HijackThis! log blank?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

akosiyaji

Thread Starter
Joined
Jan 21, 2013
Messages
1
Hi guys, my computer's been lagging at the splash screen (i have an Acer with D270 windows 7 starter) and i already used AdAware and Spybot as advised. thing is i get a blank notepad file after i run the hijackthis! scan. i also tried uninstalling and reinstalling but no luck. here are the required logs btw:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz, x64 Family 6 Model 54 Stepping 1
Processor Count: 4
RAM: 2036 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3600 Series, 5 Mb
Hard Drives: C: Total - 413524 MB, Free - 280067 MB; D: Total - 49998 MB, Free - 30417 MB;
Motherboard: Acer, JE01_CT
Antivirus: Lavasoft Ad-Aware, Disabled

---
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by user at 2:26:41 on 2013-01-22
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2036.849 [GMT 8:00]
.
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\SMART BRO\AssistantServices.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\RunDll32.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://rappler.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uProxyServer = dormproxy.upd.edu.ph:8080
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\users\user\appdata\local\start\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\user\appdata\local\start\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.32.1.7 10.16.3.143
TCP: Interfaces\{3898E550-498E-4A3E-BC57-E9EB4FDC9CC4} : NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{94E7F0D6-B672-4BF9-B7F3-D2B0ADEEC807} : NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{9C45312E-0086-4E5E-9DB6-D5084410CC60} : NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8} : DHCPNameServer = 10.32.1.7 10.16.3.143
TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8}\254534024303 : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8}\4494C4E4544533 : DHCPNameServer = 202.92.128.249 202.92.128.248
TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8}\D457378627F6F6D626572776562702B41647960757E616E6 : DHCPNameServer = 192.168.11.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\hyqhj0cd.default\
FF - prefs.js: browser.startup.homepage - hxxp://interaksyon.com/
FF - prefs.js: network.proxy.ftp - dormproxy.upd.edu.ph
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - dormproxy.upd.edu.ph
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - dormproxy.upd.edu.ph
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - dormproxy.upd.edu.ph
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-07 09:00; [email protected]; c:\users\user\appdata\roaming\mozilla\firefox\profiles\hyqhj0cd.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-7 13560]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2012-1-3 21600]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2012-1-3 16936]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2012-1-3 62240]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-5-13 249648]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2012-1-3 353360]
R2 ePowerSvc;ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2012-2-21 739944]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2011-5-30 36456]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\hwdeviceservice.exe -/service --> c:\programdata\datacardservice\HWDeviceService.exe -/service [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-1-3 13336]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-2-21 1755136]
R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2012-1-3 255376]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-2 2057560]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2012-1-3 260640]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-3 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-3 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-3 168384]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 UI Assistant Service;UI Assistant Service;c:\program files\smart bro\AssistantServices.exe [2012-7-30 269648]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-12-22 72576]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-1-6 1338368]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-1-6 418816]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-1-6 278528]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-2-21 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-3 490088]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\globe tattoo broadband\updatedog\ouc.exe [2012-12-22 218624]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-6-8 191752]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-2-21 525352]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-2-21 76328]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-21 33832]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-12-22 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-12-22 208896]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-7-30 9216]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2012-7-30 107776]
S4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2011-6-22 173424]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-21 18:11:50 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-21 16:44:17 -------- d-----w- c:\program files\Trend Micro
2013-01-15 16:57:59 -------- d-----r- c:\users\user\Dropbox
2013-01-13 12:49:36 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-13 12:48:50 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-13 12:37:43 46592 ----a-w- c:\windows\system32\fpb.rs
2013-01-13 08:56:20 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-13 08:47:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-13 07:15:25 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-12 20:21:10 0 ----a-w- c:\windows\system32\sho3E5D.tmp
2013-01-12 16:54:49 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-07 02:12:22 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-01-07 01:12:41 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-01-07 01:11:37 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations
2013-01-07 01:11:03 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-01-07 01:11:03 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-07 01:00:23 -------- d-----w- c:\programdata\blekko toolbars
2013-01-07 01:00:21 -------- d-----w- c:\users\user\appdata\local\adawarebp
2013-01-07 01:00:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-01-07 01:00:10 -------- d-----w- c:\program files\adawaretb
2013-01-07 01:00:07 -------- d-----w- c:\program files\Toolbar Cleaner
2013-01-03 07:49:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-03 07:49:36 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-03 07:49:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-03 07:49:08 -------- d-----w- c:\users\user\appdata\local\Programs
2013-01-03 05:47:34 -------- d-----w- c:\users\user\appdata\roaming\LavasoftStatistics
2013-01-03 05:43:13 -------- d-----w- c:\users\user\appdata\roaming\Ad-Aware Antivirus
2013-01-01 17:21:39 -------- d-----w- c:\users\user\appdata\roaming\AVG
2013-01-01 17:20:43 -------- d-----w- c:\programdata\AVG
2013-01-01 17:20:17 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-01 13:52:56 -------- d-----w- c:\users\user\appdata\roaming\AVG2013
2013-01-01 13:51:49 -------- d-----w- c:\users\user\appdata\roaming\TuneUp Software
2013-01-01 13:50:56 -------- d-----w- c:\programdata\AVG2013
2012-12-31 11:45:42 -------- d-----w- c:\program files\Foxit Software
2012-12-29 14:50:11 64392 ---ha-w- c:\windows\system32\drivers\PROCMON23.SYS
2012-12-29 11:59:45 -------- d-----w- c:\users\user\appdata\local\MFAData
2012-12-29 11:59:45 -------- d-----w- c:\users\user\appdata\local\Avg2013
2012-12-29 11:59:45 -------- d-----w- c:\programdata\MFAData
2012-12-29 08:00:50 -------- d-----w- c:\program files\Aurora
2012-12-29 02:48:53 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a540601a-3ec6-4165-b140-2834ebe9ae4e}\mpengine.dll
2012-12-28 09:25:46 -------- d-----w- c:\users\user\appdata\roaming\WildTangent
2012-12-24 12:52:21 -------- d-----w- C:\games
2012-12-22 21:55:07 -------- d-----w- c:\users\user\appdata\roaming\aliasworlds
2012-12-22 21:55:07 -------- d-----w- c:\programdata\aliasworlds
.
==================== Find3M ====================
.
2013-01-13 08:46:55 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-13 08:46:55 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-20 07:20:00 0 ----a-w- c:\windows\system32\shoEF14.tmp
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-09 21:10:54 0 ----a-w- c:\windows\system32\sho75DD.tmp
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:49:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-02 04:49:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-02 04:49:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 2:27:56.64 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2012 4:38:39 PM
System Uptime: 1/21/2013 11:27:21 PM (3 hours ago)
.
Motherboard: Acer | | JE01_CT
Processor: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz | CPU | 1061/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 404 GiB total, 273.499 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 29.704 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&28FEC276&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&28FEC276&0&1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
µTorrent
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader X (10.1.0) MUI
Adobe Reader X (10.1.1)
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Widget Browser
Adobe XMP Panels CS4
Akhra: The Treasures
Alice's Magical Mahjong
Apple Software Update
Bejeweled 3
Bing Bar
Chuzzle Deluxe
D3DX10
Diego's Ultimate Rescue
Dropbox
eBay Worldwide
Evernote v. 4.5.1
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Fotogalerija Windows Live
Foxit Reader
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GameHouse Super Games AIO®
Globe Tattoo Broadband
Google Chrome
Google Drive
Google Update Helper
HiJackThis
HP Deskjet Ink Adv 2060 K110 Basic Device Software
Identity Card
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java 7 Update 9
Java Auto Updater
Java SE Development Kit 7 Update 4
JavaFX 2.1.1
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC90_x86
MSVCRT
My Farm Life
My Kingdom for the Princess 3
MyWinLocker 4
MyWinLocker Suite
newsXpresso
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Online Backup
OpenOffice.org 3.2
PC Connectivity Solution
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Running Sheep
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shredder
Skip-Bo - Castaway Caper
Skype™ 5.10
Slingo Deluxe
SMART BRO
Spybot - Search & Destroy
Suite Shared Configuration CS4
Super Granny 6
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
USB Disk Security
VLC media player 0.9.8a
Wedding Dash
Welcome Center
WIDCOMM Bluetooth Software
WildTangent Games App
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.20 beta 3 (32-bit)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
1/22/2013 12:44:20 AM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.224 did not allow the name to be claimed by this computer.
1/22/2013 12:41:00 AM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.36 did not allow the name to be claimed by this computer.
1/22/2013 1:57:20 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/21/2013 9:43:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/21/2013 9:43:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
1/21/2013 9:43:27 PM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 9:13:43 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.204.91 did not allow the name to be claimed by this computer.
1/21/2013 8:57:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
1/21/2013 8:57:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2013 8:56:08 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A010B64B-0F2B-456E-AC17-084D3C89B7E8} because another computer on the network has the same name. The server could not start.
1/21/2013 8:56:08 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.179 did not allow the name to be claimed by this computer.
1/21/2013 8:56:02 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.179 did not allow the name to be claimed by this computer.
1/21/2013 4:48:51 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/21/2013 1:11:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/20/2013 6:24:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.
1/20/2013 1:19:43 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.204.91 did not allow the name to be claimed by this computer.
1/19/2013 2:01:23 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.83 did not allow the name to be claimed by this computer.
1/19/2013 2:01:23 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.83 did not allow the name to be claimed by this computer.
1/19/2013 12:08:54 AM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.36 did not allow the name to be claimed by this computer.
1/17/2013 7:59:55 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/16/2013 7:31:34 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.204.55. The computer with the IP address 10.33.205.83 did not allow the name to be claimed by this computer.
1/16/2013 6:38:05 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
1/16/2013 5:53:02 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 172.16.3.227. The computer with the IP address 172.16.3.166 did not allow the name to be claimed by this computer.
1/16/2013 11:40:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
1/16/2013 10:43:37 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.204.55. The computer with the IP address 10.33.205.36 did not allow the name to be claimed by this computer.
1/15/2013 7:32:19 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-22 02:43:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0 465.76GB
Running: pzk9fwyf.exe; Driver: C:\Users\user\AppData\Local\Temp\kwldapob.sys


---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82292A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822CC4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\user\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 54, 52, 00] {SUB [EDX+EDX*2+0x0], DL}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 57, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 54, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 55, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 56, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 55, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 56, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 54, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 55, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 56, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 57, 52, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!WSASend 76194406 6 Bytes JMP 719A0F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!GetAddrInfoW 76194889 6 Bytes JMP 71AF0F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!FreeAddrInfoW 76194B1B 6 Bytes JMP 71A90F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!recv 76196B0E 6 Bytes JMP 719D0F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!send 76196F01 6 Bytes JMP 71A00F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!WSARecv 76197089 6 Bytes JMP 71970F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!WSAGetOverlappedResult 76197489 6 Bytes JMP 71940F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!GetAddrInfoExW 7619D1EA 6 Bytes JMP 71A60F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!FreeAddrInfoEx 7619E14D 6 Bytes JMP 71A30F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 58, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 5B, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 58, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 59, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 5A, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 59, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 5A, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 58, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 59, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 5A, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 5B, C7, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 6C, 32, 00] {SUB [EDX+ESI+0x0], CH}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 6F, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 6C, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 6D, 32, 00] {TEST AL, 0x6d; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 6E, 32, 00] {TEST AL, 0x6e; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 6D, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 6E, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 6C, 32, 00] {TEST AL, 0x6c; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 6D, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 6E, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 6F, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSASend 76194406 6 Bytes JMP 719A0F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!GetAddrInfoW 76194889 6 Bytes JMP 71AF0F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!FreeAddrInfoW 76194B1B 6 Bytes JMP 71A90F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!recv 76196B0E 6 Bytes JMP 719D0F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!send 76196F01 6 Bytes JMP 71A00F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSARecv 76197089 6 Bytes JMP 71970F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSAGetOverlappedResult 76197489 6 Bytes JMP 71940F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!GetAddrInfoExW 7619D1EA 6 Bytes JMP 71A60F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!FreeAddrInfoEx 7619E14D 6 Bytes JMP 71A30F5A
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 88, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 8B, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 88, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 89, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 8A, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 89, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 8A, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 88, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 89, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 8A, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 8B, 93, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtClose 775C54C8 5 Bytes JMP 64E5FFC0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtCreateFile 775C55C8 5 Bytes JMP 64E5EC96 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtCreateKey 775C5608 5 Bytes JMP 64E5B6DC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDeleteFile 775C5808 5 Bytes JMP 64E5EAB3 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDeleteKey 775C5818 5 Bytes JMP 64E5AF5D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDeleteValueKey 775C5848 5 Bytes JMP 64E5B220 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDuplicateObject 775C5898 5 Bytes JMP 64E60096 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtEnumerateKey 775C58E8 5 Bytes JMP 64E5B001 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtEnumerateValueKey 775C5918 5 Bytes JMP 64E5B17A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtFlushKey 775C5988 5 Bytes JMP 64E5AFAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtNotifyChangeKey 775C5C68 5 Bytes JMP 64E5B2CE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtNotifyChangeMultipleKeys 775C5C78 5 Bytes JMP 64E5B35C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtOpenFile 775C5CD8 5 Bytes JMP 64E5EE21 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtOpenKey 775C5D08 5 Bytes JMP 64E5B5ED C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtOpenKeyEx 775C5D18 5 Bytes JMP 64E5B660 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryAttributesFile 775C5F38 5 Bytes JMP 64E5EB1E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryDirectoryFile 775C5F98 5 Bytes JMP 64E5D81E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryFullAttributesFile 775C5FE8 5 Bytes JMP 64E5EB8E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryKey 775C60E8 5 Bytes JMP 64E5B054 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryMultipleValueKey 775C6108 5 Bytes JMP 64E5B27B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryObject 775C6128 5 Bytes JMP 64E600EC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQuerySecurityObject 775C61A8 5 Bytes JMP 64E60030 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryValueKey 775C6248 5 Bytes JMP 64E5B127 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtRenameKey 775C63C8 5 Bytes JMP 64E5B751 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetInformationFile 775C6638 5 Bytes JMP 64E5EBFE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetInformationKey 775C6658 5 Bytes JMP 64E5B0BA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetSecurityObject 775C6758 5 Bytes JMP 64E60149 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetValueKey 775C6808 5 Bytes JMP 64E5B1CD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!CreateProcessW 765A204D 5 Bytes JMP 64E38C27 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!CreateProcessA 765A2082 5 Bytes JMP 64E38D65 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!CreateProcessAsUserW 765D59FF 5 Bytes JMP 64E38F9B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!SetDllDirectoryW 7662D783 5 Bytes JMP 64E3977C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!SetDllDirectoryA 7662D82C 5 Bytes JMP 64E39AAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!WinExec 7662EDAE 5 Bytes JMP 64E3931E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!AllocConsole 7664C675 5 Bytes JMP 64E61210 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!AttachConsole 7664C743 5 Bytes JMP 64E61222 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] USER32.dll!CreateWindowExA 7622BF40 5 Bytes JMP 64E611E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] USER32.dll!CreateWindowExW 7622EC7C 5 Bytes JMP 64E611F8 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] GDI32.dll!AddFontResourceW 75FAEC13 5 Bytes JMP 64E46800 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] GDI32.dll!AddFontResourceA 75FAEFA7 5 Bytes JMP 64E467E4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumDependentServicesW 75A21E3A 7 Bytes JMP 64E4956C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusExW 75A2B466 7 Bytes JMP 64E4A48D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceKeyNameW 75A478FF 7 Bytes JMP 64E49C13 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceDisplayNameW 75A479BB 7 Bytes JMP 64E49DC4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusExA 75A4A3E2 7 Bytes JMP 64E4A553 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 75A62538 5 Bytes JMP 64E390DD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceKeyNameA 75A81B94 7 Bytes JMP 64E49CCB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceDisplayNameA 75A81C31 7 Bytes JMP 64E49E7C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusA 75A82021 7 Bytes JMP 64E4A3CF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumDependentServicesA 75A82104 7 Bytes JMP 64E49623 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusW 75A82221 5 Bytes JMP 64E4A311 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoRegisterPSClsid 762FC56E 5 Bytes JMP 64E4FFF5 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoResumeClassObjects + 7 762FEA09 7 Bytes JMP 64E505C6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleRun 763007DE 5 Bytes JMP 64E50481 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoRegisterClassObject 763021E1 5 Bytes JMP 64E510F6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleUninitialize 7630EBA1 6 Bytes JMP 64E503A0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleInitialize 7630EFD7 5 Bytes JMP 64E50330 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoGetPSClsid 763126B9 5 Bytes JMP 64E5016D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoGetClassObject 763254AD 5 Bytes JMP 64E51684 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoInitializeEx 763309AD 5 Bytes JMP 64E501E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoUninitialize 763386D3 5 Bytes JMP 64E50262 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoCreateInstance 76339D0B 5 Bytes JMP 64E52952 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoCreateInstanceEx 76339D4E 5 Bytes JMP 64E50A8D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoSuspendClassObjects + 7 7635BB09 7 Bytes JMP 64E504F1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoRevokeClassObject 7637EACF 5 Bytes JMP 64E4FA52 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoGetInstanceFromFile 763B340B 5 Bytes JMP 64E51B44 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleRegEnumFormatEtc 763FCFD9 5 Bytes JMP 64E5040B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, D4, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, D7, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, D4, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, D5, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, D6, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, D5, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, D6, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, D4, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, D5, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, D6, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, D7, 4C, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 28, 3A, 00] {SUB [EAX], CH; CMP AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 2B, 3A, 00] {SUB [EBX], CH; CMP AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 28, 3A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 29, 3A, 00] {TEST AL, 0x29; CMP AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 2A, 3A, 00] {TEST AL, 0x2a; CMP AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 29, 3A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 2A, 3A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 28, 3A, 00] {TEST AL, 0x28; CMP AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 29, 3A, 00] {SUB [ECX], CH; CMP AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 2A, 3A, 00] {SUB [EDX], CH; CMP AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 2B, 3A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, B4, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, B7, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, B4, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, B5, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, B6, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, B5, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, B6, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, B4, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, B5, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, B6, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, B7, A0, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737cbaab7
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737cbaab7 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\[email protected]{444465DD-5C80-11E1-95C7-806E6F6E6963} 6923064616

---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top