1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HijackThis! log blank?

Discussion in 'Virus & Other Malware Removal' started by akosiyaji, Jan 21, 2013.

Thread Status:
Not open for further replies.
  1. akosiyaji

    akosiyaji Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    1
    Hi guys, my computer's been lagging at the splash screen (i have an Acer with D270 windows 7 starter) and i already used AdAware and Spybot as advised. thing is i get a blank notepad file after i run the hijackthis! scan. i also tried uninstalling and reinstalling but no luck. here are the required logs btw:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 32 bit
    Processor: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz, x64 Family 6 Model 54 Stepping 1
    Processor Count: 4
    RAM: 2036 Mb
    Graphics Card: Intel(R) Graphics Media Accelerator 3600 Series, 5 Mb
    Hard Drives: C: Total - 413524 MB, Free - 280067 MB; D: Total - 49998 MB, Free - 30417 MB;
    Motherboard: Acer, JE01_CT
    Antivirus: Lavasoft Ad-Aware, Disabled

    ---
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by user at 2:26:41 on 2013-01-22
    Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2036.849 [GMT 8:00]
    .
    AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\Launch Manager\LMutilps32.exe
    C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    C:\Program Files\Acer\Registration\GREGsvc.exe
    C:\ProgramData\DatacardService\HWDeviceService.exe
    C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\SMART BRO\AssistantServices.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\RunDll32.exe
    C:\PROGRA~1\AD-AWA~1\AdAware.exe
    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://rappler.com/
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    uProxyServer = dormproxy.upd.edu.ph:8080
    uProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: c:\users\user\appdata\local\start\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\user\appdata\local\start\monito~1.lnk - c:\windows\system32\RunDll32.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 10.32.1.7 10.16.3.143
    TCP: Interfaces\{3898E550-498E-4A3E-BC57-E9EB4FDC9CC4} : NameServer = 10.198.220.124 202.126.40.5
    TCP: Interfaces\{94E7F0D6-B672-4BF9-B7F3-D2B0ADEEC807} : NameServer = 10.198.220.124 202.126.40.5
    TCP: Interfaces\{9C45312E-0086-4E5E-9DB6-D5084410CC60} : NameServer = 10.198.220.124 202.126.40.5
    TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8} : DHCPNameServer = 10.32.1.7 10.16.3.143
    TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8}\254534024303 : DHCPNameServer = 192.168.1.2
    TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8}\4494C4E4544533 : DHCPNameServer = 202.92.128.249 202.92.128.248
    TCP: Interfaces\{A010B64B-0F2B-456E-AC17-084D3C89B7E8}\D457378627F6F6D626572776562702B41647960757E616E6 : DHCPNameServer = 192.168.11.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\hyqhj0cd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://interaksyon.com/
    FF - prefs.js: network.proxy.ftp - dormproxy.upd.edu.ph
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - dormproxy.upd.edu.ph
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - dormproxy.upd.edu.ph
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - dormproxy.upd.edu.ph
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-01-07 09:00; [email protected]; c:\users\user\appdata\roaming\mozilla\firefox\profiles\hyqhj0cd.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-7 13560]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2012-1-3 21600]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2012-1-3 16936]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2012-1-3 62240]
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-5-13 249648]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2012-1-3 353360]
    R2 ePowerSvc;ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2012-2-21 739944]
    R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2011-5-30 36456]
    R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\hwdeviceservice.exe -/service --> c:\programdata\datacardservice\HWDeviceService.exe -/service [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-1-3 13336]
    R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-2-21 1755136]
    R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2012-1-3 255376]
    R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-2 2057560]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2012-1-3 260640]
    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-3 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-3 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-3 168384]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R2 UI Assistant Service;UI Assistant Service;c:\program files\smart bro\AssistantServices.exe [2012-7-30 269648]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-12-22 72576]
    R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-1-6 1338368]
    R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-1-6 418816]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-1-6 278528]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-2-21 254056]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-3 490088]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\globe tattoo broadband\updatedog\ouc.exe [2012-12-22 218624]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-6-8 191752]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-2-21 525352]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-2-21 76328]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-21 33832]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-12-22 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-12-22 208896]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
    S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-7-30 9216]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2012-7-30 107776]
    S4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2011-6-22 173424]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-21 18:11:50 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-01-21 16:44:17 -------- d-----w- c:\program files\Trend Micro
    2013-01-15 16:57:59 -------- d-----r- c:\users\user\Dropbox
    2013-01-13 12:49:36 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-01-13 12:48:50 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-13 12:37:43 46592 ----a-w- c:\windows\system32\fpb.rs
    2013-01-13 08:56:20 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-13 08:47:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-13 07:15:25 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-12 20:21:10 0 ----a-w- c:\windows\system32\sho3E5D.tmp
    2013-01-12 16:54:49 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-07 02:12:22 -------- d-----w- c:\programdata\Ad-Aware Antivirus
    2013-01-07 01:12:41 -------- d-----w- c:\program files\Ad-Aware Antivirus
    2013-01-07 01:11:37 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations
    2013-01-07 01:11:03 44424 ----a-w- c:\windows\system32\sbbd.exe
    2013-01-07 01:11:03 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-01-07 01:00:23 -------- d-----w- c:\programdata\blekko toolbars
    2013-01-07 01:00:21 -------- d-----w- c:\users\user\appdata\local\adawarebp
    2013-01-07 01:00:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2013-01-07 01:00:10 -------- d-----w- c:\program files\adawaretb
    2013-01-07 01:00:07 -------- d-----w- c:\program files\Toolbar Cleaner
    2013-01-03 07:49:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-03 07:49:36 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-01-03 07:49:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-01-03 07:49:08 -------- d-----w- c:\users\user\appdata\local\Programs
    2013-01-03 05:47:34 -------- d-----w- c:\users\user\appdata\roaming\LavasoftStatistics
    2013-01-03 05:43:13 -------- d-----w- c:\users\user\appdata\roaming\Ad-Aware Antivirus
    2013-01-01 17:21:39 -------- d-----w- c:\users\user\appdata\roaming\AVG
    2013-01-01 17:20:43 -------- d-----w- c:\programdata\AVG
    2013-01-01 17:20:17 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2013-01-01 13:52:56 -------- d-----w- c:\users\user\appdata\roaming\AVG2013
    2013-01-01 13:51:49 -------- d-----w- c:\users\user\appdata\roaming\TuneUp Software
    2013-01-01 13:50:56 -------- d-----w- c:\programdata\AVG2013
    2012-12-31 11:45:42 -------- d-----w- c:\program files\Foxit Software
    2012-12-29 14:50:11 64392 ---ha-w- c:\windows\system32\drivers\PROCMON23.SYS
    2012-12-29 11:59:45 -------- d-----w- c:\users\user\appdata\local\MFAData
    2012-12-29 11:59:45 -------- d-----w- c:\users\user\appdata\local\Avg2013
    2012-12-29 11:59:45 -------- d-----w- c:\programdata\MFAData
    2012-12-29 08:00:50 -------- d-----w- c:\program files\Aurora
    2012-12-29 02:48:53 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a540601a-3ec6-4165-b140-2834ebe9ae4e}\mpengine.dll
    2012-12-28 09:25:46 -------- d-----w- c:\users\user\appdata\roaming\WildTangent
    2012-12-24 12:52:21 -------- d-----w- C:\games
    2012-12-22 21:55:07 -------- d-----w- c:\users\user\appdata\roaming\aliasworlds
    2012-12-22 21:55:07 -------- d-----w- c:\programdata\aliasworlds
    .
    ==================== Find3M ====================
    .
    2013-01-13 08:46:55 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-13 08:46:55 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-20 07:20:00 0 ----a-w- c:\windows\system32\shoEF14.tmp
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-09 21:10:54 0 ----a-w- c:\windows\system32\sho75DD.tmp
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 04:49:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-02 04:49:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-02 04:49:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 2:27:56.64 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Basic
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/4/2012 4:38:39 PM
    System Uptime: 1/21/2013 11:27:21 PM (3 hours ago)
    .
    Motherboard: Acer | | JE01_CT
    Processor: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz | CPU | 1061/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 404 GiB total, 273.499 GiB free.
    D: is FIXED (NTFS) - 49 GiB total, 29.704 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\5&28FEC276&0&1
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\5&28FEC276&0&1
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    µTorrent
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Ad-Aware Antivirus
    Ad-Aware Browsing Protection
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe CMaps CS4
    Adobe Color Video Profiles AE CS4
    Adobe Community Help
    Adobe Creative Suite 5.5 Master Collection
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Reader X (10.1.0) MUI
    Adobe Reader X (10.1.1)
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Widget Browser
    Adobe XMP Panels CS4
    Akhra: The Treasures
    Alice's Magical Mahjong
    Apple Software Update
    Bejeweled 3
    Bing Bar
    Chuzzle Deluxe
    D3DX10
    Diego's Ultimate Rescue
    Dropbox
    eBay Worldwide
    Evernote v. 4.5.1
    Final Drive: Nitro
    Fooz Kids
    Fooz Kids Platform
    Fotogalerija Windows Live
    Foxit Reader
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galeria fotogràfica del Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    GameHouse Super Games AIO®
    Globe Tattoo Broadband
    Google Chrome
    Google Drive
    Google Update Helper
    HiJackThis
    HP Deskjet Ink Adv 2060 K110 Basic Device Software
    Identity Card
    Insaniquarium Deluxe
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Java 7 Update 9
    Java Auto Updater
    Java SE Development Kit 7 Update 4
    JavaFX 2.1.1
    Junk Mail filter update
    Launch Manager
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVC90_x86
    MSVCRT
    My Farm Life
    My Kingdom for the Princess 3
    MyWinLocker 4
    MyWinLocker Suite
    newsXpresso
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Norton Online Backup
    OpenOffice.org 3.2
    PC Connectivity Solution
    PDF Settings CS5
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Pošta Windows Live
    QuickTime
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Running Sheep
    S?????? f?t???af??? t?? Windows Live
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Shredder
    Skip-Bo - Castaway Caper
    Skype™ 5.10
    Slingo Deluxe
    SMART BRO
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    Super Granny 6
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    USB Disk Security
    VLC media player 0.9.8a
    Wedding Dash
    Welcome Center
    WIDCOMM Bluetooth Software
    WildTangent Games App
    Windows Driver Package - Nokia Modem (02/25/2011 4.7)
    Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Argazki Galeria
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinRAR 4.20 beta 3 (32-bit)
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/22/2013 12:44:20 AM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.224 did not allow the name to be claimed by this computer.
    1/22/2013 12:41:00 AM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.36 did not allow the name to be claimed by this computer.
    1/22/2013 1:57:20 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    1/21/2013 9:43:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    1/21/2013 9:43:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
    1/21/2013 9:43:27 PM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/21/2013 9:13:43 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.204.91 did not allow the name to be claimed by this computer.
    1/21/2013 8:57:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
    1/21/2013 8:57:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:30 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/21/2013 8:56:08 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A010B64B-0F2B-456E-AC17-084D3C89B7E8} because another computer on the network has the same name. The server could not start.
    1/21/2013 8:56:08 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.179 did not allow the name to be claimed by this computer.
    1/21/2013 8:56:02 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.179 did not allow the name to be claimed by this computer.
    1/21/2013 4:48:51 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    1/21/2013 1:11:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    1/20/2013 6:24:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.
    1/20/2013 1:19:43 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.204.91 did not allow the name to be claimed by this computer.
    1/19/2013 2:01:23 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.83 did not allow the name to be claimed by this computer.
    1/19/2013 2:01:23 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.83 did not allow the name to be claimed by this computer.
    1/19/2013 12:08:54 AM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.205.170. The computer with the IP address 10.33.205.36 did not allow the name to be claimed by this computer.
    1/17/2013 7:59:55 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    1/16/2013 7:31:34 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 10.33.204.55. The computer with the IP address 10.33.205.83 did not allow the name to be claimed by this computer.
    1/16/2013 6:38:05 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    1/16/2013 5:53:02 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 172.16.3.227. The computer with the IP address 172.16.3.166 did not allow the name to be claimed by this computer.
    1/16/2013 11:40:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    1/16/2013 10:43:37 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 10.33.204.55. The computer with the IP address 10.33.205.36 did not allow the name to be claimed by this computer.
    1/15/2013 7:32:19 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-22 02:43:57
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0 465.76GB
    Running: pzk9fwyf.exe; Driver: C:\Users\user\AppData\Local\Temp\kwldapob.sys


    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82292A49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822CC4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Users\user\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 54, 52, 00] {SUB [EDX+EDX*2+0x0], DL}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 57, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 54, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 55, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 56, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 55, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 56, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 54, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 55, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 56, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 57, 52, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[672] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!WSASend 76194406 6 Bytes JMP 719A0F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!GetAddrInfoW 76194889 6 Bytes JMP 71AF0F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!FreeAddrInfoW 76194B1B 6 Bytes JMP 71A90F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!recv 76196B0E 6 Bytes JMP 719D0F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!send 76196F01 6 Bytes JMP 71A00F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!WSARecv 76197089 6 Bytes JMP 71970F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!WSAGetOverlappedResult 76197489 6 Bytes JMP 71940F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!GetAddrInfoExW 7619D1EA 6 Bytes JMP 71A60F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1004] WS2_32.dll!FreeAddrInfoEx 7619E14D 6 Bytes JMP 71A30F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 58, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 5B, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 58, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 59, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 5A, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 59, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 5A, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 58, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 59, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 5A, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 5B, C7, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 6C, 32, 00] {SUB [EDX+ESI+0x0], CH}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 6F, 32, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 6C, 32, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 6D, 32, 00] {TEST AL, 0x6d; XOR AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 6E, 32, 00] {TEST AL, 0x6e; XOR AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 6D, 32, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 6E, 32, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 6C, 32, 00] {TEST AL, 0x6c; XOR AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 6D, 32, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 6E, 32, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 6F, 32, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSASend 76194406 6 Bytes JMP 719A0F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!GetAddrInfoW 76194889 6 Bytes JMP 71AF0F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!FreeAddrInfoW 76194B1B 6 Bytes JMP 71A90F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!recv 76196B0E 6 Bytes JMP 719D0F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!send 76196F01 6 Bytes JMP 71A00F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSARecv 76197089 6 Bytes JMP 71970F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSAGetOverlappedResult 76197489 6 Bytes JMP 71940F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!GetAddrInfoExW 7619D1EA 6 Bytes JMP 71A60F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!FreeAddrInfoEx 7619E14D 6 Bytes JMP 71A30F5A
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 88, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 8B, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 88, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 89, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 8A, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 89, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 8A, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 88, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 89, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 8A, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 8B, 93, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtClose 775C54C8 5 Bytes JMP 64E5FFC0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtCreateFile 775C55C8 5 Bytes JMP 64E5EC96 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtCreateKey 775C5608 5 Bytes JMP 64E5B6DC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDeleteFile 775C5808 5 Bytes JMP 64E5EAB3 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDeleteKey 775C5818 5 Bytes JMP 64E5AF5D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDeleteValueKey 775C5848 5 Bytes JMP 64E5B220 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtDuplicateObject 775C5898 5 Bytes JMP 64E60096 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtEnumerateKey 775C58E8 5 Bytes JMP 64E5B001 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtEnumerateValueKey 775C5918 5 Bytes JMP 64E5B17A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtFlushKey 775C5988 5 Bytes JMP 64E5AFAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtNotifyChangeKey 775C5C68 5 Bytes JMP 64E5B2CE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtNotifyChangeMultipleKeys 775C5C78 5 Bytes JMP 64E5B35C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtOpenFile 775C5CD8 5 Bytes JMP 64E5EE21 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtOpenKey 775C5D08 5 Bytes JMP 64E5B5ED C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtOpenKeyEx 775C5D18 5 Bytes JMP 64E5B660 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryAttributesFile 775C5F38 5 Bytes JMP 64E5EB1E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryDirectoryFile 775C5F98 5 Bytes JMP 64E5D81E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryFullAttributesFile 775C5FE8 5 Bytes JMP 64E5EB8E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryKey 775C60E8 5 Bytes JMP 64E5B054 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryMultipleValueKey 775C6108 5 Bytes JMP 64E5B27B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryObject 775C6128 5 Bytes JMP 64E600EC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQuerySecurityObject 775C61A8 5 Bytes JMP 64E60030 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtQueryValueKey 775C6248 5 Bytes JMP 64E5B127 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtRenameKey 775C63C8 5 Bytes JMP 64E5B751 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetInformationFile 775C6638 5 Bytes JMP 64E5EBFE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetInformationKey 775C6658 5 Bytes JMP 64E5B0BA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetSecurityObject 775C6758 5 Bytes JMP 64E60149 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ntdll.dll!NtSetValueKey 775C6808 5 Bytes JMP 64E5B1CD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!CreateProcessW 765A204D 5 Bytes JMP 64E38C27 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!CreateProcessA 765A2082 5 Bytes JMP 64E38D65 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!CreateProcessAsUserW 765D59FF 5 Bytes JMP 64E38F9B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!SetDllDirectoryW 7662D783 5 Bytes JMP 64E3977C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!SetDllDirectoryA 7662D82C 5 Bytes JMP 64E39AAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!WinExec 7662EDAE 5 Bytes JMP 64E3931E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!AllocConsole 7664C675 5 Bytes JMP 64E61210 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] kernel32.dll!AttachConsole 7664C743 5 Bytes JMP 64E61222 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] USER32.dll!CreateWindowExA 7622BF40 5 Bytes JMP 64E611E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] USER32.dll!CreateWindowExW 7622EC7C 5 Bytes JMP 64E611F8 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] GDI32.dll!AddFontResourceW 75FAEC13 5 Bytes JMP 64E46800 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] GDI32.dll!AddFontResourceA 75FAEFA7 5 Bytes JMP 64E467E4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumDependentServicesW 75A21E3A 7 Bytes JMP 64E4956C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusExW 75A2B466 7 Bytes JMP 64E4A48D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceKeyNameW 75A478FF 7 Bytes JMP 64E49C13 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceDisplayNameW 75A479BB 7 Bytes JMP 64E49DC4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusExA 75A4A3E2 7 Bytes JMP 64E4A553 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 75A62538 5 Bytes JMP 64E390DD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceKeyNameA 75A81B94 7 Bytes JMP 64E49CCB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!GetServiceDisplayNameA 75A81C31 7 Bytes JMP 64E49E7C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusA 75A82021 7 Bytes JMP 64E4A3CF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumDependentServicesA 75A82104 7 Bytes JMP 64E49623 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ADVAPI32.dll!EnumServicesStatusW 75A82221 5 Bytes JMP 64E4A311 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoRegisterPSClsid 762FC56E 5 Bytes JMP 64E4FFF5 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoResumeClassObjects + 7 762FEA09 7 Bytes JMP 64E505C6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleRun 763007DE 5 Bytes JMP 64E50481 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoRegisterClassObject 763021E1 5 Bytes JMP 64E510F6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleUninitialize 7630EBA1 6 Bytes JMP 64E503A0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleInitialize 7630EFD7 5 Bytes JMP 64E50330 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoGetPSClsid 763126B9 5 Bytes JMP 64E5016D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoGetClassObject 763254AD 5 Bytes JMP 64E51684 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoInitializeEx 763309AD 5 Bytes JMP 64E501E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoUninitialize 763386D3 5 Bytes JMP 64E50262 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoCreateInstance 76339D0B 5 Bytes JMP 64E52952 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoCreateInstanceEx 76339D4E 5 Bytes JMP 64E50A8D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoSuspendClassObjects + 7 7635BB09 7 Bytes JMP 64E504F1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoRevokeClassObject 7637EACF 5 Bytes JMP 64E4FA52 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!CoGetInstanceFromFile 763B340B 5 Bytes JMP 64E51B44 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3064] ole32.dll!OleRegEnumFormatEtc 763FCFD9 5 Bytes JMP 64E5040B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, D4, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, D7, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, D4, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, D5, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, D6, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, D5, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, D6, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, D4, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, D5, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, D6, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, D7, 4C, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, 28, 3A, 00] {SUB [EAX], CH; CMP AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, 2B, 3A, 00] {SUB [EBX], CH; CMP AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, 28, 3A, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, 29, 3A, 00] {TEST AL, 0x29; CMP AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, 2A, 3A, 00] {TEST AL, 0x2a; CMP AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, 29, 3A, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, 2A, 3A, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, 28, 3A, 00] {TEST AL, 0x28; CMP AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, 29, 3A, 00] {SUB [ECX], CH; CMP AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, 2A, 3A, 00] {SUB [EDX], CH; CMP AL, [EAX]}
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, 2B, 3A, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + 6 775C55CE 4 Bytes [28, B4, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + B 775C55D3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + 6 775C5C2E 4 Bytes [28, B7, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + B 775C5C33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + 6 775C5CDE 4 Bytes [68, B4, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + B 775C5CE3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + 6 775C5D8E 4 Bytes [A8, B5, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + B 775C5D93 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessToken + B 775C5DA3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + 6 775C5DAE 4 Bytes [A8, B6, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + B 775C5DB3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + 6 775C5E0E 4 Bytes [68, B5, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + B 775C5E13 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + 6 775C5E1E 4 Bytes [68, B6, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + B 775C5E23 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadTokenEx + B 775C5E33 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + 6 775C5F3E 4 Bytes [A8, B4, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + B 775C5F43 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryFullAttributesFile + B 775C5FF3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + 6 775C663E 4 Bytes [28, B5, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + B 775C6643 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + 6 775C669E 4 Bytes [28, B6, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + B 775C66A3 1 Byte [E2]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + 6 775C69BE 4 Bytes [68, B7, A0, 00]
    .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + B 775C69C3 1 Byte [E2]

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737cbaab7
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737cbaab7 (not active ControlSet)
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\[email protected]{444465DD-5C80-11E1-95C7-806E6F6E6963} 6923064616

    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086272

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice