GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-17 17:33:58 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL032C 149,05GB Running: sv2sv5di.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x932A867A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x93238AE2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAlpcSendWaitReceivePort [0x932AB4E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x932A9158] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x932B58F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x932B5942] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateFile [0x8B5E4310] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x932B5ADC] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateKey [0x8B5E3DC0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x932B5864] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateProcess [0x8B5E5770] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateProcessEx [0x8B5E5670] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0x932B5986] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x932B58AC] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateSymbolicLinkObject [0x8B5E5420] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x932A968E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x932A98AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x932B5A96] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateUserProcess [0x8B5E5E70] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x932A9DC0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x932A86E0] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeleteFile [0x8B5E4E60] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeleteKey [0x8B5E44F0] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeleteValueKey [0x8B5E45B0] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeviceIoControlFile [0x8B5E4BA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x932AD252] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwEnumerateValueKey [0x8B5E4820] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x93238BBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0x932AA652] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwGetNextProcess [0x8B5E5C10] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwGetNextThread [0x8B5E5930] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x932A82CC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x93238F9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x932A8746] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x932AD648] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x932AABE4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x932B5920] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x932B5964] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x932B5B00] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x932B588A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x932ACB2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x932B5A14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x932B58D4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x932ACF20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x932B5ABA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x93238D3A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x932AA9FC] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwQueryValueKey [0x8B5E4740] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwQueueApcThread [0x8B5E5F80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x932AA51C] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwRenameKey [0x8B5E55B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwReplyWaitReceivePort [0x932AF772] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwReplyWaitReceivePortEx [0x932AB4B4] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwRequestWaitReplyPort [0x8B5E4670] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwRestoreKey [0x8B5E6060] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0x932A9F8A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0x932AA196] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x932A87AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x932A8812] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0x932AA77C] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetInformationFile [0x8B5E3F70] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetSecurityObject [0x8B5E6130] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x932A8366] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x932A8538] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetValueKey [0x8B5E4150] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x932A84C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x932AA090] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x932AA2C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x932A85C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0x932A9BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x932A9DA0] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x93235D7A] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwUnmapViewOfSection [0x8B5E5CF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x932A8878] SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwWriteFile [0x8B5E4050] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x932A91B4] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1549 82E58EC5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E93272 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E9A670 4 Bytes [7A, 86, 2A, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E9A698 4 Bytes [E2, 8A, 23, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82E9A6E8 4 Bytes [E0, B4, 2A, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E9A6F8 4 Bytes [58, 91, 2A, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E9A74C 16 Bytes [F6, 58, 2B, 93, 42, 59, 2B, ...] {NEG BYTE [EAX+0x2b]; XCHG EBX, EAX; INC EDX; POP ECX; SUB EDX, [EBX-0x74a1bcf0]; FCOMP QWORD [EDX+0x2b]; XCHG EBX, EAX} .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 114 830594C5 4 Bytes CALL 932AB273 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B563774] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 98, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 9B, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 98, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 99, 00, 01] {TEST AL, 0x99; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 9A, 00, 01] {TEST AL, 0x9a; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 99, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 9A, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 98, 00, 01] {TEST AL, 0x98; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 99, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 9A, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 9B, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 2DFB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 2DFB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, BC, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, BF, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, BC, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, BD, B6, 00] {TEST AL, 0xbd; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, BE, B6, 00] {TEST AL, 0xbe; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, BD, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, BE, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, BC, B6, 00] {TEST AL, 0xbc; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, BD, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, BE, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, BF, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 38F103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 38F101F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1280] kernel32.dll!SetUnhandledExceptionFilter 7730F6AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [18, 40, 02, 6F] {SBB [EAX+0x2], AL; OUTS DX, DWORD [ESI]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 286D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 286D01F8 .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[1848] ntdll.dll!RtlInitializeExceptionChain + A7 77463600 6 Bytes JMP 71A5000A .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[1848] kernel32.dll!CreateThread 7730DE72 6 Bytes JMP 71AF000A .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[1848] kernel32.dll!LoadLibraryW 7730F0F2 6 Bytes JMP 71A8000A .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 7730F6AB 8 Bytes [33, C0, 90, 90, C2, 04, 00, ...] {XOR EAX, EAX; NOP ; NOP ; RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[2328] kernel32.dll!SetUnhandledExceptionFilter 7730F6AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!SetScrollRange 769E8E93 5 Bytes JMP 0041A9BE C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!GetScrollInfo 769F2D7B 5 Bytes JMP 0041A945 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!SetScrollInfo 769F48B2 5 Bytes JMP 0041A9FB C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!GetScrollRange 76A1042A 5 Bytes JMP 0041A8DC C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!SetScrollPos 76A1048E 5 Bytes JMP 0041A8B1 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!GetScrollPos 76A10E13 5 Bytes JMP 0041A91A C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!EnableScrollBar 76A1199E 5 Bytes JMP 0041AA35 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2356] USER32.dll!ShowScrollBar 76A13C59 5 Bytes JMP 0041A97E C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 50, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 53, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 50, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 51, DA, 00] {TEST AL, 0x51; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 52, DA, 00] {TEST AL, 0x52; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 51, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 52, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 50, DA, 00] {TEST AL, 0x50; FIADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 51, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 52, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 53, DA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 2DFB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2400] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 2DFB01F8 .text C:\Windows\Explorer.EXE[2732] SHELL32.dll!SHFileOperationW 75AE9630 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[3284] ntdll.dll!RtlInitializeExceptionChain + A7 77463600 6 Bytes JMP 71A5000A .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[3284] kernel32.dll!CreateThread 7730DE72 6 Bytes JMP 71AF000A .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[3284] kernel32.dll!LoadLibraryW 7730F0F2 6 Bytes JMP 71A8000A .text C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe[3284] kernel32.dll!SetUnhandledExceptionFilter 7730F6AB 8 Bytes [33, C0, 90, 90, C2, 04, 00, ...] {XOR EAX, EAX; NOP ; NOP ; RET 0x4; NOP } .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3944] kernel32.dll!SetUnhandledExceptionFilter 7730F6AB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 80, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 83, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 80, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 81, B2, 00] {TEST AL, 0x81; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 82, B2, 00] {TEST AL, 0x82; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 81, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 82, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 80, B2, 00] {TEST AL, 0x80; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 81, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 82, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 83, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 01DB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4396] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 01DB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 10, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 13, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 10, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 11, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 12, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 11, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 12, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 10, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 11, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 12, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 13, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 6C0703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 6C0701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 684403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 684401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 2C, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 2F, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 2C, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 2D, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 2E, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 2D, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 2E, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 2C, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 2D, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 2E, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 2F, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 572303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 572301F8 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4700] kernel32.dll!SetUnhandledExceptionFilter 7730F6AB 5 Bytes JMP 018951CA C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4700] ole32.dll!OleLoadFromStream 770D6113 5 Bytes JMP 023555C6 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 60, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 63, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 60, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 61, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 62, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 61, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 62, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 60, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 61, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 62, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 63, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 564603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 564601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 80, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 83, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 80, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 81, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 82, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 81, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 82, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 80, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 81, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 82, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 83, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 454E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 454E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, AC, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, AF, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, AC, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, AD, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, AE, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, AD, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, AE, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, AC, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, AD, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, AE, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, AF, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 7BBA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 7BBA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtCreateFile + 6 77445136 4 Bytes [28, 5C, 32, 00] {SUB [EDX+ESI+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtCreateFile + B 7744513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtMapViewOfSection + 6 77445796 4 Bytes [28, 5F, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtMapViewOfSection + B 7744579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenFile + 6 77445846 4 Bytes [68, 5C, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenFile + B 7744584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcess + 6 774458F6 4 Bytes [A8, 5D, 32, 00] {TEST AL, 0x5d; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcess + B 774458FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcessToken + B 7744590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcessTokenEx + 6 77445916 4 Bytes [A8, 5E, 32, 00] {TEST AL, 0x5e; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenProcessTokenEx + B 7744591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThread + 6 77445976 4 Bytes [68, 5D, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThread + B 7744597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThreadToken + 6 77445986 4 Bytes [68, 5E, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThreadToken + B 7744598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtOpenThreadTokenEx + B 7744599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtQueryAttributesFile + 6 77445AA6 4 Bytes [A8, 5C, 32, 00] {TEST AL, 0x5c; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtQueryAttributesFile + B 77445AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtQueryFullAttributesFile + B 77445B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationFile + 6 774461A6 4 Bytes [28, 5D, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationFile + B 774461AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationThread + 6 77446206 4 Bytes [28, 5E, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtSetInformationThread + B 7744620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtUnmapViewOfSection + 6 77446526 4 Bytes [68, 5F, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!NtUnmapViewOfSection + B 7744652B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!LdrUnloadDll 7745C716 5 Bytes JMP 37D503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5808] ntdll.dll!LdrLoadDll 77462101 5 Bytes JMP 37D501F8 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BC560C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BC56CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BE24BF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BE253A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BD859B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BD4D4F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BD50F6] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BD51CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73BD66F8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BD82F2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BD8841] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BD90A2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BDE245] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2732] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BD4C81] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_5c028c09a01213b0\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 8576B1F8 Device \FileSystem\udfs \UdfsCdRom 85BB1440 Device \FileSystem\udfs \UdfsDisk 85BB1440 ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857691f8]<< 857691f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8661d648] 8661d648 Trace 3 CLASSPNP.SYS[8bcf259e] -> nt!IofCallDriver -> [0x864e0900] 864e0900 Trace 5 ACPI.sys[8b5883d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x864cc908] 864cc908 Trace \Driver\atapi[0x86525558] -> IRP_MJ_CREATE -> 0x857691f8 857691f8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@002345016c44 0xD1 0xFB 0x8F 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@303855556cd1 0x5D 0x16 0x59 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@00180fcf7b7d 0x59 0x30 0xB5 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c8336142e91 0xA6 0x41 0x01 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@602916006261 0x28 0x25 0x2D 0x46 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x8F 0xED 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0xF4 0x8C 0xE6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@002345016c44 0xD1 0xFB 0x8F 0x7E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@303855556cd1 0x5D 0x16 0x59 0x6A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@00180fcf7b7d 0x59 0x30 0xB5 0x4E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c8336142e91 0xA6 0x41 0x01 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@602916006261 0x28 0x25 0x2D 0x46 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x8F 0xED 0x7B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0xF4 0x8C 0xE6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xD5 0xED 0xFF 0x0C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0xAA 0x56 0x94 0xB0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xD6 0xA3 0x5C 0xB8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe 0x68 0x2F 0xB4 0x67 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vsta.exe 0x09 0x6E 0x9F 0x45 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0x97 0x71 0xF3 0xC0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Installer\MSIAA55.tmp 0x0E 0xAF 0x2A 0x5F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Temp\AutoRun.exe 0xD9 0x11 0xF4 0x70 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x76 0x06 0x1D 0xE7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\WINWORD.EXE 0x80 0xF2 0xE1 0xBB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ByteFence\ByteFence.exe 0xD6 0xB5 0x19 0x5A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x4E 0x5B 0x56 0xB5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 0x48 0x24 0xC7 0x8F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xF5 0xC1 0x5B 0xC9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTel\wicainventory.exe 0xDC 0xF4 0x8C 0xC9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x96 0x80 0xC8 0x4F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\explorer.exe 0x24 0xC7 0xF8 0x01 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe 0xE6 0x33 0x68 0xCA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x5A 0x4F 0x7D 0xFB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x81 0x42 0xCD 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe 0x86 0x6B 0x45 0x81 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\corel portable\CorelDRAW.Graphics.Suite.X6.16.0.0.707.Portable\CorelDRAW X6.exe 0x53 0x37 0xB9 0xC9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe 0xE4 0xAE 0xF4 0xF4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\WerFault.exe 0x57 0x79 0xC6 0x7B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe 0x67 0xAC 0x68 0x85 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0x6C 0x02 0x2A 0x2A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe 0x13 0xC6 0xC5 0x29 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\McAfee.TrueKey.Service.exe 0xF8 0xFA 0xD2 0x57 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\McTkSchedulerService.exe 0x4B 0xA1 0x00 0x5F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\InstallerEvents.exe 0x1F 0x27 0xE0 0x53 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\INTELS~1\TRUEKE~1\Application\vendor\chrome-export.exe 0x99 0xB2 0xBA 0x33 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe 0x3D 0xE6 0x0E 0x06 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\TrueKey\INSTAL~1.EXE 0x35 0xFF 0xB3 0xC8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Facebook\Games\FacebookGames.exe 0xFF 0xC6 0x49 0x2B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe 0xD7 0x0C 0x07 0x50 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rdrleakdiag.exe 0x10 0xBD 0x25 0x7F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\TrueKey\MCAFEE~3.EXE 0xA8 0x96 0xBB 0xFE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe 0xB0 0x34 0x6D 0x1E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x1A 0xD1 0x3D 0xC7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe 0xAA 0xD2 0x4F 0x47 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\TrueKey\MC3D2D~1.EXE 0x04 0x16 0x27 0x89 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0xA7 0xE4 0x8E 0xAD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\Downloads\FacebookGamesArcadeSetup.exe 0xB6 0xF7 0xD9 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\Downloads\FRST.exe 0xAF 0x1C 0x60 0xDB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D4A5F97A 1900 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{24E0C56C-7FC6-11E1-B7C5-806E6F6E6963} 41524370608 ---- EOF - GMER 2.2 ----