dashlane.exe" autoLaunchAtStartup
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\gordon\appdata\roaming\micros~1\windows\startm~1\programs\startup\ openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download video on this page - c:\program files\tomabo\youtube video downloader\YVD_IE.dll/300
IE: Download video this links to - c:\program files\tomabo\youtube video downloader\YVD_IE.dll/301
IE: {40354A83-504E-4611-ACAE-3D137F6F595E} - {40354A83-504E-4611-ACAE-3D137F6F595E} - c:\users\gordon\appdata\roaming\dashlane\ie\Dashlanei.dll
IE: {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - c:\program files\tomabo\youtube video downloader\YVD_IE.dll/300
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{06EB4DDC-2871-400A-8EF5-C04503E69310} : DHCPNameServer = 10.0.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\ao7bauom.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\gordon\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\ao7bauom.default\e xtensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\ao7bauom.default\e xtensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-5-9 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-5-9 42120]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-5-9 17032]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-5-9 187016]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2010-6-29 127488]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2012-5-9 70280]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-5-9 24712]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-5-27 2655768]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-6-8 343592]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-27 41088]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-10 1025352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-14 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
.
=============== Created Last 30 ================
.
2013-09-16 17:00:01 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a57b436d-e6b1-4930-b50a-4dd9620c5961}\mpengine.dll
2013-09-12 02:18:42 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-10 06:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-06 09:07:48 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0045ebf6-e109-4922-8dff-6a03b5a43be9}\gapaengine.dll
2013-09-05 06:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
==================== Find3M ====================
.
2013-09-10 19:31:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 19:31:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-15 07:12:12 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-10 03:59:10 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03:07 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-20 06:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03:34 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52:10 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50:42 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05:35 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-22 22:09:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 22:09:19 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 22:09:19 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:03:15.79 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/27/2011 3:44:14 PM
System Uptime: 9/16/2013 11:48:11 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 213.265 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 135.866 GiB free.
G: is FIXED (NTFS) - 149 GiB total, 26.477 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP414: 9/12/2013 1:00:25 AM - Windows Backup
RP415: 9/12/2013 3:00:14 AM - Windows Update
RP416: 9/16/2013 11:59:13 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Amazon MP3 Downloader 1.0.12
Amazon Send to Kindle
AnswerWorks 5.0 English Runtime
Any Video Converter 5.0.7
AVG 2013
AVG Security Toolbar
Broadcom NetXtreme-I Netlink Driver and Management Installer
Canon MP Navigator EX 2.0
Canon MP240 series MP Drivers
Canon MP240 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDRoller version 7.70
Dashlane
EaseUS Todo Backup Free 4.5
Google Chrome
GoToAssist 8.0.0.514
Inkjet Printer/Scanner Extended Survey Program
Intel(R) Management Engine Components
Java 7 Update 25
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
OpenOffice.org 3.3
Quicken 2011
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SumatraPDF
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
uTorrentControl_v2 Toolbar
uTorrentControl2 Toolbar
VLC media player 2.0.6
WinRAR 4.00 (32-bit)
Xvid Video Codec
XviD Video Codec (remove only)
YouTube Video Downloader 3
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 7:53:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
9/9/2013 11:53:37 PM, Error: volsnap [35] - The shadow copies of volume E: were aborted because the shadow copy storage failed to grow.
9/13/2013 12:59:13 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/13/2013 12:55:55 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
9/10/2013 8:57:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-16 13:46:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320413AS rev.JC45 298.09GB
Running: gmer.exe; Driver: C:\Users\Gordon\AppData\Local\Temp\uxdiapob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x919D85D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x919D8700]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x919D8010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x919D8300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x919D83E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x919D8120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x919D8210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x919D84D0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A51A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8B212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82A926EC 8 Bytes [D0, 85, 9D, 91, 00, 87, 9D, ...] {ROL BYTE [EBP-0x78ff6e63], 0x1; POPF ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82A92734 4 Bytes [10, 80, 9D, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82A929F4 8 Bytes [00, 83, 9D, 91, E0, 83, 9D, ...] {ADD [EBX-0x7c1f6e63], AL; POPF ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82A92A04 8 Bytes [20, 81, 9D, 91, 10, 82, 9D, ...] {AND [ECX-0x7def6e63], AL; POPF ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82A92A78 4 Bytes [D0, 84, 9D, 91]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92E0A000, 0x38CD55, 0xE8000020]
? C:\Users\Gordon\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 20, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 23, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 20, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 21, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76322D04 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 22, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 21, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 22, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76322D95 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 20, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 76322F53 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 21, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 22, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 23, CF, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[2320] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueExA 768A14B3 5 Bytes JMP 5F40BE40 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueExW 768A14D6 5 Bytes JMP 5F40BF50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueW 768BA68A 5 Bytes JMP 5F40BC50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] advapi32.DLL!RegSetValueA 768F0E41 5 Bytes JMP 5F40BB50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!CreateDialogParamA 751E1F42 5 Bytes JMP 5F40C3D0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!TrackPopupMenu 751E2228 5 Bytes JMP 5F40B2D0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!TrackPopupMenuEx 751F4832 5 Bytes JMP 5F40B400 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] user32.DLL!CreateDialogParamW 751F5630 5 Bytes JMP 5F40C2A0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 98, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 9B, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 98, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 99, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76321E7C C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 9A, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 99, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 9A, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76321F0D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 98, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 763220CB C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 99, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 9A, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 9B, C0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes CALL 5A3056AC
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, EB, 99, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes CALL 5A305DBC
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes JMP 5A305E6C
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631F7CC C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes JMP E2FF0099
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes JMP 5A305EEC
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes JMP E2FF0099
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631F85D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes CALL 5A30601C
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631FA1B C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes JMP 5A30671C
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes JMP E2FF0099
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, EB, 99, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, EC, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, EF, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, EC, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, ED, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631B2D0 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, EE, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, ED, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, EE, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631B361 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, EC, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631B51F C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, ED, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, EE, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, EF, 54, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] advapi32.DLL!RegSetValueExA 768A14B3 5 Bytes JMP 5F40BE40 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] advapi32.DLL!RegSetValueExW 768A14D6 5 Bytes JMP 5F40BF50 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] user32.DLL!TrackPopupMenu 751E2228 5 Bytes JMP 0728A180 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\tbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] user32.DLL!TrackPopupMenuEx 751F4832 5 Bytes JMP 0728A2B0 C:\Users\Gordon\AppData\LocalLow\uTorrentControl_v2\tbuTo0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] shell32.DLL!RealDriveType + 173D 7583FE30 4 Bytes [E5, 36, 93, 60] {IN EAX, 0x36; XCHG EBX, EAX; PUSHA }
.text C:\Program Files\Internet Explorer\iexplore.exe[4284] shell32.DLL!RealDriveType + 1745 7583FE38 8 Bytes [1B, 57, 93, 60, A7, 83, 94, ...]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, B4, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, B7, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, B4, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, B5, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76320898 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, B6, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, B5, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, B6, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76320929 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, B4, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 76320AE7 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, B5, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, B6, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, B7, AA, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 00, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + 6 77315C6E 1 Byte [28]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 03, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 00, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 01, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631F9E4 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 02, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 01, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 02, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631FA75 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 00, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631FC33 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 01, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 02, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 1 Byte [68]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 03, 9C, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4588] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, DC, E0, 00] {SUB AH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, DF, E0, 00] {SUB BH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, DC, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, DD, E0, 00] {TEST AL, 0xdd; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76323EC0 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, DE, E0, 00] {TEST AL, 0xde; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, DD, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, DE, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76323F51 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, DC, E0, 00] {TEST AL, 0xdc; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7632410F C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, DD, E0, 00] {SUB CH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, DE, E0, 00] {SUB DH, BL; LOOPNZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, DF, E0, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4676] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 70, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 73, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 70, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 71, 8E, 00] {TEST AL, 0x71; MOV ES, [EAX]}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631EC54 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 72, 8E, 00] {TEST AL, 0x72; MOV ES, [EAX]}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 71, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 72, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631ECE5 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 70, 8E, 00] {TEST AL, 0x70; MOV ES, [EAX]}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631EEA3 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 71, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 72, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 73, 8E, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[4984] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, F8, 84, 00] {SUB AL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, FB, 84, 00] {SUB BL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, F8, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, F9, 84, 00] {TEST AL, 0xf9; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631E2DC C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, FA, 84, 00] {TEST AL, 0xfa; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, F9, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, FA, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631E36D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, F8, 84, 00] {TEST AL, 0xf8; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631E52B C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, F9, 84, 00] {SUB CL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, FA, 84, 00] {SUB DL, BH; TEST [EAX], AL}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, FB, 84, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, 60, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, 63, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, 60, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, 61, E1, 00] {TEST AL, 0x61; LOOPZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 76323F44 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, 62, E1, 00] {TEST AL, 0x62; LOOPZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, 61, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, 62, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 76323FD5 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, 60, E1, 00] {TEST AL, 0x60; LOOPZ 0x4}
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 76324193 C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, 61, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, 62, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, 63, E1, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5604] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + 6 7731560E 4 Bytes [28, A8, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + B 77315613 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + 6 77315C6E 4 Bytes [28, AB, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + B 77315C73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + 6 77315D1E 4 Bytes [68, A8, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + B 77315D23 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + 6 77315DCE 4 Bytes [A8, A9, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + B 77315DD3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessToken + 6 77315DDE 4 Bytes CALL 7631AD8C C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessToken + B 77315DE3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + 6 77315DEE 4 Bytes [A8, AA, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + B 77315DF3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + 6 77315E4E 4 Bytes [68, A9, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + B 77315E53 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + 6 77315E5E 4 Bytes [68, AA, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + B 77315E63 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadTokenEx + 6 77315E6E 4 Bytes CALL 7631AE1D C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadTokenEx + B 77315E73 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + 6 77315F7E 4 Bytes [A8, A8, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + B 77315F83 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryFullAttributesFile + 6 7731602E 4 Bytes CALL 7631AFDB C:\Windows\system32\SHELL32.dll
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryFullAttributesFile + B 77316033 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + 6 7731667E 4 Bytes [28, A9, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + B 77316683 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + 6 773166DE 4 Bytes [28, AA, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + B 773166E3 1 Byte [E2]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + 6 773169FE 4 Bytes [68, AB, 4F, 00]
.text C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + B 77316A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 EUBKMON.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 EUBKMON.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 EUBKMON.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 EUBKMON.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 EUBKMON.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 EUBKMON.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 EUBKMON.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 EUBKMON.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
---- EOF - GMER 2.1 ----