Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I ran a few malware programs and files mysteriously appeared


  • This topic is locked This topic is locked
50 replies to this topic

#1 zxmeiji

zxmeiji

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 15 November 2012 - 07:41 PM

I ran combofix and definitely don't have the training for it. I've read up on it a little bit, but when I ran it it completed 50 stages then started deleting files. After the files it moved to deleting folders and stalled for about 10 hours until I exited out of the program and turned off the laptop. I turned off Avast! for this, but didn't turn off emulators through fogger. Then today I ran OTL, TDSSKiller, JRT (java registry tool or something I think), GMER, DDS, and malwarebytes. After I ran malwarebytes I had to restart as it found a small program that came with an album I downloaded. I think it was the mediafire download client or something. When I restarted my computer went into a disk check. When my computer loaded it showed a whole bunch of hidden files on my desktop, in C: and in D:. Any clue as to what caused this? Needless to say I stuck my head into some business I clearly should not have. Any advice though? Sorry for causing problems, but I'm excited to fix them at least =P

Edit: here are some logs:

(There is no combofix log as I had to terminate the program early.)

OTL:
OTL logfile created on: 11/15/2012 6:51:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\My Account!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.57% Memory free
3.85 Gb Paging File | 1.95 Gb Available in Paging File | 50.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.69 Gb Total Space | 7.07 Gb Free Space | 13.17% Space Free | Partition Type: FAT32
Drive D: | 54.18 Gb Total Space | 5.21 Gb Free Space | 9.62% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/15 18:40:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\My Account!\My Documents\Downloads\mxn6u13c.exe
PRC - [2012/11/15 16:29:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\My Account!\Desktop\OTL.exe
PRC - [2012/10/31 17:15:10 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/10/08 17:58:50 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:26 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 20:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/09 11:54:26 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 17:26:24 | 001,834,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12111501\algo.dll
MOD - [2008/04/13 20:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
MOD - [2008/04/13 20:12:08 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll
MOD - [2005/11/28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll


========== Services (All) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\MYACCO~1\LOCALS~1\Temp\2.tmp srv -- (NetDDEdsdmRemoteAccess)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/10/08 17:58:50 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/08 16:04:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/21 05:12:26 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/06 09:58:52 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2012/06/13 18:25:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/06 15:34:22 | 000,135,664 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2011/12/06 15:34:22 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2010/08/27 01:57:44 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/07/27 19:17:42 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 19:17:42 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 19:17:42 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/10 02:14:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 07:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 07:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 12:02:48 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2008/04/13 20:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/13 20:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 20:12:36 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 20:12:34 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 20:12:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:28 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 20:12:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 20:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:22 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\fxssvc.exe -- (Fax)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 20:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 20:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 20:12:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 20:12:12 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 20:12:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 20:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/13 20:12:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:08 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 20:12:08 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 20:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:12:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:12:06 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 20:12:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 20:12:04 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 20:12:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 20:12:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 20:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 20:12:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 20:11:58 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 20:11:56 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:11:54 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:11:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 20:11:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:11:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\MsPMSNSv.dll -- (WmdmPmSN)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/05/03 21:44:04 | 000,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/17 15:26:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/04 05:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tifm21.sys -- (tifm21)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MYACCO~1\Desktop\AIRCRA~1.9-W\AIRCRA~1.9-W\bin\PEEK5.SYS -- (PEEK5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MYACCO~1\LOCALS~1\Temp\fgldapow.sys -- (fgldapow)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MYACCO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPCA561.SYS -- (CA561)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2012/08/21 05:13:16 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:16 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:16 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 05:13:14 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:14 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/04 10:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/02/25 22:30:46 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2011/07/15 09:29:32 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 10:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 09:37:44 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 09:18:04 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/12/03 04:05:36 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/07/12 13:36:10 | 000,045,648 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/10 16:24:36 | 000,029,184 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV - [2009/06/24 07:18:42 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/04/13 15:19:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:36 | 000,088,192 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\irda.sys -- (irda)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:53:24 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (BridgeMP)
DRV - [2008/04/13 14:53:24 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (Bridge)
DRV - [2008/04/13 14:51:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 14:46:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 14:46:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2008/04/13 14:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/13 14:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 14:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,043,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2008/04/13 14:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (Serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:40 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/13 14:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/04/13 14:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 14:36:38 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/04/13 14:36:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 14:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/04/13 14:36:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:33:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 12:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 12:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/11 13:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/13 05:25:54 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/10/05 21:21:00 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2006/09/30 06:30:42 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2006/05/03 21:50:54 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/19 18:06:24 | 000,014,464 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2006/04/05 23:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/03 00:50:58 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/02 00:11:00 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/27 20:24:30 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/10/27 20:24:30 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/27 20:24:28 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/10/05 00:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/17 01:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 05:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2004/08/04 05:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2004/08/04 05:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2004/08/04 05:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2004/08/04 05:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2004/08/04 05:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2004/08/04 05:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2004/08/04 05:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2004/08/04 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2004/08/04 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2004/08/04 05:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2004/08/04 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 05:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 05:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2004/08/04 05:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 05:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2004/08/04 05:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 05:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 05:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2003/10/07 11:05:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda)
DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=994519&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\SearchScopes,DefaultScope = {59F2B034-BD48-4D48-919E-874774D2C4D4}
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\SearchScopes\{59F2B034-BD48-4D48-919E-874774D2C4D4}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=994519_yhs3tst&p={searchTerms}
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\SearchScopes\{7C670D64-C54F-48C7-9B82-39CE6CDB1C93}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ie&Keywords={searchTerms}&clid=5615011aca7041a4bb3e98db27fd1107
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={67AC1DAE-EDD4-4632-B6B3-A300FB391568}&mid=229d61573f813f89b6633fefc3af9966-8480f012e3ae0470fd6c933f6102607d688183d2&lang=us&ds=AVG&pr=fr&d=2011-12-11 08:45:11&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-7400168-631342538-2269455221-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-7400168-631342538-2269455221-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/28 11:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/07 17:44:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/28 11:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/29 21:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/09/30 08:48:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/09/30 08:48:22 | 000,000,000 | ---D | M]

[2011/12/06 15:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/26 18:46:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/13 18:25:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/04/27 15:10:50 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2012/01/25 19:58:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/17 12:36:24 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/10 17:09:14 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/13 18:25:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/13 18:25:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-7400168-631342538-2269455221-500\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-7400168-631342538-2269455221-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O15 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..Trusted Domains: eroticagateway.com ([wow] https in Trusted sites)
O15 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..Trusted Domains: freeproxyserver.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-7400168-631342538-2269455221-1005\..Trusted Domains: verifytodate.com ([www] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348963116390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90877AE7-FC06-45F6-B99C-C78BD7CB6015}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/07 11:05:34 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {622520C2-535E-2C25-8914-E677CDFB4172} - Security Update for Windows XP (KB913433)
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {762E0B0D-C5DB-DBF5-D83C-351F006A8C6C} - Browser Customizations
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 18:43:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/11/15 18:39:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/15 16:31:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/15 16:31:15 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/15 16:20:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/15 13:38:37 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/11/15 00:33:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/15 00:32:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/15 00:32:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/15 00:32:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/15 00:32:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/15 00:32:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/15 00:29:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/15 00:29:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/13 21:46:22 | 000,278,528 | ---- | C] (HP) -- C:\WINDOWS\System32\hpdj
[2012/11/09 01:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GameFly
[2012/11/09 01:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\GameFly
[2012/11/09 01:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/10/28 18:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/10/27 18:57:05 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2012/10/27 18:57:05 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2012/10/27 18:57:00 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2012/10/27 18:57:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2012/10/27 18:56:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2012/10/27 18:56:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/10/27 18:45:41 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/10/27 18:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2012/10/27 17:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012/10/27 17:10:07 | 000,039,036 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2012/10/27 17:10:07 | 000,038,144 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2012/10/27 17:10:07 | 000,021,344 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2012/10/27 17:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2012/10/27 12:42:18 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2008/02/01 15:34:26 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/15 18:50:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/15 18:44:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/15 18:42:32 | 000,443,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/15 18:42:32 | 000,072,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/15 18:35:16 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/11/15 18:28:24 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/15 18:27:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 18:27:36 | 2145,505,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/15 16:38:32 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 00:33:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/13 21:46:48 | 000,928,947 | ---- | M] () -- C:\WINDOWS\hpdj5600.his
[2012/11/13 21:46:48 | 000,011,165 | ---- | M] () -- C:\WINDOWS\hpdj5600.ini
[2012/11/09 11:57:36 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/11/07 22:52:54 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/04 10:50:46 | 002,232,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/27 18:57:10 | 000,001,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\League of Legends.lnk
[2012/10/26 21:27:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/22 03:37:32 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 03:37:32 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/15 00:33:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/15 00:33:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/15 00:32:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/15 00:32:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/15 00:32:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/15 00:32:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/15 00:32:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/13 21:02:18 | 000,928,947 | ---- | C] () -- C:\WINDOWS\hpdj5600.his
[2012/11/13 21:02:18 | 000,011,165 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2012/10/27 18:57:08 | 000,001,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\League of Legends.lnk
[2012/09/30 18:37:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/27 21:03:57 | 002,232,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/05 23:12:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/20 00:21:03 | 259,621,682 | ---- | C] () -- C:\Program Files\Publisher XP.zip

========== ZeroAccess Check ==========

[2005/08/17 00:26:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %windir%\system32\drivers\*.sys /lockedfiles >

< End of report >

more in following post!

Edited by zxmeiji, 15 November 2012 - 07:52 PM.


BC AdBot (Login to Remove)

 


#2 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 15 November 2012 - 07:54 PM

GMER report:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-15 19:27:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P
Running: mxn6u13c.exe; Driver: C:\DOCUME~1\MYACCO~1\LOCALS~1\Temp\fgldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB0EA5708]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB0EA611C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB0EE7401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB0EB0F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB0EB0F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB0EB10F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB0EE6DB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB0EB0E96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB0EB0FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB0EB0EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB0EA6310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB0EB10B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB0EA6A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB0EA5756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB0EE7AC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB0EE7D7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB0EAA0E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB0EE7932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB0EE779D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB0EA53BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB0EA57A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB0EAA456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB0EA7464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB0EB0F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB0EB0F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB0EB111A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB0EE7111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB0EB0EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB0EA9C5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB0EB103A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB0EB0F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB0EA9E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB0EB10D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB0EE7618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB0EA7330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB0EE746A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB0EA6EDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB0F8430E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB0EE6428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB0EA57F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB0EA5840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB0EA691C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB0EA5448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB0EA55F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB0EE7BCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB0EA559E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB0EA6BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB0EA6D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB0EA5668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB0EA6632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB0EA6794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB0EA588E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB0EA6160]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB0F90966]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CB0 805045A8 8 Bytes JMP EB10B0B0
.text ntkrnlpa.exe!ZwCallbackReturn + 2D98 80504690 8 Bytes JMP EA7464B0
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes JMP EA5840B0
.text ntkrnlpa.exe!ZwCallbackReturn + 2F9C 80504894 8 Bytes JMP EA55F8B0
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes JMP EA6D5AB0
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B0EA7AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B0F8D806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B0F8F320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B0F9096A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? tmkrmbo.sys The system cannot find the file specified. !
.text win32k.sys!HT_ComputeRGBGammaTable BF800419 1 Byte [08]
.text win32k.sys!HT_ComputeRGBGammaTable BF80041E 1 Byte [2E]
.text win32k.sys!HT_ComputeRGBGammaTable BF80043E 1 Byte [FF]
.text win32k.sys!HT_ComputeRGBGammaTable BF800443 1 Byte [6E]
.text win32k.sys!HT_ComputeRGBGammaTable BF800458 1 Byte [2E]
.text ...
.text win32k.sys!EngReleaseSemaphore + 8 BF8061E2 1 Byte [12]
.text win32k.sys!EngReleaseSemaphore + F BF8061E9 1 Byte [18]
.text win32k.sys!EngAcquireSemaphore + 10 BF806214 1 Byte [12]
.text win32k.sys!EngAcquireSemaphore + 17 BF80621B 1 Byte [18]
.text win32k.sys!EngAcquireSemaphore + 9D BF8062A1 1 Byte [B1]
.text win32k.sys!EngAcquireSemaphore + C8 BF8062CC 1 Byte [E9]
.text win32k.sys!EngAcquireSemaphore + E3 BF8062E7 1 Byte [B4]
.text ...
.text win32k.sys!EngFreeUserMem + 16 BF8092BF 1 Byte [12]
.text win32k.sys!EngFreeUserMem + 1D BF8092C6 1 Byte [12]
.text win32k.sys!EngFreeUserMem + 30 BF8092D9 1 Byte [D2]
.text win32k.sys!EngFreeUserMem + 3F BF8092E8 1 Byte [17]
.text win32k.sys!EngFreeUserMem + 52 BF8092FB 1 Byte [17]
.text ...
.text win32k.sys!EngDeleteSurface + 23 BF8138EF 1 Byte [59]
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B0EAB918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 82 BF81394E 1 Byte [25]
.text win32k.sys!EngDeleteSurface + C3 BF81398F 1 Byte [B4]
.text win32k.sys!EngDeleteSurface + D3 BF81399F 1 Byte [B4]
.text ...
.text win32k.sys!EngNineGrid + 34 BF816E60 7 Bytes [DC, 89, 4D, E0, 89, 4D, FC] {FMUL QWORD [ECX+0x4d89e04d]; CLD }
.text win32k.sys!EngNineGrid + 3C BF816E68 6 Bytes [4D, F8, 8B, 48, 0C, 57] {DEC EBP; CLC ; MOV ECX, [EAX+0xc]; PUSH EDI}
.text win32k.sys!EngNineGrid + 43 BF816E6F 2 Bytes [4D, F4] {DEC EBP; HLT }
.text win32k.sys!EngNineGrid + 46 BF816E72 2 Bytes [48, 08]
.text win32k.sys!EngNineGrid + 49 BF816E75 19 Bytes [40, 04, 89, 45, EC, 8D, 45, ...] {INC EAX; ADD AL, 0x89; INC EBP; IN AL, DX ; LEA EAX, [EBP-0x30]; PUSH EAX; MOV [EBP-0x28], EDX; MOV EDX, [EBP+0x20]; MOV EDI, [EDX+0x14]; PUSH EDX}
.text ...
.text win32k.sys!EngTransparentBlt + 2 BF819019 7 Bytes [FF, 8D, 71, 04, E9, 3F, 01]
.text win32k.sys!EngTransparentBlt + B BF819022 8 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text win32k.sys!EngTransparentBlt + 14 BF81902B 15 Bytes [EC, 81, EC, 0C, 02, 00, 00, ...] {IN AL, DX ; SUB ESP, 0x20c; MOV ECX, [EBP+0x1c]; PUSH EBX; MOV EBX, [EBP+0x8]; PUSH ESI}
.text win32k.sys!EngTransparentBlt + 24 BF81903B 75 Bytes [75, 18, 33, C0, 66, 39, 43, ...]
.text win32k.sys!EngTransparentBlt + 71 BF819088 17 Bytes CALL BF805388 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngCreateDeviceBitmap + 12 BF819532 8 Bytes [55, 8B, EC, 68, EF, BE, AD, ...] {PUSH EBP; MOV EBP, ESP; PUSH 0xdeadbeef}
.text win32k.sys!EngCreateDeviceBitmap + 1B BF81953B 8 Bytes [00, FF, 75, 14, 6A, 00, FF, ...]
.text win32k.sys!EngCreateDeviceBitmap + 24 BF819544 11 Bytes [FF, 75, 0C, FF, 75, 08, 6A, ...]
.text win32k.sys!EngCreateDeviceBitmap + 30 BF819550 10 Bytes [FF, 5D, C2, 10, 00, 90, 90, ...] {CALL FAR DWORD [EBP-0x3e]; ADC [EAX], AL; NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!EngCreateDeviceBitmap + 3B BF81955B 2 Bytes [FF, 55]
.text ...
.text win32k.sys!EngAssociateSurface + 75 BF81965D 28 Bytes [03, 00, 00, 50, 89, 48, 0C, ...]
.text win32k.sys!EngAssociateSurface + 92 BF81967A 214 Bytes [45, 10, 09, 46, 48, 33, FF, ...]
.text win32k.sys!EngQueryPerformanceCounter + 34 BF819752 2 Bytes [40, C3] {INC EAX; RET }
.text win32k.sys!EngQueryPerformanceCounter + 3B BF819759 30 Bytes [8B, 65, E8, 33, F6, EB, 72, ...]
.text win32k.sys!EngQueryPerformanceCounter + 5A BF819778 93 Bytes CALL BF8197E0 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngQueryPerformanceCounter + B8 BF8197D6 5 Bytes [EB, C8, 33, F6, 89]
.text win32k.sys!EngQueryPerformanceCounter + BE BF8197DC 23 Bytes [E0, EB, F3, 90, 90, 90, 90, ...]
.text ...
.text win32k.sys!BRUSHOBJ_pvGetRbrush + 11 BF81B2B1 2 Bytes [FF, 55]
.text win32k.sys!BRUSHOBJ_pvGetRbrush + 14 BF81B2B4 2 Bytes [EC, 56] {IN AL, DX ; PUSH ESI}
.text win32k.sys!BRUSHOBJ_pvGetRbrush + 17 BF81B2B7 65 Bytes [75, 08, 8B, 46, 04, 85, C0, ...]
.text win32k.sys!BRUSHOBJ_pvGetRbrush + 59 BF81B2F9 83 Bytes [33, C0, EB, F3, 83, C0, F0, ...]
.text win32k.sys!BRUSHOBJ_pvGetRbrush + AD BF81B34D 6 Bytes [1F, 40, 8B, 45, 08, 8B]
.text ...
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 2 BF81B39A 88 Bytes JMP EB047089
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 5B BF81B3F3 8 Bytes [00, 03, 41, 4C, 89, 81, 14, ...]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 64 BF81B3FC 13 Bytes [00, 8B, 81, D4, 03, 00, 00, ...]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 72 BF81B40A 29 Bytes [00, 00, C3, 90, 90, 90, 90, ...]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 90 BF81B428 33 Bytes CALL BF805EDD \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngSetLastError + 56 BF81C789 8 Bytes [EC, 83, EC, 0C, 8B, 55, 08, ...] {IN AL, DX ; SUB ESP, 0xc; MOV EDX, [EBP+0x8]; PUSH ESI}
.text win32k.sys!EngSetLastError + 5F BF81C792 146 Bytes [35, F8, FB, 9A, BF, 57, 8B, ...]
.text win32k.sys!EngSetLastError + F2 BF81C825 15 Bytes [C6, 5E, 5D, C2, 04, 00, 33, ...]
.text win32k.sys!EngSetLastError + 102 BF81C835 30 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text win32k.sys!EngSetLastError + 121 BF81C854 2 Bytes [33, C0] {XOR EAX, EAX}
.text ...
.text win32k.sys!EngLpkInstalled + 2B BF8252B5 4 Bytes [EC, 8B, 81, C4]
.text win32k.sys!EngLpkInstalled + 30 BF8252BA 5 Bytes [00, 00, 8B, 91, B0]
.text win32k.sys!EngLpkInstalled + 36 BF8252C0 7 Bytes [00, 00, 89, 10, 8B, 91, B4]
.text win32k.sys!EngLpkInstalled + 3E BF8252C8 6 Bytes [00, 00, 8B, 81, C8, 00]
.text win32k.sys!EngLpkInstalled + 46 BF8252D0 60 Bytes [89, 10, 8B, 91, B8, 00, 00, ...]
.text ...
.text win32k.sys!EngBitBlt + 6C BF826AA0 28 Bytes [00, 3B, C1, 76, 32, 3D, CC, ...]
.text win32k.sys!EngBitBlt + 89 BF826ABD 9 Bytes [8B, 0B, 83, F9, FF, 0F, 84, ...]
.text win32k.sys!EngBitBlt + 93 BF826AC7 14 Bytes [00, A8, 01, 0F, 84, FF, 02, ...]
.text win32k.sys!EngBitBlt + A2 BF826AD6 25 Bytes [00, 74, 4D, 85, C0, 0F, 84, ...]
.text win32k.sys!EngBitBlt + BD BF826AF1 5 Bytes [0F, 84, E1, FE, FF]
.text ...
.text win32k.sys!EngPaint + 4 BF82757B 20 Bytes [09, 89, 01, 5D, C2, 04, 00, ...]
.text win32k.sys!EngPaint + 19 BF827590 369 Bytes JMP CF63F89D
.text win32k.sys!EngPaint + 18B BF827702 13 Bytes [43, 50, 8B, 56, 10, 8B, D8, ...] {INC EBX; PUSH EAX; MOV EDX, [ESI+0x10]; MOV EBX, EAX; SUB EBX, [ESI+0x18]; MOV [ESI+0x10], EBX}
.text win32k.sys!EngPaint + 19B BF827712 8 Bytes [DA, 85, FF, 89, 5E, 18, 7E, ...] {FIADD DWORD [EBP+0x185e89ff]; JLE 0x23}
.text win32k.sys!EngPaint + 1A4 BF82771B 1 Byte [7D]
.text ...
.text win32k.sys!EngCreateBitmap + 12 BF827ABB 22 Bytes [55, 8B, EC, FF, 75, 1C, FF, ...]
.text win32k.sys!EngCreateBitmap + 29 BF827AD2 63 Bytes CALL BF814208 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCreateBitmap + 69 BF827B12 2 Bytes [FF, 55]
.text win32k.sys!EngCreateBitmap + 6C BF827B15 130 Bytes [EC, 56, 8B, 75, 14, 85, F6, ...]
.text win32k.sys!EngCreateBitmap + EF BF827B98 26 Bytes [46, 2C, 8B, 88, 7C, 01, 00, ...]
.text ...
.text win32k.sys!EngMapFontFileFD + 32 BF82E657 23 Bytes [EC, 8B, 45, 08, 85, C0, 74, ...]
.text win32k.sys!EngMapFontFileFD + 4A BF82E66F 26 Bytes [FF, FF, FF, 5D, C2, 04, 00, ...]
.text win32k.sys!EngMapFontFileFD + 66 BF82E68B 31 Bytes [8B, 46, 14, 3B, C7, 0F, 84, ...]
.text win32k.sys!EngMapFontFileFD + 86 BF82E6AB 4 Bytes [35, E4, DF, 9A]
.text win32k.sys!EngMapFontFileFD + 8B BF82E6B0 82 Bytes [89, 7D, F4, 50, 89, 7D, F8, ...]
.text ...
.text win32k.sys!EngUnmapFontFileFD + 4D BF82E88D 26 Bytes [C2, 04, 00, 8D, 45, E0, 50, ...]
.text win32k.sys!EngUnmapFontFileFD + 68 BF82E8A8 23 Bytes [25, 03, 00, 00, 8B, 40, 4C, ...]
.text win32k.sys!EngUnmapFontFileFD + 81 BF82E8C1 2 Bytes [0C, 03] {OR AL, 0x3}
.text win32k.sys!EngUnmapFontFileFD + 85 BF82E8C5 30 Bytes CALL BF8495BE \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngUnmapFontFileFD + A4 BF82E8E4 71 Bytes [4D, 0C, 85, C9, 0F, 84, A5, ...]
.text ...
.text win32k.sys!EngAllocMem + 27 BF83A710 195 Bytes [00, 00, 71, 02, 73, C0, F6, ...]
.text win32k.sys!EngFreeMem + 94 BF83A7D4 15 Bytes [FF, 75, 20, FF, 75, 1C, FF, ...] {PUSH DWORD [EBP+0x20]; PUSH DWORD [EBP+0x1c]; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]}
.text win32k.sys!EngFreeMem + A4 BF83A7E4 21 Bytes [75, 0C, FF, 75, 08, FF, D6, ...]
.text win32k.sys!EngFreeMem + BA BF83A7FA 57 Bytes [C7, 5F, 5E, C9, C2, 1C, 00, ...]
.text win32k.sys!EngFreeMem + F4 BF83A834 50 Bytes [C2, C3, 90, 90, 90, 90, 90, ...]
.text win32k.sys!EngFreeMem + 127 BF83A867 41 Bytes CALL BF802AAB \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!XFORMOBJ_iGetXform + 16 BF845470 9 Bytes [89, 04, 99, 8B, 56, 0C, 8B, ...] {MOV [ECX+EBX*4], EAX; MOV EDX, [ESI+0xc]; MOV EAX, [ESI+0x4]}
.text win32k.sys!XFORMOBJ_iGetXform + 20 BF84547A 32 Bytes [0C, 9A, 89, 0C, 98, E9, D6, ...]
.text win32k.sys!XFORMOBJ_iGetXform + 41 BF84549B 123 Bytes [00, 00, 00, 84, C0, 0F, 84, ...]
.text win32k.sys!FONTOBJ_pxoGetXform + 7C BF845518 4 Bytes JMP BF8457B5 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_pxoGetXform + 81 BF84551D 51 Bytes [00, B8, 20, 00, 00, 00, 2B, ...]
.text win32k.sys!FONTOBJ_pxoGetXform + B5 BF845551 48 Bytes JMP BF8455FD \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_pxoGetXform + E6 BF845582 236 Bytes JMP BF845631 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_pxoGetXform + 1D3 BF84566F 24 Bytes [8B, 3D, 7C, DF, 9A, BF, 8B, ...]
.text ...
.text win32k.sys!EngMulDiv + F BF85250A 48 Bytes [DE, 8B, 4D, 10, 85, C9, 74, ...]
.text win32k.sys!EngMulDiv + 40 BF85253B 55 Bytes [FF, 7F, 5B, 77, 90, 3B, C1, ...]
.text win32k.sys!EngMulDiv + 78 BF852573 47 Bytes [5D, C2, 08, 00, 68, A7, 05, ...]
.text win32k.sys!EngMulDiv + A8 BF8525A3 20 Bytes [45, 0C, 53, 56, 8B, 75, 08, ...]
.text win32k.sys!EngMulDiv + BE BF8525B9 1 Byte [0C]
.text ...
.text win32k.sys!XLATEOBJ_iXlate + 1 BF85AD84 8 Bytes [46, 04, A8, 01, 75, A8, A8, ...] {INC ESI; ADD AL, 0xa8; ADD [EBP-0x58], ESI; TEST AL, 0x2}
.text win32k.sys!XLATEOBJ_iXlate + A BF85AD8D 72 Bytes [A9, A8, 04, 74, 12, 8B, 4D, ...]
.text win32k.sys!XLATEOBJ_iXlate + 53 BF85ADD6 198 Bytes [85, C0, 74, 90, FF, 75, 0C, ...]
.text win32k.sys!XLATEOBJ_iXlate + 11A BF85AE9D 85 Bytes [0E, 8B, 46, 2C, 8B, 56, 04, ...]
.text win32k.sys!XLATEOBJ_iXlate + 170 BF85AEF3 21 Bytes [45, 08, F6, 45, 08, 07, 74, ...]
.text ...
.text win32k.sys!EngCreatePalette + 52 BF85F5CA 26 Bytes CALL BF827ED9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCreatePalette + 6D BF85F5E5 3 Bytes CALL BF8037D2 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCreatePalette + 71 BF85F5E9 99 Bytes [EB, 3E, 90, 90, 90, 90, 90, ...]
.text win32k.sys!EngCreatePalette + D5 BF85F64D 5 Bytes [6A, 20, E9, 58, 01]
.text win32k.sys!EngCreatePalette + DB BF85F653 21 Bytes JMP BF85F7A9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngDeviceIoControl + 13 BF864FA5 53 Bytes [AF, 33, C0, 5D, C2, 1C, 00, ...]
.text win32k.sys!EngDeviceIoControl + 49 BF864FDB 215 Bytes [90, 8B, FF, 55, 8B, EC, 56, ...]
.text win32k.sys!EngDeviceIoControl + 122 BF8650B4 10 Bytes [FF, 15, 74, 13, 99, BF, 68, ...]
.text win32k.sys!EngDeviceIoControl + 12D BF8650BF 31 Bytes [68, 40, F7, 99, BF, FF, 15, ...]
.text win32k.sys!EngDeviceIoControl + 14E BF8650E0 1 Byte [F7]
.text ...
.text win32k.sys!EngUnicodeToMultiByteN + 48 BF865462 67 Bytes [8B, 45, FC, 8B, 48, 08, 03, ...]
.text win32k.sys!EngUnicodeToMultiByteN + 8C BF8654A6 63 Bytes [97, FA, FF, 59, 8D, 04, 46, ...]
.text win32k.sys!EngUnicodeToMultiByteN + CC BF8654E6 74 Bytes [D7, FF, 35, 90, 47, 9A, BF, ...]
.text win32k.sys!EngUnicodeToMultiByteN + 117 BF865531 30 Bytes [13, 99, BF, 75, 8C, 68, F8, ...]
.text win32k.sys!EngUnicodeToMultiByteN + 136 BF865550 131 Bytes [8D, 45, EC, 50, C7, 45, B0, ...]
.text ...
.text win32k.sys!EngCreateDeviceSurface + 2 BF86BEA5 58 Bytes [75, 10, FF, 75, 0C, FF, 75, ...]
.text win32k.sys!EngCreateDeviceSurface + 3D BF86BEE0 2 Bytes [75, 08] {JNZ 0xa}
.text win32k.sys!EngCreateDeviceSurface + 41 BF86BEE4 69 Bytes [40, 5F, C9, C2, 04, 00, 8B, ...]
.text win32k.sys!EngCreateDeviceSurface + 88 BF86BF2B 1 Byte [40]
.text win32k.sys!EngCreateDeviceSurface + 8B BF86BF2E 102 Bytes [4C, 8B, 49, 4C, 8B, 51, 08, ...]
.text ...
.text win32k.sys!EngGetCurrentCodePage BF86FBDD 11 Bytes [90, 90, 90, 90, 8B, 65, E8, ...]
.text win32k.sys!EngGetCurrentCodePage + C BF86FBE9 25 Bytes [FF, 00, 83, 4D, FC, FF, 8B, ...]
.text win32k.sys!EngGetCurrentCodePage + 26 BF86FC03 3 Bytes CALL BF81C744 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetCurrentCodePage + 2A BF86FC07 21 Bytes JMP BF86FE02 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetCurrentCodePage + 40 BF86FC1D 30 Bytes JMP BF86FE02 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngFntCacheLookUp + 2B BF87D63B 110 Bytes [01, 00, 00, 8B, 0C, 91, 8B, ...]
.text win32k.sys!EngFntCacheLookUp + 9A BF87D6AA 31 Bytes [48, 08, 8B, 00, 6B, C9, 1C, ...]
.text win32k.sys!EngFntCacheLookUp + BA BF87D6CA 49 Bytes [89, 7E, 0C, A1, B4, A2, 9A, ...]
.text win32k.sys!EngFntCacheLookUp + EC BF87D6FC 38 Bytes [00, 00, 8B, 75, FC, 3B, F7, ...]
.text win32k.sys!EngFntCacheLookUp + 113 BF87D723 58 Bytes [6A, 3D, 33, D2, 59, 8B, C7, ...]
.text ...
.text win32k.sys!EngFntCacheAlloc + 65 BF87DB11 24 Bytes [71, 04, 81, FE, AF, 07, 98, ...]
.text win32k.sys!EngFntCacheAlloc + 7E BF87DB2A 52 Bytes JMP BF87DA05 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngFntCacheAlloc + B3 BF87DB5F 85 Bytes [FF, 55, 8B, EC, 57, 8B, 7D, ...]
.text win32k.sys!EngFntCacheAlloc + 109 BF87DBB5 110 Bytes [39, 45, 0C, 1B, C0, 40, 5E, ...]
.text win32k.sys!EngFntCacheAlloc + 178 BF87DC24 78 Bytes [4D, 0C, 56, 8B, 75, 08, 8A, ...]
.text ...
.text win32k.sys!EngWideCharToMultiByte + 65 BF87F1D7 37 Bytes [08, 53, 56, 83, C0, 24, 8B, ...]
.text win32k.sys!EngWideCharToMultiByte + 8B BF87F1FD 23 Bytes CALL BF83A6F9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngWideCharToMultiByte + A3 BF87F215 9 Bytes [8B, CE, 8B, D1, C1, E9, 02, ...] {MOV ECX, ESI; MOV EDX, ECX; SHR ECX, 0x2; REP STOSD }
.text win32k.sys!EngWideCharToMultiByte + AD BF87F21F 14 Bytes [CA, 8B, 55, 08, 83, E1, 03, ...] {RETF 0x558b; OR [EBX-0x550cfc1f], AL; MOV EDI, [EBP-0x1c]; MOV [EDI], ESI}
.text win32k.sys!EngWideCharToMultiByte + BC BF87F22E 8 Bytes [43, 08, 89, 47, 04, C7, 47, ...]
.text ...
.text win32k.sys!EngMultiByteToUnicodeN + 24 BF8811A2 17 Bytes [00, 00, 6A, FB, 6A, 01, E8, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 36 BF8811B4 46 Bytes [00, 00, FF, 75, FC, 57, 6A, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 65 BF8811E3 21 Bytes [8D, 4D, 0C, 51, 6A, 01, 6A, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 7B BF8811F9 8 Bytes [85, C0, 75, 10, 68, 8B, 05, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 84 BF881202 127 Bytes CALL BF8037D1 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngFindImageProcAddress + 1 BF884C0E 2 Bytes [4E, 08]
.text win32k.sys!EngFindImageProcAddress + 4 BF884C11 50 Bytes [40, 1C, 83, 65, 08, 00, 03, ...]
.text win32k.sys!EngFindImageProcAddress + 37 BF884C44 56 Bytes CALL BF884C6D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngFindImageProcAddress + 70 BF884C7D 36 Bytes [75, 36, 84, C9, 74, 12, 8A, ...]
.text win32k.sys!EngFindImageProcAddress + 95 BF884CA2 41 Bytes [37, 0F, 83, E1, FE, FF, FF, ...]
.text ...
.text win32k.sys!EngLoadImage + 27 BF884DAA 32 Bytes [5D, C2, 04, 00, 33, F6, E9, ...]
.text win32k.sys!EngLoadImage + 48 BF884DCB 19 Bytes JMP BF885D54 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngLoadImage + 5C BF884DDF 9 Bytes JMP BF885DD2 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngLoadImage + 68 BF884DEB 5 Bytes [90, 90, 8B, FF, 55] {NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text win32k.sys!EngLoadImage + 6E BF884DF1 25 Bytes [EC, FF, 75, 08, 8D, 4D, 08, ...]
.text ...
.text win32k.sys!EngQueryPerformanceFrequency + 11 BF886C4D 2 Bytes JMP BF88786D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngQueryPerformanceFrequency + 15 BF886C51 91 Bytes [8B, 76, 40, 85, F6, 89, 75, ...]
.text win32k.sys!EngQueryPerformanceFrequency + 71 BF886CAD 19 Bytes [00, 8B, 48, 40, 89, 0D, 80, ...]
.text win32k.sys!EngQueryPerformanceFrequency + 85 BF886CC1 43 Bytes [00, 00, 89, 0D, 7C, A2, 9A, ...]
.text win32k.sys!EngQueryPerformanceFrequency + B1 BF886CED 2 Bytes [84, D1] {TEST CL, DL}
.text ...
.text win32k.sys!EngCreateEvent + 8 BF888CEC 29 Bytes [8D, 45, F4, 50, 6A, 01, FF, ...]
.text win32k.sys!EngCreateEvent + 26 BF888D0A 147 Bytes [00, 48, 75, 1F, 6A, 00, 6A, ...]
.text win32k.sys!EngQuerySystemAttribute + 76 BF888D9E 28 Bytes [75, 10, 8B, 7D, 0C, 8B, 5D, ...]
.text win32k.sys!EngQuerySystemAttribute + 93 BF888DBB 84 Bytes JMP BF8894AD \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngQuerySystemAttribute + E8 BF888E10 236 Bytes [00, 90, 90, 90, 90, 90, 8B, ...]
.text win32k.sys!EngQuerySystemAttribute + 1D5 BF888EFD 76 Bytes [53, 57, 56, 8D, 8D, 7C, FF, ...]
.text win32k.sys!EngQuerySystemAttribute + 222 BF888F4A 23 Bytes [8D, 7D, 88, F3, AB, 8B, 45, ...]
.text ...
.text win32k.sys!EngFindResource + 29 BF88AFB8 222 Bytes [85, C0, 0F, 8C, C2, F8, FF, ...]
.text win32k.sys!EngFindResource + 108 BF88B097 14 Bytes [00, 85, C0, 0F, 84, 8B, F7, ...]
.text win32k.sys!EngFindResource + 118 BF88B0A7 35 Bytes CALL BF88B1EF \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngFindResource + 13C BF88B0CB 8 Bytes [00, 00, 85, C0, 0F, 84, 56, ...]
.text win32k.sys!EngFindResource + 146 BF88B0D5 30 Bytes [6A, 40, 56, 68, 84, 02, 00, ...]
.text ...
.text win32k.sys!EngLoadModule + 8 BF88B8A4 166 Bytes [59, 8D, 7C, 00, 09, 53, 8D, ...]
.text win32k.sys!EngLoadModule + B1 BF88B94D 24 Bytes CALL BF802A22 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngLoadModule + CA BF88B966 130 Bytes [EC, 8B, 0D, C4, B6, 9A, BF, ...]
.text win32k.sys!EngLoadModule + 14D BF88B9E9 11 Bytes [4E, F8, 57, 8B, 7E, F8, 75, ...] {DEC ESI; CLC ; PUSH EDI; MOV EDI, [ESI-0x8]; JNZ 0x13; MOV EAX, [ESI-0x10]}
.text win32k.sys!EngLoadModule + 159 BF88B9F5 108 Bytes [4E, F4, 89, 01, 89, 48, 04, ...]
.text win32k.sys!EngFreeModule + 48 BF88BA62 59 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngFreeModule + 84 BF88BA9E 113 Bytes [6A, 09, 68, 60, 02, 00, 00, ...]
.text win32k.sys!EngFreeModule + F6 BF88BB10 7 Bytes [86, 4C, 02, 00, 00, 8B, CB]
.text win32k.sys!EngFreeModule + FE BF88BB18 32 Bytes [83, 5C, 02, 00, 00, E8, F0, ...]
.text win32k.sys!EngFreeModule + 11F BF88BB39 227 Bytes [4D, 0C, 56, 8B, 75, 08, 57, ...]
.text ...
.text win32k.sys!EngGetLastError + 3 BF88F83C 114 Bytes [FF, 15, 54, 16, 99, BF, 3B, ...]
.text win32k.sys!EngGetLastError + 76 BF88F8AF 37 Bytes [73, 7C, 89, 70, 0C, 8B, 73, ...]
.text win32k.sys!EngGetLastError + 9C BF88F8D5 3 Bytes [BC, 8B, 7D]
.text win32k.sys!EngGetLastError + A0 BF88F8D9 7 Bytes [8B, CF, 2B, CB, 89, 4B, 14] {MOV ECX, EDI; SUB ECX, EBX; MOV [EBX+0x14], ECX}
.text win32k.sys!EngGetLastError + A8 BF88F8E1 5 Bytes [70, 04, 8B, 4D, F4] {JO 0x6; MOV ECX, [EBP-0xc]}
.text ...
.text win32k.sys!EngGradientFill + 12 BF891D0D 40 Bytes [7D, C8, A5, A5, A5, A5, 74, ...]
.text win32k.sys!EngGradientFill + 3B BF891D36 53 Bytes [FF, 75, FC, 50, 8D, 45, C8, ...]
.text win32k.sys!EngGradientFill + 71 BF891D6C 12 Bytes [75, 20, FF, 75, 1C, FF, 75, ...]
.text win32k.sys!EngGradientFill + 7E BF891D79 4 Bytes [10, 57, E8, 25]
.text win32k.sys!EngGradientFill + 83 BF891D7E 23 Bytes [00, 00, 89, 45, 2C, 33, C0, ...]
.text ...
.text win32k.sys!EngStretchBltROP + 28 BF894966 51 Bytes [75, 20, 23, 7D, 10, FF, 75, ...]
.text win32k.sys!EngStretchBltROP + 5C BF89499A 3 Bytes [84, F1, FE]
.text win32k.sys!EngStretchBltROP + 61 BF89499F 38 Bytes [8B, 8A, 78, 05, 00, 00, 39, ...]
.text win32k.sys!EngStretchBltROP + 88 BF8949C6 3 Bytes JMP BF8948B3 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngStretchBltROP + 8C BF8949CA 4 Bytes [FF, C7, 45, 38]
.text ...
.text win32k.sys!EngUnlockSurface + 2A BF8979B6 150 Bytes [C1, 8B, 4D, 08, 85, C9, 74, ...]
.text win32k.sys!EngLockSurface + 2F BF897A4D 24 Bytes [70, 08, FF, D1, 85, C0, 74, ...]
.text win32k.sys!EngLockSurface + 48 BF897A66 34 Bytes [00, 6A, 00, 6A, 01, 57, 6A, ...]
.text win32k.sys!EngLockSurface + 6B BF897A89 29 Bytes [EC, 83, 7D, 08, FF, 8B, 4D, ...]
.text win32k.sys!EngLockSurface + 89 BF897AA7 14 Bytes [5D, C2, 10, 00, 83, F9, 1A, ...] {POP EBP; RET 0x10; CMP ECX, 0x1a; JB 0xffffffffffffffec; CMP ECX, 0x1b; JA 0x23}
.text win32k.sys!EngLockSurface + 9B BF897AB9 3 Bytes [FF, 75, 14] {PUSH DWORD [EBP+0x14]}
.text ...
.text win32k.sys!CLIPOBJ_cEnumStart + 6 BF8980AA 112 Bytes [85, C0, 74, 1B, 83, 66, 08, ...]
.text win32k.sys!CLIPOBJ_bEnum + 55 BF89811B 38 Bytes [75, 18, 56, 53, 57, E8, 05, ...]
.text win32k.sys!CLIPOBJ_bEnum + 7C BF898142 18 Bytes [FF, 75, 2B, 8B, 84, 91, 80, ...]
.text win32k.sys!CLIPOBJ_bEnum + 8F BF898155 73 Bytes [55, 8B, EC, 8B, 45, 0C, 85, ...]
.text win32k.sys!CLIPOBJ_bEnum + DB BF8981A1 5 Bytes [8B, FF, 55, 8B, EC] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text win32k.sys!CLIPOBJ_bEnum + E1 BF8981A7 1 Byte [01]
.text ...
.text win32k.sys!EngCopyBits + 20 BF898A34 199 Bytes [5F, 5E, 5B, C9, C2, 18, 00, ...]
.text win32k.sys!EngCopyBits + E8 BF898AFC 21 Bytes [00, 00, 8B, 76, 2C, C1, E6, ...]
.text win32k.sys!EngCopyBits + FE BF898B12 104 Bytes [8B, 85, 68, FF, FF, FF, F6, ...]
.text win32k.sys!EngCopyBits + 168 BF898B7C 34 Bytes [FF, 48, 48, 0F, 85, 48, FF, ...]
.text win32k.sys!EngCopyBits + 18C BF898BA0 50 Bytes [8B, 45, D0, 3B, D0, 0F, 87, ...]
.text ...
.text win32k.sys!PATHOBJ_bEnum + 7 BF8A3530 16 Bytes [58, 0C, 89, 5A, 04, 8B, 58, ...] {POP EAX; OR AL, 0x89; POP EDX; ADD AL, 0x8b; POP EAX; OR [ECX+0x10588d1a], CL; MOV [EDX+0x8], EBX}
.text win32k.sys!PATHOBJ_bEnum + 18 BF8A3541 49 Bytes [00, 89, 41, 38, 8B, 06, 8B, ...]
.text win32k.sys!PATHOBJ_bEnum + 4B BF8A3574 44 Bytes [4E, 75, F3, 8B, 00, 3B, C7, ...]
.text win32k.sys!PATHOBJ_bEnum + 7A BF8A35A3 83 Bytes [90, 90, 8B, 41, 08, 85, C0, ...]
.text win32k.sys!PATHOBJ_bEnum + CE BF8A35F7 1 Byte [46]
.text ...
.text win32k.sys!STROBJ_vEnumStart BF8A4E01 30 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text win32k.sys!STROBJ_vEnumStart + 1F BF8A4E20 212 Bytes [4D, 0C, 89, 48, 08, 8B, 4D, ...]
.text win32k.sys!STROBJ_vEnumStart + F4 BF8A4EF5 70 Bytes JMP BF8A50BD \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!STROBJ_vEnumStart + 13B BF8A4F3C 18 Bytes [7D, 80, C7, 85, 24, FF, FF, ...]
.text win32k.sys!STROBJ_vEnumStart + 14F BF8A4F50 7 Bytes [FF, 8B, 4D, 18, 89, 8D, 18]
.text ...
.text win32k.sys!EngTextOut + 12 BF8A5576 85 Bytes [1C, 89, 85, A8, FB, FF, FF, ...]
.text win32k.sys!EngTextOut + 68 BF8A55CC 5 Bytes [89, BD, CC, FB, FF]
.text win32k.sys!EngTextOut + 6E BF8A55D2 19 Bytes CALL BF948875 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngTextOut + 83 BF8A55E7 37 Bytes [89, B5, D8, FB, FF, FF, 66, ...]
.text win32k.sys!EngTextOut + A9 BF8A560D 37 Bytes [FF, 0F, B6, 52, 14, 89, 95, ...]
.text ...
.text win32k.sys!EngModifySurface + F BF8AC9C2 20 Bytes [56, FF, 75, 08, 8D, 4D, F4, ...]
.text win32k.sys!EngModifySurface + 24 BF8AC9D7 1 Byte [FF]
.text win32k.sys!EngModifySurface + 24 BF8AC9D7 9 Bytes [FF, FF, 39, 7D, 24, 0F, 85, ...]
.text win32k.sys!EngModifySurface + 2F BF8AC9E2 26 Bytes [F7, 45, 14, FC, FF, FF, FF, ...]
.text win32k.sys!EngModifySurface + 4B BF8AC9FE 19 Bytes [FF, 8B, 46, 1C, 85, C0, 75, ...]
.text ...
.text win32k.sys!EngAlphaBlend + 28 BF8AD4D4 59 Bytes [75, 18, 57, 8D, 7D, EC, A5, ...]
.text win32k.sys!EngAlphaBlend + 65 BF8AD511 46 Bytes [CC, C6, 45, D0, 00, 74, 04, ...]
.text win32k.sys!EngAlphaBlend + 94 BF8AD540 2 Bytes [56, 89]
.text win32k.sys!EngAlphaBlend + 97 BF8AD543 23 Bytes [18, 50, 8D, 4D, 18, E8, 3C, ...]
.text win32k.sys!EngAlphaBlend + AF BF8AD55B 36 Bytes [45, EC, 50, FF, 75, 08, 53, ...]
.text ...
.text win32k.sys!EngStretchBlt + 2 BF8ADD72 76 Bytes [FF, 83, 7D, 30, 04, 0F, 87, ...]
.text win32k.sys!EngStretchBlt + 50 BF8ADDC0 10 Bytes [09, 0F, 84, 9D, FB, FF, FF, ...] {OR [EDI], ECX; TEST [EBP-0x74000005], BL; JAE 0x46}
.text win32k.sys!EngStretchBlt + 5B BF8ADDCB 2 Bytes [FE, 09] {DEC BYTE [ECX]}
.text win32k.sys!EngStretchBlt + 5F BF8ADDCF 1 Byte [91]
.text win32k.sys!EngStretchBlt + 65 BF8ADDD5 1 Byte [0A]
.text ...
.text win32k.sys!EngComputeGlyphSet + 48 BF8B2DBD 12 Bytes [FC, 74, 0E, 50, FF, 75, 10, ...] {CLD ; JZ 0x11; PUSH EAX; PUSH DWORD [EBP+0x10]; PUSH ESI; PUSH DWORD [EBP-0x8]; PUSH EBX}
.text win32k.sys!EngComputeGlyphSet + 55 BF8B2DCA 62 Bytes [18, 02, 00, 00, 53, E8, 4F, ...]
.text win32k.sys!EngMultiByteToWideChar + 11 BF8B2E09 48 Bytes [55, 8B, EC, 57, 33, FF, 47, ...]
.text win32k.sys!EngMultiByteToWideChar + 43 BF8B2E3B 13 Bytes [54, 41, 02, 8A, 14, 30, 48, ...] {PUSH ESP; INC ECX; ADD CL, [EDX-0x77b7cfec]; PUSH ESP; PUSH ES; ADD BH, [ECX-0x19]}
.text win32k.sys!EngMultiByteToWideChar + 51 BF8B2E49 1 Byte [8B]
.text win32k.sys!EngMultiByteToWideChar + 54 BF8B2E4C 20 Bytes [47, 3B, 7D, 10, 66, 89, 54, ...]
.text win32k.sys!EngMultiByteToWideChar + 69 BF8B2E61 89 Bytes [00, 6A, 01, 53, 6A, 02, FF, ...]
.text ...
.text win32k.sys!EngCreateSemaphore + 48 BF8B3DF0 81 Bytes [83, C0, 10, 3B, CE, 72, F3, ...]
.text win32k.sys!EngCreateSemaphore + 9A BF8B3E42 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngCreateSemaphore + B2 BF8B3E5A 5 Bytes [8B, FF, 55, 8B, EC] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text win32k.sys!EngCreateSemaphore + B8 BF8B3E60 58 Bytes [45, 0C, 3D, 02, 00, 00, 80, ...]
.text win32k.sys!EngCreateSemaphore + F4 BF8B3E9C 32 Bytes [74, 0B, 83, 7D, 08, 04, 74, ...]
.text ...
.text win32k.sys!EngEraseSurface + 1B BF8B7348 57 Bytes CALL BF907CC6 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngEraseSurface + 55 BF8B7382 80 Bytes [E1, 03, C1, 03, C8, 89, 85, ...]
.text win32k.sys!EngEraseSurface + A6 BF8B73D3 41 Bytes [FE, FF, FF, 89, 85, 68, FE, ...]
.text win32k.sys!EngEraseSurface + D0 BF8B73FD 21 Bytes [FF, 00, 53, 89, 95, 70, FE, ...]
.text win32k.sys!EngEraseSurface + E6 BF8B7413 14 Bytes [FF, 8B, 46, 10, 8D, 44, 47, ...]
.text ...
.text win32k.sys!PATHOBJ_vEnumStart BF8C572D 87 Bytes [90, 6A, 10, 68, 88, A3, 99, ...]
.text win32k.sys!PATHOBJ_vEnumStart + 58 BF8C5785 72 Bytes [C2, 1C, 00, 8B, C2, EB, F4, ...]
.text win32k.sys!PATHOBJ_vEnumStart + A1 BF8C57CE 87 Bytes [A6, F5, 09, 00, EB, 56, 90, ...]
.text win32k.sys!PATHOBJ_vEnumStart + F9 BF8C5826 36 Bytes [D1, 89, 45, E4, 83, 4D, FC, ...]
.text win32k.sys!PATHOBJ_vEnumStart + 11E BF8C584B 11 Bytes JMP BF8C5C07 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngFillPath + A BF8C8C20 32 Bytes [8B, 75, E0, C1, FE, 04, 39, ...]
.text win32k.sys!EngFillPath + 2B BF8C8C41 11 Bytes JMP BF8C8DC6 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngFillPath + 37 BF8C8C4D 54 Bytes JMP BF90B68E \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngFillPath + 6E BF8C8C84 58 Bytes [00, 53, 8B, 5D, 08, 8D, 43, ...]
.text win32k.sys!EngFillPath + A9 BF8C8CBF 39 Bytes [4D, EC, 89, 45, F0, E8, C0, ...]
.text ...
.text win32k.sys!PATHOBJ_vGetBounds + 4 BF8CB4DA 57 Bytes [01, 33, D2, 39, 50, 30, 75, ...]
.text win32k.sys!PATHOBJ_vGetBounds + 3E BF8CB514 2 Bytes [4E, 18]
.text win32k.sys!PATHOBJ_vGetBounds + 41 BF8CB517 3 Bytes CALL BF80F39C \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!PATHOBJ_vGetBounds + 45 BF8CB51B 42 Bytes [85, C0, 74, 04, 83, 4E, 38, ...]
.text win32k.sys!PATHOBJ_vGetBounds + 70 BF8CB546 102 Bytes [8B, 45, 0C, 57, 83, C6, 1C, ...]
.text ...
.text win32k.sys!EngDeletePalette + 16 BF8D05DE 92 Bytes CALL BF81C740 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeletePalette + 73 BF8D063B 1 Byte [4D]
.text win32k.sys!EngDeletePalette + 73 BF8D063B 8 Bytes [4D, 08, 33, F6, E8, 56, 43, ...]
.text win32k.sys!EngDeletePalette + 7C BF8D0644 2 Bytes [8B, 4D]
.text win32k.sys!EngDeletePalette + 7F BF8D0647 189 Bytes [85, C9, 74, 1B, F6, 41, 11, ...]
.text ...
.text win32k.sys!EngStrokePath + 4 BF8D0A6E 7 Bytes [80, D0, 05, 00, 00, 57, FF]
.text win32k.sys!EngStrokePath + C BF8D0A76 1 Byte [1C]
.text win32k.sys!EngStrokePath + C BF8D0A76 34 Bytes [1C, 8D, 4E, 10, FF, 75, 18, ...]
.text win32k.sys!EngStrokePath + 2F BF8D0A99 9 Bytes [C0, 74, 2E, 33, DB, 3B, F3, ...] {SAL BYTE [ESI+EBP+0x33], 0xdb; CMP ESI, EBX; JZ 0xc}
.text win32k.sys!EngStrokePath + 39 BF8D0AA3 17 Bytes [5E, 10, 6A, 02, FF, 75, 24, ...]
.text ...
.text win32k.sys!EngSort + A BF8DB498 15 Bytes [8B, 4D, F4, 0F, B6, 39, 8B, ...]
.text win32k.sys!EngSort + 1A BF8DB4A8 86 Bytes [13, 74, 39, 89, 75, FC, 8B, ...]
.text win32k.sys!EngSort + 71 BF8DB4FF 244 Bytes [FF, 55, 8B, EC, 81, EC, B4, ...]
.text win32k.sys!EngSort + 166 BF8DB5F4 16 Bytes [10, 89, 30, 89, 11, 83, C0, ...]
.text win32k.sys!EngSort + 177 BF8DB605 85 Bytes [5E, 5D, C2, 0C, 00, 85, DB, ...]
.text ...
.text win32k.sys!EngLineTo + 72 BF8DCFA6 12 Bytes [55, 8B, EC, 81, EC, B0, 00, ...] {PUSH EBP; MOV EBP, ESP; SUB ESP, 0xb0; MOV EAX, [EBP+0x8]}
.text win32k.sys!EngLineTo + 80 BF8DCFB4 35 Bytes [8B, F0, F7, DE, 1B, F6, 8D, ...]
.text win32k.sys!EngLineTo + A4 BF8DCFD8 39 Bytes [4D, F4, 8B, 4D, 20, 33, DB, ...]
.text win32k.sys!EngLineTo + CC BF8DD000 39 Bytes [8B, 45, 0C, 3B, C3, 0F, 85, ...]
.text win32k.sys!EngLineTo + F4 BF8DD028 46 Bytes [FF, C7, 45, FC, 01, 00, 00, ...]
.text ...
.text win32k.sys!EngDeleteSemaphore + 32 BF8E8245 124 Bytes [4D, 08, 75, F2, 56, E8, 01, ...]
.text win32k.sys!EngDeleteSemaphore + AF BF8E82C2 10 Bytes [4D, 08, 83, 21, 00, 8B, 06, ...] {DEC EBP; OR [EBX+0x68b0021], AL; MOV EAX, [EAX+0x68]}
.text win32k.sys!EngDeleteSemaphore + BA BF8E82CD 35 Bytes [C0, 74, 17, 8B, 40, 10, 89, ...]
.text win32k.sys!EngDeleteSemaphore + DE BF8E82F1 85 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
.text win32k.sys!EngDeleteSemaphore + 134 BF8E8347 17 Bytes [C6, 75, D9, 83, 7D, 0C, 01, ...]
.text ...
.text win32k.sys!PATHOBJ_bPolyLineTo + 1 BF8F72A5 23 Bytes [4D, 10, 2B, 4D, 18, C1, F9, ...]
.text win32k.sys!PATHOBJ_bPolyLineTo + 19 BF8F72BD 50 Bytes [00, 8B, 4D, 1C, 89, 45, F8, ...]
.text win32k.sys!PATHOBJ_bPolyLineTo + 4C BF8F72F0 11 Bytes [48, 08, 8B, 4E, 0C, 89, 48, ...]
.text win32k.sys!PATHOBJ_bPolyLineTo + 58 BF8F72FC 29 Bytes [00, 33, C0, 40, 5F, 5E, 5B, ...]
.text win32k.sys!PATHOBJ_bPolyLineTo + 76 BF8F731A 78 Bytes CALL BF8A35D2 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!PATHOBJ_bCloseFigure + 27 BF8F7716 105 Bytes [FF, FF, 83, 7D, 08, 00, 74, ...]
.text win32k.sys!PATHOBJ_bCloseFigure + 91 BF8F7780 126 Bytes [5D, C2, 04, 00, 56, E8, 40, ...]
.text win32k.sys!PATHOBJ_bCloseFigure + 110 BF8F77FF 1 Byte [55]
.text win32k.sys!PATHOBJ_bCloseFigure + 110 BF8F77FF 28 Bytes [55, E8, 52, 51, FF, 75, 0C, ...]
.text win32k.sys!PATHOBJ_bCloseFigure + 12E BF8F781D 38 Bytes [8B, 03, 39, B0, 6C, 02, 00, ...]
.text ...
.text win32k.sys!FONTOBJ_pifi + 2 BF8F9678 83 Bytes [15, EC, 12, 99, BF, 6A, 05, ...]
.text win32k.sys!FONTOBJ_pifi + 56 BF8F96CC 167 Bytes [4D, FC, FF, 8D, 45, D0, 50, ...]
.text win32k.sys!FONTOBJ_pifi + FE BF8F9774 5 Bytes [45, 08, 3B, 81, 88]
.text win32k.sys!FONTOBJ_pifi + 104 BF8F977A 2 Bytes [00, 00] {ADD [EAX], AL}
.text win32k.sys!FONTOBJ_pifi + 107 BF8F977D 106 Bytes [12, 3B, 81, 90, 00, 00, 00, ...]
.text ...
.text win32k.sys!EngAllocUserMem + AC BF8FA9EE 12 Bytes [FF, 15, 68, 15, 99, BF, 3B, ...] {CALL [0xbf991568]; CMP EAX, EBX; JL 0x84; PUSH 0x4}
.text win32k.sys!EngAllocUserMem + B9 BF8FA9FB 49 Bytes [75, 08, FF, 75, E0, FF, 15, ...]
.text win32k.sys!EngAllocUserMem + EB BF8FAA2D 31 Bytes [45, 08, 89, 45, CC, 8D, 46, ...]
.text win32k.sys!EngAllocUserMem + 10B BF8FAA4D 25 Bytes [15, 7C, 17, 99, BF, 89, 45, ...]
.text win32k.sys!EngAllocUserMem + 125 BF8FAA67 32 Bytes [4D, FC, FF, 3B, FB, 0F, 84, ...]
.text ...
.text win32k.sys!EngMarkBandingSurface + 7 BF8FAF0F 70 Bytes [FF, 39, 75, E0, 0F, 85, 66, ...]
.text win32k.sys!EngMarkBandingSurface + 4E BF8FAF56 123 Bytes [33, C0, EB, F8, 90, 90, 90, ...]
.text win32k.sys!EngMarkBandingSurface + CA BF8FAFD2 52 Bytes [8B, CE, C7, 45, EC, 28, 00, ...]
.text win32k.sys!EngMarkBandingSurface + FF BF8FB007 2 Bytes CALL BF8E5CBF \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngMarkBandingSurface + 104 BF8FB00C 124 Bytes [75, F0, 3B, F7, 74, A2, 39, ...]
.text ...
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 4 BF8FB80E 36 Bytes [34, B8, 85, F6, 74, 2D, 83, ...]
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 29 BF8FB833 78 Bytes [7D, FC, 00, 74, 09, 8B, 4D, ...]
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 78 BF8FB882 40 Bytes [74, 20, 8B, 40, 58, EB, 1E, ...]
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + A1 BF8FB8AB 3 Bytes [83, C8, FF] {OR EAX, -0x1}
.text win32k.sys!BRUSHOBJ_ulGetBrushColor + A5 BF8FB8AF 35 Bytes [F7, F6, 40, 4C, 10, 74, 45, ...]
.text ...
.text win32k.sys!EngStrokeAndFillPath + 13 BF8FD211 79 Bytes [45, 10, 8D, 48, 30, F7, D8, ...]
.text win32k.sys!EngStrokeAndFillPath + 63 BF8FD261 9 Bytes [75, FC, 8D, 4D, E0, E8, F4, ...]
.text win32k.sys!EngStrokeAndFillPath + 6D BF8FD26B 13 Bytes JMP BF8FD32A \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngStrokeAndFillPath + 7B BF8FD279 10 Bytes [33, F6, EB, E6, 90, 90, 90, ...]
.text win32k.sys!EngStrokeAndFillPath + 86 BF8FD284 94 Bytes [55, 8B, EC, 81, EC, AC, 00, ...]
.text ...
.text win32k.sys!STROBJ_bEnum + 35 BF8FD708 9 Bytes JMP BF8FD60B \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!STROBJ_bEnum + 3F BF8FD712 39 Bytes CALL BF969C8B \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!STROBJ_bEnum + 67 BF8FD73A 21 Bytes [56, 34, 74, 03, C1, E1, 04, ...]
.text win32k.sys!STROBJ_bEnum + 7D BF8FD750 7 Bytes [EB, 45, 90, 90, 90, 90, 90] {JMP 0x47; NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!STROBJ_bEnum + 85 BF8FD758 90 Bytes [FF, 55, 8B, EC, 56, 8B, 75, ...]
.text ...
.text win32k.sys!HT_Get8BPPMaskPalette + 2 BF903BF6 165 Bytes [85, C0, 74, 46, FF, 15, D0, ...]
.text win32k.sys!HT_Get8BPPMaskPalette + A8 BF903C9C 70 Bytes [0F, B6, 45, 10, 8B, C8, 49, ...]
.text win32k.sys!HT_Get8BPPMaskPalette + EF BF903CE3 4 Bytes [0C, 89, 45, 18]
.text win32k.sys!HT_Get8BPPMaskPalette + F4 BF903CE8 34 Bytes [45, 14, 8B, F8, 8B, C8, 56, ...]
.text win32k.sys!HT_Get8BPPMaskPalette + 117 BF903D0B 35 Bytes [00, 00, C7, 45, F4, 00, 02, ...]
.text ...
.text win32k.sys!HT_Get8BPPFormatPalette + 6A BF90401D 13 Bytes [7D, FC, 05, 0F, 86, B5, 00, ...] {JGE 0xfffffffffffffffe; ADD EAX, 0xb5860f; ADD [EAX], AL; AND DWORD [EBP-0x4], 0x0}
.text win32k.sys!HT_Get8BPPFormatPalette + 78 BF90402B 88 Bytes JMP BF9040D9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!HT_Get8BPPFormatPalette + D1 BF904084 19 Bytes CALL BF8E57F9 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!HT_Get8BPPFormatPalette + E6 BF904099 115 Bytes [03, C7, 99, 8B, CB, F7, F9, ...]
.text win32k.sys!HT_Get8BPPFormatPalette + 15B BF90410E 46 Bytes JMP BF904240 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!STROBJ_bEnumPositionsOnly + 19 BF90426D 2 Bytes [45, E0]
.text win32k.sys!STROBJ_bEnumPositionsOnly + 1D BF904271 17 Bytes [83, 4D, FC, FF, 8D, 4D, DC, ...]
.text win32k.sys!STROBJ_bEnumPositionsOnly + 2F BF904283 241 Bytes CALL BF800BEF \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!XFORMOBJ_bApplyXform + 72 BF904375 84 Bytes [C1, 79, 04, 04, 83, C1, 08, ...]
.text win32k.sys!XFORMOBJ_bApplyXform + C7 BF9043CA 84 Bytes [14, 00, 3B, F3, 0F, 84, 68, ...]
.text win32k.sys!XFORMOBJ_bApplyXform + 11D BF904420 33 Bytes [EB, A3, 33, C0, EB, 9F, 8B, ...]
.text win32k.sys!XFORMOBJ_bApplyXform + 13F BF904442 46 Bytes [04, 89, 71, 04, 83, C0, 08, ...]
.text win32k.sys!XFORMOBJ_bApplyXform + 16E BF904471 20 Bytes [75, 0C, FF, 75, 08, 50, E8, ...]
.text ...
.text win32k.sys!FONTOBJ_vGetInfo + 85 BF9045E0 7 Bytes [FF, 55, 8B, EC, 83, EC, 1C] {CALL [EBP-0x75]; IN AL, DX ; SUB ESP, 0x1c}
.text win32k.sys!FONTOBJ_vGetInfo + 8D BF9045E8 75 Bytes [45, 08, 56, 89, 45, 08, 57, ...]
.text win32k.sys!FONTOBJ_vGetInfo + D9 BF904634 32 Bytes [F1, 33, C0, 6A, 07, 59, 8B, ...]
.text win32k.sys!FONTOBJ_vGetInfo + FA BF904655 14 Bytes [48, 60, 49, 75, 2C, 8B, 80, ...] {DEC EAX; PUSHA ; DEC ECX; JNZ 0x31; MOV EAX, [EAX+0x268]; MOV [EDX+0xc], EAX}
.text win32k.sys!FONTOBJ_vGetInfo + 109 BF904664 14 Bytes [06, 83, 78, 3C, 00, 75, 15, ...]
.text ...
.text win32k.sys!FONTOBJ_cGetGlyphs + 37 BF904840 49 Bytes [1E, 40, 5B, 5E, 5F, 5D, C2, ...]
.text win32k.sys!FONTOBJ_cGetGlyphs + 6A BF904873 42 Bytes [74, 08, 89, B0, 64, 02, 00, ...]
.text win32k.sys!FONTOBJ_cGetGlyphs + 95 BF90489E 43 Bytes [89, 45, F0, 8B, 45, 08, 56, ...]
.text win32k.sys!FONTOBJ_cGetGlyphs + C1 BF9048CA 26 Bytes CALL BF80479D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!STROBJ_bGetAdvanceWidths + 14 BF9048E5 7 Bytes [8B, EC, 6A, 01, FF, 75, 10] {MOV EBP, ESP; PUSH 0x1; PUSH DWORD [EBP+0x10]}
.text win32k.sys!STROBJ_bGetAdvanceWidths + 1C BF9048ED 144 Bytes [75, 0C, FF, 75, 08, E8, 2B, ...]
.text win32k.sys!STROBJ_bGetAdvanceWidths + AD BF90497E 2 Bytes [76, 2C] {JBE 0x2e}
.text win32k.sys!STROBJ_bGetAdvanceWidths + B0 BF904981 116 Bytes [36, C1, E2, 04, 03, D1, 40, ...]
.text win32k.sys!STROBJ_bGetAdvanceWidths + 125 BF9049F6 6 Bytes [65, E4, 00, 83, 65, E0]
.text ...
.text win32k.sys!BRUSHOBJ_hGetColorTransform + 48 BF904BDD 55 Bytes [00, 00, 83, A6, CC, 00, 00, ...]
.text win32k.sys!BRUSHOBJ_hGetColorTransform + 82 BF904C17 5 Bytes [90, 90, 8B, FF, 55] {NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text win32k.sys!BRUSHOBJ_hGetColorTransform + 88 BF904C1D 68 Bytes [EC, 8B, 45, 08, 85, C0, 74, ...]
.text win32k.sys!BRUSHOBJ_hGetColorTransform + CD BF904C62 1 Byte [F6]
.text win32k.sys!BRUSHOBJ_hGetColorTransform + CD BF904C62 3 Bytes [F6, 74, CC]
.text ...
.text win32k.sys!EngCreateDriverObj + 5 BF906821 14 Bytes [8B, 75, FC, 33, C9, 41, 39, ...] {MOV ESI, [EBP-0x4]; XOR ECX, ECX; INC ECX; CMP [EBX+0x4], ECX; MOV [EBP+0x14], ECX; JG 0x40}
.text win32k.sys!EngCreateDriverObj + 14 BF906830 14 Bytes [48, 04, 8D, 44, 88, 08, 3B, ...] {DEC EAX; ADD AL, 0x8d; INC ESP; MOV [EAX], CL; CMP EAX, [EBP+0xc]; MOV [EBP-0x4], EAX; JZ 0xffffffffffffffa6}
.text win32k.sys!EngCreateDriverObj + 23 BF90683F 92 Bytes [45, FC, 8B, 38, 8B, 48, 04, ...]
.text win32k.sys!EngCreateDriverObj + 85 BF9068A1 2 Bytes [FF, 55]
.text win32k.sys!EngCreateDriverObj + 88 BF9068A4 3 Bytes [EC, 56, 57] {IN AL, DX ; PUSH ESI; PUSH EDI}
.text ...
.text win32k.sys!EngLockDriverObj + 23 BF9069F9 3 Bytes [8B, 65, E8] {MOV ESP, [EBP-0x18]}
.text win32k.sys!EngDeleteDriverObj + 2 BF9069FD 26 Bytes CALL BF964D76 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteDriverObj + 1D BF906A18 60 Bytes [75, 08, 8B, 06, FF, 30, E8, ...]
.text win32k.sys!EngDeleteDriverObj + 5A BF906A55 11 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngDeleteDriverObj + 66 BF906A61 58 Bytes [08, 56, B2, 1C, 33, F6, E8, ...]
.text win32k.sys!EngDeleteDriverObj + A1 BF906A9C 7 Bytes [46, 18, 89, 45, FC, 74, 20] {INC ESI; SBB [ECX+0x2074fc45], CL}
.text ...
.text win32k.sys!EngGetCurrentProcessId + 7F BF9070D0 10 Bytes [90, 90, 90, 90, 90, E9, 8C, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; JMP 0xffffffffffefa696}
.text win32k.sys!EngGetCurrentProcessId + 8C BF9070DD 3 Bytes [90, 90, 8B]
.text win32k.sys!EngGetCurrentProcessId + 90 BF9070E1 5 Bytes [55, 8B, EC, 5D, EB]
.text win32k.sys!EngGetCurrentProcessId + 96 BF9070E7 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text win32k.sys!EngGetCurrentProcessId + 9B BF9070EC 26 Bytes [8B, FF, 55, 8B, EC, 8B, 4D, ...]
.text ...
.text win32k.sys!PATHOBJ_vEnumStartClipLines + 2A BF90E260 200 Bytes [EB, 12, 90, 90, 90, 90, 90, ...]
.text win32k.sys!PATHOBJ_bEnumClipLines + C8 BF90E329 91 Bytes CALL BF800B33 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!PATHOBJ_bEnumClipLines + 124 BF90E385 38 Bytes [24, 85, C9, 74, 06, F6, 41, ...]
.text win32k.sys!PATHOBJ_bEnumClipLines + 14B BF90E3AC 113 Bytes [7D, E0, F3, A5, 83, 4D, FC, ...]
.text win32k.sys!PATHOBJ_bEnumClipLines + 1BD BF90E41E 46 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text win32k.sys!PATHOBJ_bEnumClipLines + 1EC BF90E44D 54 Bytes [31, 3B, F2, 74, 08, 8B, CE, ...]
.text ...
.text win32k.sys!EngMapFontFile + 2 BF90EBE8 5 Bytes [36, 8D, 0C, 3F, 51]
.text win32k.sys!EngMapFontFile + 9 BF90EBEF 295 Bytes [0C, 0F, B7, C0, 50, E8, 2B, ...]
.text win32k.sys!EngMapFontFile + 131 BF90ED17 18 Bytes [D4, FD, FF, FF, 50, 6A, 02, ...]
.text win32k.sys!EngMapFontFile + 144 BF90ED2A 10 Bytes [00, 85, C0, 0F, 8C, 89, 02, ...]
.text win32k.sys!EngMapFontFile + 14F BF90ED35 63 Bytes [79, 25, 85, F6, 75, 21, 8B, ...]
.text ...
.text win32k.sys!EngUnmapFontFile + 2 BF90F9E8 7 Bytes [40, 04, A1, 38, F8, 9A, BF]
.text win32k.sys!EngUnmapFontFile + A BF90F9F0 14 Bytes [80, A8, 08, 00, 00, FF, 77, ...]
.text win32k.sys!EngUnmapFontFile + 19 BF90F9FF 77 Bytes [FF, 8B, 45, FC, 3B, 45, 0C, ...]
.text win32k.sys!EngUnmapFontFile + 67 BF90FA4D 25 Bytes [75, 0B, 3B, 5E, 50, 74, 06, ...]
.text win32k.sys!EngUnmapFontFile + 81 BF90FA67 49 Bytes [FF, 76, 78, FF, 76, 2C, E8, ...]
.text ...
.text win32k.sys!PALOBJ_cGetColors + 21 BF90FE1A 3 Bytes [47, 48, 02]
.text win32k.sys!PALOBJ_cGetColors + 25 BF90FE1E 46 Bytes [7D, 8B, 47, 2C, 83, B8, 8C, ...]
.text win32k.sys!PALOBJ_cGetColors + 54 BF90FE4D 45 Bytes CALL BF819765 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!PALOBJ_cGetColors + 82 BF90FE7B 27 Bytes [8B, 46, 78, FF, 48, 08, FF, ...]
.text win32k.sys!PALOBJ_cGetColors + 9E BF90FE97 2 Bytes CALL BF803036 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngCreateClip + 13 BF91297B 23 Bytes [EF, FF, 85, C0, 74, 06, 50, ...]
.text win32k.sys!EngCreateClip + 2B BF912993 30 Bytes [EF, FF, 5F, 8B, 46, 2C, 85, ...]
.text win32k.sys!EngCreateClip + 4A BF9129B2 28 Bytes CALL BF80E70D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCreateClip + 6A BF9129D2 200 Bytes [6A, 08, 75, 07, 68, F8, 48, ...]
.text win32k.sys!EngCreateClip + 134 BF912A9C 27 Bytes [00, 57, FF, 75, 08, FF, 35, ...]
.text ...
.text win32k.sys!XFORMOBJ_iGetFloatObjXform + 1B BF9374EE 86 Bytes [FF, 75, 08, FF, 75, 08, E8, ...]
.text win32k.sys!FLOATOBJ_SetLong + A BF937546 13 Bytes CALL BF827A84 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FLOATOBJ_GetFloat BF937555 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text win32k.sys!FLOATOBJ_GetFloat + 4 BF937559 28 Bytes [FF, 55, 8B, EC, FF, 75, 0C, ...]
.text win32k.sys!FLOATOBJ_GetLong + 11 BF937576 381 Bytes [55, 8B, EC, 51, 51, 8D, 45, ...]
.text win32k.sys!FLOATOBJ_DivFloat + 1A BF9376F4 7 Bytes [00, 90, 90, 90, 90, 90, 8B]
.text win32k.sys!FLOATOBJ_DivFloat + 22 BF9376FC 27 Bytes [55, 8B, EC, 51, 51, 83, 7D, ...]
.text win32k.sys!FLOATOBJ_DivLong + 13 BF937718 7 Bytes CALL BF80F10F \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FLOATOBJ_DivLong + 1D BF937722 12 Bytes CALL BF84E4AD \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FLOATOBJ_Div BF937730 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text win32k.sys!FLOATOBJ_Div + 4 BF937734 4 Bytes [FF, 55, 8B, EC] {CALL [EBP-0x75]; IN AL, DX }
.text win32k.sys!FLOATOBJ_Div + A BF93773A 3 Bytes [0C, 8B, 4D] {OR AL, 0x8b; DEC EBP}
.text win32k.sys!FLOATOBJ_Div + F BF93773F 2 Bytes CALL BF80ECE3 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FLOATOBJ_Neg + 5 BF937751 15 Bytes [FF, 75, 0C, 8B, 4D, 08, E8, ...] {PUSH DWORD [EBP+0xc]; MOV ECX, [EBP+0x8]; CALL 0xfffffffffff16d5f; POP EBP; RET 0x8}
.text win32k.sys!FLOATOBJ_EqualLong BF937762 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text win32k.sys!FLOATOBJ_EqualLong + 4 BF937766 83 Bytes [FF, 55, 8B, EC, FF, 75, 08, ...]
.text win32k.sys!FLOATOBJ_GreaterThanLong + 14 BF9377BA 47 Bytes [EB, 26, 68, 47, 75, 6D, 70, ...]
.text win32k.sys!FLOATOBJ_GreaterThanLong + 47 BF9377ED 12 Bytes [8B, FF, 55, 8B, EC, 56, 8B, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ESI; MOV ESI, [EBP+0x8]; CMP DWORD [ESI], -0x1}
.text win32k.sys!FLOATOBJ_LessThanLong + C BF9377FA 1 Byte [36]
.text win32k.sys!FLOATOBJ_LessThanLong + C BF9377FA 5 Bytes [36, 8B, 46, 04, 85]
.text win32k.sys!FLOATOBJ_LessThanLong + 12 BF937800 44 Bytes [75, 45, 8B, 46, 34, 8B, 40, ...]
.text win32k.sys!FLOATOBJ_Equal + 6 BF93782D 96 Bytes [83, 66, 04, 00, 33, C0, EB, ...]
.text win32k.sys!FLOATOBJ_LessThan + 35 BF93788E 12 Bytes [10, 8B, 49, 0C, 3B, C1, 7C, ...] {ADC [EBX-0x3ec4f3b7], CL; JL 0xa; MOV EAX, ECX; CMP ESI, EAX}
.text win32k.sys!FLOATOBJ_LessThan + 43 BF93789C 25 Bytes [8B, 55, 08, 89, 32, 89, 42, ...]
.text win32k.sys!FLOATOBJ_LessThan + 5D BF9378B6 49 Bytes [8B, F1, 8B, 4D, 08, B2, 07, ...]
.text win32k.sys!FLOATOBJ_LessThan + 8F BF9378E8 33 Bytes CALL BF802AAB \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FLOATOBJ_LessThan + B1 BF93790A 162 Bytes JMP BF937992 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngDebugPrint + 35 BF937C19 28 Bytes [8B, 7D, 10, 8B, D1, C1, E9, ...]
.text win32k.sys!EngDebugPrint + 54 BF937C38 44 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text win32k.sys!EngProbeForRead + E BF937C65 76 Bytes [FF, 55, 8B, EC, 83, EC, 0C, ...]
.text win32k.sys!EngAllocSectionMem + 1D BF937CB3 158 Bytes [FF, 15, 98, 13, 99, BF, 85, ...]
.text win32k.sys!EngFreeSectionMem + 24 BF937D52 123 Bytes [83, 7E, 04, 01, 75, 0A, FF, ...]
.text win32k.sys!EngMapSection + 76 BF937DCE 24 Bytes [8B, 80, 90, 00, 10, 00, C3, ...]
.text win32k.sys!EngMapSection + 92 BF937DEA 13 Bytes [8B, FF, 55, 8B, EC, 5D, E9, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; POP EBP; JMP 0x16c9d; NOP ; NOP }
.text win32k.sys!EngMapSection + A2 BF937DFA 39 Bytes [8B, FF, 55, 8B, EC, 5D, E9, ...]
.text win32k.sys!EngInitializeSafeSemaphore + 26 BF937E22 5 Bytes [75, 0C, FF, 75, 08] {JNZ 0xe; PUSH DWORD [EBP+0x8]}
.text win32k.sys!EngInitializeSafeSemaphore + 2C BF937E28 2 Bytes CALL BF806A05 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngInitializeSafeSemaphore + 30 BF937E2C 7 Bytes [5D, C2, 08, 00, 90, 90, 90] {POP EBP; RET 0x8; NOP ; NOP ; NOP }
.text win32k.sys!EngInitializeSafeSemaphore + 39 BF937E35 51 Bytes [33, C0, C2, 04, 00, 90, 90, ...]
.text win32k.sys!EngDeleteSafeSemaphore + 31 BF937E69 96 Bytes CALL BF801944 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteSafeSemaphore + 92 BF937ECA 17 Bytes [8B, FF, 55, 8B, EC, A1, C8, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EAX, [0xbf9aa0c8]; POP EBP; JMP [EAX+0x10c]}
.text win32k.sys!EngDeleteSafeSemaphore + A6 BF937EDE 43 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text win32k.sys!EngDeleteSafeSemaphore + D4 BF937F0C 256 Bytes [8B, FF, 55, 8B, EC, A1, C8, ...]
.text win32k.sys!EngDeleteSafeSemaphore + 1D5 BF93800D 6 Bytes [9A, BF, 5D, FF, 60, 2C]
.text ...
.text win32k.sys!EngAllocPrivateUserMem + 1 BF938382 59 Bytes CALL BF827E88 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDxIoctl + 11 BF9383BE 5 Bytes [00, 10, 00, EB, 03]
.text win32k.sys!EngLockDirectDrawSurface + 1 BF9383C4 22 Bytes [42, 38, 5D, C2, 08, 00, 90, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 2 BF9383DB 165 Bytes [33, FF, 39, 7D, 08, 74, 6E, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + A8 BF938481 117 Bytes [03, 00, 00, 8D, 4D, 08, E8, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 11E BF9384F7 25 Bytes [00, 00, 00, 0F, B6, 89, 38, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 138 BF938511 69 Bytes [DF, F7, DB, 1B, DB, 89, 45, ...]
.text win32k.sys!EngUnlockDirectDrawSurface + 17E BF938557 27 Bytes [89, E0, 05, 00, 00, EB, 05, ...]
.text ...
.text win32k.sys!EngGetType1FontList + 2F BF938F47 9 Bytes [5B, 8B, 45, FC, 5F, 5E, C9, ...]
.text win32k.sys!EngGetType1FontList + 39 BF938F51 69 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngGetType1FontList + 7F BF938F97 1 Byte [48]
.text win32k.sys!EngGetType1FontList + 7F BF938F97 64 Bytes [48, 04, 66, 8B, 4D, EE, 66, ...]
.text win32k.sys!EngGetType1FontList + C0 BF938FD8 114 Bytes [00, 00, 8B, 40, 04, 83, 89, ...]
.text win32k.sys!EngQueryLocalTime + 1 BF93904B 54 Bytes [0D, 50, 0D, 9B, BF, E8, F0, ...]
.text win32k.sys!EngQueryLocalTime + 38 BF939082 12 Bytes [04, 00, 5E, C3, 90, 90, 90, ...] {ADD AL, 0x0; POP ESI; RET ; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text win32k.sys!EngQueryLocalTime + 45 BF93908F 35 Bytes [EC, 8B, 45, 08, 53, 56, 8B, ...]
.text win32k.sys!EngQueryLocalTime + 69 BF9390B3 3 Bytes [03, 5B, 5D] {ADD EBX, [EBX+0x5d]}
.text win32k.sys!EngQueryLocalTime + 6D BF9390B7 1 Byte [08]
.text ...
.text win32k.sys!EngCheckAbort + 2 BF9392D9 65 Bytes [C2, 08, 00, 90, 90, 90, 90, ...]
.text win32k.sys!EngCheckAbort + 44 BF93931B 278 Bytes [56, 56, 8D, 4D, F0, 89, 45, ...]
.text win32k.sys!EngCheckAbort + 15B BF939432 5 Bytes [4D, 1C, 85, C9, 74]
.text win32k.sys!EngCheckAbort + 161 BF939438 102 Bytes [8B, 53, 08, 83, E2, 40, 89, ...]
.text win32k.sys!EngCheckAbort + 1C8 BF93949F 35 Bytes [C1, C1, E9, 02, F3, A5, 8B, ...]
.text ...
.text win32k.sys!EngMapEvent BF93AAFF 11 Bytes [90, 8B, FF, 55, 8B, EC, 8B, ...] {NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; PUSH DWORD [EAX]}
.text win32k.sys!EngMapEvent + C BF93AB0B 14 Bytes [15, FC, 13, 99, BF, 5D, C2, ...] {ADC EAX, 0xbf9913fc; POP EBP; RET 0x4; NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!EngMapEvent + 1B BF93AB1A 118 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text win32k.sys!EngMapEvent + 92 BF93AB91 5 Bytes [85, C0, 89, 47, 04] {TEST EAX, EAX; MOV [EDI+0x4], EAX}
.text win32k.sys!EngMapEvent + 98 BF93AB97 76 Bytes [52, 8B, 5D, 08, 8D, 74, 73, ...]
.text win32k.sys!EngSetEvent + D BF93ABE4 15 Bytes [D6, 33, C0, 40, EB, 02, 33, ...] {SALC ; XOR EAX, EAX; INC EAX; JMP 0x8; XOR EAX, EAX; POP EDI; POP ESI; POP EBX; POP EBP; RET 0xc}
.text win32k.sys!EngClearEvent BF93ABF4 45 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text win32k.sys!EngReadStateEvent + 17 BF93AC24 6 Bytes [8B, FF, 55, 8B, EC, 83]
.text win32k.sys!EngReadStateEvent + 1E BF93AC2B 192 Bytes [54, 8B, 45, 08, 8B, 48, 20, ...]
.text win32k.sys!EngGetFilePath BF93ACEC 93 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text win32k.sys!EngGetFileChangeTime + 33 BF93AD4B 51 Bytes [00, 80, 8D, 45, D0, 50, C7, ...]
.text win32k.sys!EngGetFileChangeTime + 67 BF93AD7F 33 Bytes CALL BF8139C3 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetFileChangeTime + 8A BF93ADA2 1 Byte [D4]
.text win32k.sys!EngGetFileChangeTime + 8A BF93ADA2 178 Bytes [D4, 50, 8D, 45, C0, 50, FF, ...]
.text win32k.sys!EngGetFileChangeTime + 13D BF93AE55 20 Bytes [F0, 66, 89, 04, 4F, 41, 3B, ...]
.text ...
.text win32k.sys!EngDeleteFile + B BF93AFA1 41 Bytes [24, FF, 75, 20, FF, 75, 1C, ...]
.text win32k.sys!EngDeleteFile + 35 BF93AFCB 20 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngDeleteFile + 4A BF93AFE0 11 Bytes [18, 8B, 40, 04, 56, 89, 45, ...]
.text win32k.sys!EngDeleteFile + 56 BF93AFEC 78 Bytes [70, 04, 57, 8B, 38, 56, 8B, ...]
.text win32k.sys!EngDeleteFile + A5 BF93B03B 1 Byte [55]
.text ...
.text win32k.sys!EngControlSprites + 11 BF93C192 76 Bytes [8B, 46, 24, 57, 33, FF, 33, ...]
.text win32k.sys!EngControlSprites + 5E BF93C1DF 35 Bytes [76, 12, 8D, 48, 10, 39, 31, ...]
.text win32k.sys!EngControlSprites + 82 BF93C203 86 Bytes [46, 08, 3B, C7, 74, EA, 33, ...]
.text win32k.sys!EngControlSprites + DB BF93C25C 43 Bytes [3B, C3, 74, 10, 53, 68, 47, ...]
.text win32k.sys!EngControlSprites + 107 BF93C288 33 Bytes [10, 89, 45, FC, 8B, 47, 6C, ...]
.text ...
.text win32k.sys!EngMovePointer + 31 BF93CB1D 49 Bytes [45, 10, 2B, 86, 78, 01, 00, ...]
.text win32k.sys!EngMovePointer + 64 BF93CB50 112 Bytes [3B, C3, 75, 04, 33, C0, EB, ...]
.text win32k.sys!EngMovePointer + D6 BF93CBC2 43 Bytes [89, 75, F8, 75, 5D, 39, 5D, ...]
.text win32k.sys!EngMovePointer + 102 BF93CBEE 47 Bytes [9E, C0, 01, 00, 00, 89, 9E, ...]
.text win32k.sys!EngMovePointer + 132 BF93CC1E 27 Bytes [89, 86, C0, 01, 00, 00, 39, ...]
.text ...
.text win32k.sys!EngSetPointerShape + 18 BF93CC86 3 Bytes CALL BF89C3FC \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngSetPointerShape + 1C BF93CC8A 149 Bytes [8B, 7F, 10, 3B, FB, 75, EB, ...]
.text win32k.sys!EngSetPointerShape + B2 BF93CD20 101 Bytes [8B, 58, 08, 57, 8B, 78, 0C, ...]
.text win32k.sys!EngSetPointerShape + 118 BF93CD86 79 Bytes [8F, D4, 01, 00, 00, 8D, 75, ...]
.text win32k.sys!EngSetPointerShape + 168 BF93CDD6 19 Bytes [4D, 0C, 75, BD, 83, F8, 04, ...]
.text ...
.text win32k.sys!EngQueryPalette + 13 BF93D31A 138 Bytes [55, 8B, EC, 56, 8B, F1, 8B, ...]
.text win32k.sys!EngQueryPalette + 9E BF93D3A5 29 Bytes [46, 08, 89, 78, 40, 8B, 46, ...]
.text win32k.sys!EngQueryPalette + BC BF93D3C3 79 Bytes [EC, 38, 53, 56, 8B, 75, 08, ...]
.text win32k.sys!EngQueryPalette + 10C BF93D413 14 Bytes [40, 24, FF, 75, 20, 8B, 4D, ...] {INC EAX; AND AL, 0xff; JNZ 0x25; MOV ECX, [EBP-0x10]; PUSH DWORD [EBP+0x1c]; PUSH DWORD [EBP+0x18]}
.text win32k.sys!EngQueryPalette + 11B BF93D422 13 Bytes [75, 14, FF, 75, 10, 50, E8, ...] {JNZ 0x16; PUSH DWORD [EBP+0x10]; PUSH EAX; CALL 0xfffffffffffcbb7e; CMP EBX, EDI}
.text ...
.text win32k.sys!EngCreatePath + 45 BF93D662 11 Bytes [4D, 08, FF, 75, 0C, 6A, 00, ...]
.text win32k.sys!EngDeletePath + 2 BF93D66E 9 Bytes [5D, C2, 0C, 00, 90, 90, 90, ...] {POP EBP; RET 0xc; NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!EngDeletePath + C BF93D678 20 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text win32k.sys!EngDeletePath + 22 BF93D68E 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text win32k.sys!EngDeletePath + 26 BF93D692 7 Bytes [FF, 55, 8B, EC, FF, 75, 14] {CALL [EBP-0x75]; IN AL, DX ; PUSH DWORD [EBP+0x14]}
.text win32k.sys!EngDeletePath + 2E BF93D69A 15 Bytes [4D, 08, FF, 75, 10, FF, 75, ...] {DEC EBP; OR BH, BH; JNZ 0x15; PUSH DWORD [EBP+0xc]; PUSH 0x1; CALL 0xfffffffffff5b7f0}
.text ...
.text win32k.sys!PATHOBJ_bPolyBezierTo + 2 BF93D74F 16 Bytes CALL BF813132 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!PATHOBJ_bPolyBezierTo + 13 BF93D760 11 Bytes [90, 8B, FF, 55, 8B, EC, 56, ...] {NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ESI; PUSH EDI; MOV EDI, [EBP+0x8]}
.text win32k.sys!PATHOBJ_bPolyBezierTo + 1F BF93D76C 66 Bytes CALL BF804497 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!WNDOBJ_vSetConsumer + 9 BF93D7AF 7 Bytes [46, 08, 89, 78, 7C, FF, 76] {INC ESI; OR [ECX+0x76ff7c78], CL}
.text win32k.sys!WNDOBJ_vSetConsumer + 11 BF93D7B7 75 Bytes CALL BF802A23 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!WNDOBJ_vSetConsumer + 5D BF93D803 58 Bytes [3C, 53, 56, 57, 8B, 7D, 08, ...]
.text win32k.sys!WNDOBJ_vSetConsumer + 98 BF93D83E 23 Bytes [FE, FF, F7, 0F, 85, A6, 02, ...]
.text win32k.sys!WNDOBJ_vSetConsumer + B0 BF93D856 9 Bytes [1D, 10, A1, 9A, BF, 8B, CB, ...] {SBB EAX, 0xbf9aa110; MOV ECX, EBX; JMP 0x2a}
.text ...
.text win32k.sys!EngCreateWnd + 23 BF93D913 32 Bytes CALL BF81B481 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCreateWnd + 44 BF93D934 5 Bytes [89, 9F, 84, 00, 00]
.text win32k.sys!EngCreateWnd + 4A BF93D93A 30 Bytes CALL BF805725 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngCreateWnd + 69 BF93D959 83 Bytes [45, FC, 83, C0, 10, 89, 46, ...]
.text win32k.sys!EngCreateWnd + BD BF93D9AD 42 Bytes CALL BF8139C5 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text ...
.text win32k.sys!EngDeleteWnd + 10 BF93DD28 12 Bytes [7E, 0C, EB, 18, 8D, 4D, FC, ...] {JLE 0xe; JMP 0x1c; LEA ECX, [EBP-0x4]; CALL 0xffffffffffeceb25}
.text win32k.sys!EngDeleteWnd + 1E BF93DD36 109 Bytes CALL BF80CF4D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteWnd + 8C BF93DDA4 3 Bytes [12, 8B, 46]
.text win32k.sys!EngDeleteWnd + 90 BF93DDA8 49 Bytes CALL BF93B8A3 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngDeleteWnd + C2 BF93DDDA 104 Bytes [83, EC, 28, 53, 56, 8B, 75, ...]
.text ...
.text win32k.sys!EngDitherColor + 7 BF93EA63 18 Bytes [FF, A1, 30, A1, 9A, BF, EB, ...]
.text win32k.sys!EngDitherColor + 1B BF93EA77 12 Bytes [00, 85, C0, 74, 33, EB, ED, ...]
.text win32k.sys!EngDitherColor + 29 BF93EA85 28 Bytes [00, 74, 12, 85, C0, 89, 86, ...]
.text win32k.sys!EngDitherColor + 46 BF93EAA2 147 Bytes [06, 21, 05, 34, A1, 9A, BF, ...]
.text win32k.sys!EngDitherColor + DA BF93EB36 3 Bytes [8B, 4D, 0C] {MOV ECX, [EBP+0xc]}
.text ...
.text win32k.sys!EngEnumForms + 6A BF93F35A 3 Bytes CALL BF8139C6 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngEnumForms + 6F BF93F35F 71 Bytes [D8, 85, DB, 0F, 84, 8D, 00, ...]
.text win32k.sys!EngEnumForms + B7 BF93F3A7 7 Bytes [FF, 8B, 4D, 18, 89, 45, F8] {DEC DWORD [EBX+0x4589184d]; CLC }
.text win32k.sys!EngEnumForms + BF BF93F3AF 70 Bytes [7D, F8, 00, 8B, 46, 08, 89, ...]
.text win32k.sys!EngGetPrinter + 17 BF93F3F7 189 Bytes [F8, 5F, 5E, 5B, C9, C2, 14, ...]
.text win32k.sys!EngGetPrinter + D5 BF93F4B5 25 Bytes [FC, 74, 3A, 83, 7D, 14, 00, ...]
.text win32k.sys!EngGetPrinter + EF BF93F4CF 45 Bytes [7D, 14, 8B, C1, 83, C6, 10, ...]
.text win32k.sys!EngGetForm + 5 BF93F4FD 67 Bytes [FF, 8B, 45, FC, 5F, 5B, 5E, ...]
.text win32k.sys!EngGetForm + 49 BF93F541 142 Bytes [02, 53, 57, 68, 47, 73, 70, ...]
.text win32k.sys!EngGetForm + D8 BF93F5D0 132 Bytes JMP BF93F669 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetForm + 15D BF93F655 18 Bytes [46, 1C, 85, C0, 74, 12, FF, ...] {INC ESI; SBB AL, 0x85; SAL BYTE [EDX+EDX-0x1], 0x75; OR [ESI+0x50], DL; CALL 0xfffffffffffff523; TEST EAX, EAX}
.text win32k.sys!EngGetForm + 170 BF93F668 51 Bytes [04, 83, 65, FC, 00, FF, 75, ...]
.text ...
.text win32k.sys!EngGetPrinterData + 24 BF93F7B2 153 Bytes [53, 56, 57, C7, 45, F8, 08, ...]
.text win32k.sys!EngGetPrinterData + BE BF93F84C 99 Bytes [F0, 85, F6, 74, 27, 8B, 45, ...]
.text win32k.sys!EngSetPrinterData + 15 BF93F8B0 27 Bytes [00, 89, 75, E4, 8D, BB, B0, ...]
.text win32k.sys!EngSetPrinterData + 31 BF93F8CC 159 Bytes [55, 0C, 39, 05, 28, A1, 9A, ...]
.text win32k.sys!EngSetPrinterData + D1 BF93F96C 6 Bytes [89, 45, 0C, 8B, 75, 10] {MOV [EBP+0xc], EAX; MOV ESI, [EBP+0x10]}
.text win32k.sys!EngSetPrinterData + D8 BF93F973 48 Bytes [D0, 8D, BB, B0, 00, 00, 00, ...]
.text win32k.sys!EngWritePrinter + 23 BF93F9A4 51 Bytes [80, 83, 63, 24, 00, 89, 7B, ...]
.text win32k.sys!EngWritePrinter + 57 BF93F9D8 46 Bytes [F5, FF, 85, C0, 75, 37, 33, ...]
.text win32k.sys!EngWritePrinter + 86 BF93FA07 17 Bytes [EB, 08, 8D, 4D, E0, E8, A9, ...]
.text win32k.sys!EngWritePrinter + 98 BF93FA19 49 Bytes [14, 85, C0, 74, 02, 89, 30, ...]
.text win32k.sys!EngWritePrinter + CA BF93FA4B 19 Bytes [FF, 55, 8B, EC, 51, 53, 56, ...]
.text ...
.text win32k.sys!EngGetTickCount + 4F BF93FC8E 12 Bytes JMP BF93FD5F \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetTickCount + 5C BF93FC9B 121 Bytes JMP BF93FD60 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngGetTickCount + D6 BF93FD15 88 Bytes [EB, 4B, 39, 3D, C0, A1, 9A, ...]
.text win32k.sys!EngGetTickCount + 130 BF93FD6F 25 Bytes [8B, 1D, 48, A1, 9A, BF, 89, ...]
.text win32k.sys!EngGetTickCount + 14A BF93FD89 34 Bytes [89, 7D, E4, 8D, 4E, F6, 83, ...]
.text ...
.text win32k.sys!EngHangNotification + 25 BF942511 4 Bytes [8B, 89, 74, 05]
.text win32k.sys!EngHangNotification + 2A BF942516 1 Byte [00]
.text win32k.sys!EngHangNotification + 2A BF942516 153 Bytes [00, F6, 41, 57, 02, 75, 1F, ...]
.text win32k.sys!EngHangNotification + C4 BF9425B0 45 Bytes [06, 75, 1B, 8B, 88, 74, 05, ...]
.text win32k.sys!EngHangNotification + F2 BF9425DE 117 Bytes [0D, 50, 0D, 9B, BF, E8, 73, ...]
.text ...
.text win32k.sys!EngFntCacheFault + 1 BF942F63 75 Bytes [00, 01, 70, 20, A1, B4, A2, ...]
.text win32k.sys!EngFntCacheFault + 4D BF942FAF 155 Bytes [AB, 8D, 45, D8, 50, 68, A0, ...]
.text win32k.sys!EngFntCacheFault + EA BF94304C 20 Bytes CALL BF801944 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!EngFntCacheFault + FF BF943061 42 Bytes [FF, 55, 8B, EC, FF, 75, 20, ...]
.text win32k.sys!EngFntCacheFault + 12A BF94308C 9 Bytes [56, 6A, 00, 8D, 4D, 0C, 51, ...] {PUSH ESI; PUSH 0x0; LEA ECX, [EBP+0xc]; PUSH ECX; PUSH 0x0}
.text ...
.text win32k.sys!EngUnmapFile + 71 BF943242 9 Bytes [F6, 8B, 45, DC, 8D, 04, 85, ...]
.text win32k.sys!EngUnmapFile + 7B BF94324C 33 Bytes [00, 83, E0, F8, 89, 45, C0, ...]
.text win32k.sys!EngUnmapFile + 9D BF94326E 1 Byte [0F]
.text win32k.sys!EngUnmapFile + 9D BF94326E 22 Bytes [0F, 00, 8D, 45, E4, 50, FF, ...]
.text win32k.sys!EngUnmapFile + B4 BF943285 149 Bytes [7D, D4, 6A, 04, 68, 00, 00, ...]
.text ...
.text win32k.sys!EngLoadModuleForWrite + 19 BF9438F2 28 Bytes [14, 89, 45, 08, 74, 0C, FF, ...]
.text win32k.sys!EngMapFile + 15 BF94390F 93 Bytes [35, 18, B3, 9A, BF, E8, E8, ...]
.text win32k.sys!EngMapFile + 73 BF94396D 118 Bytes [08, 8B, 45, FC, 5F, 5E, 5B, ...]
.text win32k.sys!EngMapFile + EA BF9439E4 158 Bytes [55, 8B, EC, 83, EC, 10, 53, ...]
.text win32k.sys!EngGetPrinterDataFileName + 12 BF943A83 18 Bytes [8B, 8E, E8, 02, 00, 00, 8B, ...]
.text win32k.sys!EngGetDriverName + E BF943A96 15 Bytes [00, 8B, 03, 89, 88, EC, 02, ...]
.text win32k.sys!EngQueryDeviceAttribute + 1 BF943AA6 13 Bytes [03, 89, 88, F0, 02, 00, 00, ...]
.text win32k.sys!EngQueryDeviceAttribute + F BF943AB4 19 Bytes [03, 89, 88, F4, 02, 00, 00, ...]
.text win32k.sys!EngQueryDeviceAttribute + 23 BF943AC8 33 Bytes [00, 8B, 8E, 04, 03, 00, 00, ...]
.text win32k.sys!EngQueryDeviceAttribute + 45 BF943AEA 83 Bytes [3B, 81, C7, 0C, 03, 00, 00, ...]
.text win32k.sys!EngQueryDeviceAttribute + 99 BF943B3E 3 Bytes [00, 8B, 03]
.text ...
.text win32k.sys!EngPlgBlt + 5A BF94617A 113 Bytes [55, E8, 39, 7D, 10, 75, 27, ...]
.text win32k.sys!EngPlgBlt + CC BF9461EC 13 Bytes [8D, 6C, FF, FF, FF, 33, C9, ...] {LEA EBP, [EDI+EDI*8-0x1]; PUSH DWORD [EBX]; LEAVE ; MOV [EBP-0x8c], EDX}
.text win32k.sys!EngPlgBlt + DA BF9461FA 32 Bytes [55, 84, 39, 95, 74, FF, FF, ...]
.text win32k.sys!EngPlgBlt + FB BF94621B 10 Bytes [FF, FF, 0F, 9F, C1, 33, D2, ...]
.text win32k.sys!EngPlgBlt + 107 BF946227 128 Bytes [FF, 8B, BC, C5, 6C, FF, FF, ...]
.text ...
.text win32k.sys!EngSetPointerTag + 27 BF947BEB 43 Bytes [01, 89, 7D, F8, 89, 7D, FC, ...]
.text win32k.sys!EngSetPointerTag + 53 BF947C17 2 Bytes [F8, 52] {CLC ; PUSH EDX}
.text win32k.sys!EngSetPointerTag + 56 BF947C1A 165 Bytes [57, 57, 57, 83, C0, 10, 51, ...]
.text win32k.sys!EngSetPointerTag + FC BF947CC0 107 Bytes [89, 4D, F8, 89, 75, DC, 89, ...]
.text win32k.sys!EngSetPointerTag + 168 BF947D2C 49 Bytes JMP C3760035
.text ...
.text win32k.sys!STROBJ_dwGetCodePage + 9 BF94890F 36 Bytes [4D, 0C, 50, 89, 55, F0, E8, ...]
.text win32k.sys!STROBJ_fxCharacterExtra + 1C BF948936 137 Bytes [8B, FF, 55, 8B, EC, F6, 45, ...]
.text win32k.sys!STROBJ_fxBreakExtra + 88 BF9489C0 10 Bytes [4D, 08, 8B, C1, 74, 35, 4A, ...] {DEC EBP; OR [EBX+0x4a3574c1], CL; JZ 0x34; DEC EDX}
.text win32k.sys!STROBJ_fxBreakExtra + 93 BF9489CB 36 Bytes [23, 4A, 74, 18, 4A, 74, 0B, ...]
.text win32k.sys!STROBJ_fxBreakExtra + B8 BF9489F0 1 Byte [45]
.text win32k.sys!STROBJ_fxBreakExtra + B8 BF9489F0 39 Bytes [45, 0C, EB, 0D, 8B, 45, 0C, ...]
.text win32k.sys!STROBJ_fxBreakExtra + E0 BF948A18 51 Bytes [08, 8B, 49, 10, 8B, 50, 14, ...]
.text ...
.text win32k.sys!FONTOBJ_pfdg + 6 BF949ED3 4 Bytes [F0, 83, 65, 08]
.text win32k.sys!FONTOBJ_pfdg + B BF949ED8 21 Bytes CALL BF80479D \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_cGetAllGlyphHandles + A BF949EEE 104 Bytes [55, 8B, EC, 8B, 4D, 0C, 8B, ...]
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 42 BF949F57 11 Bytes [FF, 75, 0C, 51, 8D, 4D, FC, ...]
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 4E BF949F63 10 Bytes [8B, F0, EB, 02, 33, F6, 83, ...] {MOV ESI, EAX; JMP 0x6; XOR ESI, ESI; AND DWORD [EBP+0x8], 0x0}
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 5A BF949F6F 1 Byte [08]
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 5A BF949F6F 6 Bytes CALL BF80479F \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 61 BF949F76 65 Bytes [C6, 5E, C9, C2, 08, 00, 90, ...]
.text win32k.sys!FONTOBJ_pjOpenTypeTablePointer + 26 BF949FB9 59 Bytes [90, 90, 90, 90, 90, 8B, C2, ...]
.text win32k.sys!FONTOBJ_pwszFontFilePaths + 28 BF949FF5 91 Bytes [5D, 08, 56, 8B, 33, 8B, 06, ...]
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 3D BF94A051 16 Bytes CALL BF8981C1 \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 4E BF94A062 19 Bytes [90, 90, 90, 90, 8B, FF, 55, ...] {NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [ECX]; MOV EDX, [EBP+0xc]; MOV EAX, [EAX+0x14]; PUSH ESI}
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 62 BF94A076 34 Bytes [75, 10, 03, F2, 3B, F0, 89, ...]
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 85 BF94A099 177 Bytes [03, 89, 45, FC, 8A, 5D, FE, ...]
.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 137 BF94A14B 4 Bytes [49, 18, EB, 03]
.text ...
.text win32k.sys!XLATEOBJ_cGetPalette + 12 BF94B5D1 118 Bytes [01, 8B, 4D, 08, 8B, 51, 38, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + 6 BF94B648 213 Bytes [49, 2C, 3B, 0D, DC, AA, 9A, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + DC BF94B71E 55 Bytes [C2, 25, 00, F8, 00, 00, C1, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + 116 BF94B758 19 Bytes [90, 90, 8B, C2, 25, 00, 7C, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + 12A BF94B76C 62 Bytes [0B, C1, C1, E0, 02, 8B, CA, ...]
.text win32k.sys!XLATEOBJ_hGetColorTransform + 169 BF94B7AB 119 Bytes [8B, CA, 81, E1, 00, FC, 00, ...]
.text ...
.text win32k.sys!EngDeleteClip + 7D BF981BAA 30 Bytes [6F, F7, 5E, 34, F7, 5E, 3C, ...]
.text win32k.sys!EngDeleteClip + 9C BF981BC9 23 Bytes [46, 30, 8D, 45, F8, 50, E8, ...]
.text win32k.sys!EngDeleteClip + B5 BF981BE2 71 Bytes [3C, 89, 4E, 38, 0F, BF, 43, ...]
.text win32k.sys!EngDeleteClip + FD BF981C2A 74 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngDeleteClip + 149 BF981C76 13 Bytes [18, F6, 87, 84, 00, 00, 00, ...] {SBB DH, DH; XCHG [EAX+EAX-0x72fc0000], EAX; INC EDI; XOR [EBX+0x50], DL}
.text ...
.text win32k.sys!HT_ComputeRGBGammaTable + 4 BF982782 41 Bytes [CB, F7, F9, 8B, 4D, 10, 83, ...]
.text win32k.sys!HT_ComputeRGBGammaTable + 2E BF9827AC 9 Bytes [8B, 45, 14, C6, 07, FF, 5F, ...]
.text win32k.sys!HT_ComputeRGBGammaTable + 38 BF9827B6 81 Bytes [8B, C6, 5B, EB, 02, 33, C0, ...]
.text win32k.sys!HT_ComputeRGBGammaTable + 8A BF982808 145 Bytes [8A, 56, 01, 84, D2, 74, 3A, ...]
.text win32k.sys!HT_ComputeRGBGammaTable + 11C BF98289A 53 Bytes [75, 08, 57, 89, 45, FC, 6A, ...]
.text ...

MORE FOLLOWING

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F0, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F3, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F0, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F1, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910E0A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F2, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F1, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F2, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910E7B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F0, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910FA9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F1, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F2, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F3, 37, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C0, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C3, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C0, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C1, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9174DA
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C2, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C1, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C2, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91754B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C0, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917679
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C1, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C2, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C3, 9E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9178EA
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91795B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917A89
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, A2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, DC, A8, 00] {SUB AH, BL; TEST AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DF, A8, 00] {SUB BH, BL; TEST AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, DC, A8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, DD, A8, 00] {TEST AL, 0xdd; TEST AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917EF6
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DE, A8, 00] {TEST AL, 0xde; TEST AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, DD, A8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DE, A8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917F67
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, DC, A8, 00] {TEST AL, 0xdc; TEST AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918095
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, DD, A8, 00] {SUB CH, BL; TEST AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DE, A8, 00] {SUB DH, BL; TEST AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DF, A8, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[812] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B4, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B7, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B4, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B5, 8D, 00] {TEST AL, 0xb5; LEA EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9163CE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B6, 8D, 00] {TEST AL, 0xb6; LEA EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B5, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B6, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91643F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B4, 8D, 00] {TEST AL, 0xb4; LEA EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91656D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B5, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B6, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B7, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6B, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 69, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B82
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6A, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 69, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6A, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912BF3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D21
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6A, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6B, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED8A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EDFB
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF29
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, D2, 00] {SUB [EDX+EDX*8+0x0], CH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, D2, 00] {TEST AL, 0x6d; ROL BYTE [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A886
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, D2, 00] {TEST AL, 0x6e; ROL BYTE [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A8F7
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, D2, 00] {TEST AL, 0x6c; ROL BYTE [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AA25
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 54, 7C, 00] {SUB [ESP+EDI*2+0x0], DL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 57, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 54, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 55, 7C, 00] {TEST AL, 0x55; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91526E
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 56, 7C, 00] {TEST AL, 0x56; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 55, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 56, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9152DF
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 54, 7C, 00] {TEST AL, 0x54; JL 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91540D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 55, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 56, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 57, 7C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916A5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916ACB
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916BF9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, 94, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F0, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F3, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F0, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F1, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910D0A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F2, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F1, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F2, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910D7B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F0, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910EA9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F1, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F2, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F3, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 28, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2B, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 28, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 29, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A442
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2A, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 29, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2A, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A4B3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 28, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A5E1
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 29, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2A, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2B, CE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED26
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED97
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEC5
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 08, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0B, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 08, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 09, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B22
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0A, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 09, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0A, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B93
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 08, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CC1
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 09, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0A, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0B, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, EC, 00] {SUB [ESP+EBP*8+0x0], CH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C286
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C2F7
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C425
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6B, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 69, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F482
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6A, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 69, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6A, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F4F3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F621
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6A, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6B, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C21A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C28B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C3B9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, EC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 94, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 97, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 94, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 95, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916CAE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 96, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 95, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 96, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916D1F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 94, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916E4D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 95, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 96, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 97, 96, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 30, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 33, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 30, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 31, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CD4A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 32, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 31, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 32, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CDBB
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 30, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CEE9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 31, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 32, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 33, F7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 8F, 00] {TEST AL, 0xa5; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9165BE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 8F, 00] {TEST AL, 0xa6; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91662F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 8F, 00] {TEST AL, 0xa4; POP DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91675D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 8F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D4, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D7, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D4, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D5, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912BEE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D6, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D5, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D6, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912C5F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D4, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D8D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D5, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D6, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D7, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D0D6
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D147
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D275
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, FA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CBDE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CC4F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CD7D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, F5, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 60, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 63, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 60, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 61, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B7A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 62, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 61, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 62, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912BEB
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 60, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912D19
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 61, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 62, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 63, 55, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[4804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[5272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D8, 70, 00] {SUB AL, BL; JO 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DB, 70, 00] {SUB BL, BL; JO 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D8, 70, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D9, 70, 00] {TEST AL, 0xd9; JO 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9146F2
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DA, 70, 00] {TEST AL, 0xda; JO 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D9, 70, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DA, 70, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914763
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D8, 70, 00] {TEST AL, 0xd8; JO 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914891
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D9, 70, 00] {SUB CL, BL; JO 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DA, 70, 00] {SUB DL, BL; JO 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DB, 70, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[5516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CAC2
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CB33
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CC61
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, F4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

#3 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 15 November 2012 - 08:02 PM

DDS Log:

DDS (Ver_2012-11-07.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by My Account! at 20:01:52 on 2012-11-15
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1115 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348963116390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{90877AE7-FC06-45F6-B99C-C78BD7CB6015} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\my account!\application data\mozilla\firefox\profiles\btaky4n2.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-09-29 21:39; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-14 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-29 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-29 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-29 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-29 44808]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 NetDDEdsdmRemoteAccess;Network DDE DSDM NetDDEdsdmRemoteAccess;c:\docume~1\myacco~1\locals~1\temp\2.tmp srv --> c:\docume~1\myacco~1\locals~1\temp\2.tmp srv [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-2-25 23456]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2010-4-22 29184]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\myacco~1\desktop\aircra~1.9-w\aircra~1.9-w\bin\peek5.sys --> c:\docume~1\myacco~1\desktop\aircra~1.9-w\aircra~1.9-w\bin\PEEK5.SYS [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-10-5 223128]
.
=============== Created Last 30 ================
.
2012-11-15 21:31:19 -------- d-----w- c:\windows\ERUNT
2012-11-15 21:31:15 -------- d-----w- C:\JRT
2012-11-15 21:20:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-15 18:38:37 -------- d-sh--w- C:\Recycled
2012-11-15 05:33:48 -------- d-sha-r- C:\cmdcons
2012-11-15 05:32:21 98816 ----a-w- c:\windows\sed.exe
2012-11-15 05:32:21 256000 ----a-w- c:\windows\PEV.exe
2012-11-15 05:32:21 208896 ----a-w- c:\windows\MBR.exe
2012-11-15 05:32:16 -------- d-s---w- C:\ComboFix
2012-11-14 02:46:22 278528 ----a-w- c:\windows\system32\hpdj
2012-11-09 19:29:00 -------- d-----w- c:\documents and settings\my account!\local settings\application data\Sun
2012-11-09 06:20:45 -------- d-----w- c:\documents and settings\my account!\application data\GameFly
2012-11-09 06:09:04 -------- d-----w- c:\program files\GameFly
2012-10-28 23:41:40 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-10-28 23:40:11 -------- d-----w- c:\documents and settings\my account!\application data\SendSpace
2012-10-28 00:57:13 -------- d-----w- c:\documents and settings\my account!\application data\LolClient
2012-10-27 23:57:05 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-10-27 23:57:05 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2012-10-27 23:57:00 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-10-27 23:57:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-10-27 23:56:53 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-10-27 23:56:49 -------- d-----w- c:\windows\Logs
2012-10-27 23:45:41 -------- d-----w- C:\Riot Games
2012-10-27 22:14:39 -------- d-----w- c:\program files\Pando Networks
2012-10-27 22:10:07 39036 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2012-10-27 22:10:07 38144 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2012-10-27 22:10:07 21344 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2012-10-27 22:10:06 -------- d-----w- c:\program files\LG Electronics
2012-10-27 17:42:18 -------- d-sh--w- C:\FOUND.003
.
==================== Find3M ====================
.
2012-10-22 08:37:32 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-08 22:58:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 22:58:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 22:58:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 22:58:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-08 21:04:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 21:04:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:22 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 16:14:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 16:14:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 16:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 13:07:16 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 14:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 14:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 13:58:10 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 10:13:16 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 10:12:34 41224 ----a-w- c:\windows\avastSS.scr
2008-02-01 20:34:18 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 20:02:10.89 ===============

#4 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 20 November 2012 - 05:20 PM

Hi,

I'll be taking your thread. Please allow me a bit to come up with a fix and I will be back to you
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#5 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 20 November 2012 - 05:22 PM

Cool, if you want I can go into detail about some of the files that were added. They are located on my desktop, in C: and in a lot of other folders. I'd guess like 100 new files were added. Thanks!

#6 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 21 November 2012 - 06:59 PM

Hello and Welcome to BleepingComputer Forums! :welcome:

My name is Chris and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only! If you are not the original poster of this thread DO NOT run the fixes provided here.
  • Please do not run any tools until requested by myself or another member of Staff! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • If you stay with me, follow my instructions and ask questions when confused you'll be back up and running in no time :)

I'd like to get a look at what TDSSKiller removed.

  • Please download TDSS Qlook and save it to your desktop.
  • Double-click the program and run it.
  • Type the letter A and press ENTER.
  • A logfile will open (TDSSQ.txt), please copy and paste the contents of that logfile into your next reply.

Edited by CStew23, 21 November 2012 - 07:00 PM.

Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#7 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 21 November 2012 - 07:44 PM

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - My Account! - Wed 11/21/2012 - 19:44:51.12.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3
***** START SCAN Wed 11/21/2012 19:44:54.92 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.8.15.0_15.11.2012_16.19.56_log.txt
TDSSKiller.2.8.15.0_15.11.2012_16.22.38_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\15.11.2012_16.19.56
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\object.ini
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\svc0000
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\object.ini
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\svc0000
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\Drivers\sptd.sys
md5: CDDDEC541BC3C96F91ECB48759673505


=== C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\15.11.2012_16.19.56\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\Drivers\sptd.sys
md5: CDDDEC541BC3C96F91ECB48759673505


***** END SCAN Wed 11/21/2012 19:44:55.54 *****

#8 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 23 November 2012 - 01:52 PM

Hi,

Sorry for the delay. Thanksgiving holiday and all that.

Please visit Virustotal

  • Click0 the Browse.. button
  • Navigate to the file C:\Documents and Settings\My Account!\My Documents\Downloads\mxn6u13c.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.
If VirusTotal is busy please use Jotti
========

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#9 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 23 November 2012 - 02:34 PM

SHA256: ce723717c56b2231ea7843f5408225b07a997b466584d38d278db5e7cf2c2eb0
File name: gmer.exe
Detection ratio: 1 / 42
Analysis date: 2012-11-23 15:20:48 UTC ( 4 hours, 12 minutes ago )
348
More details
Analysis
Comments
Votes
Additional information
Antivirus Result Update
Agnitum - 20121123
AntiVir - 20121123
Antiy-AVL - 20121122
Avast - 20121123
AVG - 20121123
BitDefender - 20121123
CAT-QuickHeal - 20121122
ClamAV - 20121123
Commtouch - 20121123
Comodo - 20121123
DrWeb - 20121123
Emsisoft - 20121123
eSafe - 20121121
ESET-NOD32 - 20121123
F-Prot - 20121123
F-Secure - 20121123
Fortinet - 20121123
GData - 20121123
Ikarus - 20121123
Jiangmin Trojan/JmGenGeneric.aic 20121123
K7AntiVirus - 20121122
Kaspersky - 20121123
Kingsoft - 20121119
McAfee - 20121123
McAfee-GW-Edition - 20121123
Microsoft - 20121123
MicroWorld-eScan - 20121123
Norman - 20121123
nProtect - 20121123
Panda - 20121123
PCTools - 20121123
Rising - 20121123
Sophos - 20121123
SUPERAntiSpyware - 20121123
Symantec - 20121122
TheHacker - 20121123
TotalDefense - 20121122
TrendMicro - 20121123
TrendMicro-HouseCall - 20121123
VBA32 - 20121122
VIPRE - 20121123
ViRobot - 20121123

#10 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 23 November 2012 - 02:37 PM

I already have malwarebytes should I just use what I have? If not, then when I renamed the install file it wouldn't open it without selecting a program. what program should I select for it after renaming the install file? Or do I rename a different file?

#11 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 23 November 2012 - 02:39 PM

oh I figured it out. I didn't include .exe at the end!

#12 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 23 November 2012 - 02:51 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.23.08

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
My Account! :: LAPTOP [administrator]

11/23/2012 2:45:10 PM
mbam-log-2012-11-23 (14-45-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220407
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 23 November 2012 - 03:56 PM

How are things running now?
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#14 zxmeiji

zxmeiji
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 23 November 2012 - 04:15 PM

Well for some reason a whole bunch of files were added to my computer after I canceled the combofix (it idled for 20 hours) & then restarted my computer. It was very strange! Some of the files were older files from a long time ago. Some were word files, others were thumbs.something and other random stuff. I haven't tried running combofix again and I haven't tried using the combofix backup restore or anything. Everything works just fine so far. Maybe I should have posted this in another area on the site or something because I haven't had any specific malware problems, but only this issue after running combofix.

#15 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 24 November 2012 - 01:40 PM

Can you attach the ComboFix log if it was generated?
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users