\co ciekawe gdy włączam przeglądarkę to są aż 4 strony startowe, jedna to search.conduit, druga to google.pl/?gws_rd=ssl a dwie pozostałe to również strony google tylko z różnymi linkami:
1.l/?gfe_rd=cr&ei=ol8NVPvCAYah8weunoGQCQ&gws_rd=ssl
2./?gfe_rd=cr&ei=ol8NVJyeNoah8weunoGQCQ&gws_rd=ssl
Logi z OTL
- Kod: Zaznacz wszystko
OTL logfile created on: 2014-09-08 09:58:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop\!!!!Czysczenie
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,87 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,38% Memory free
7,73 Gb Paging File | 5,01 Gb Available in Paging File | 64,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 126,46 Gb Free Space | 64,75% Space Free | Partition Type: NTFS
Drive D: | 270,35 Gb Total Space | 112,80 Gb Free Space | 41,72% Space Free | Partition Type: NTFS
Computer Name: DELL-KOMPUTER | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014-09-08 09:54:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\!!!!Czysczenie\OTL.exe
PRC - [2014-08-30 04:49:43 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-08-22 23:56:19 | 000,196,504 | ---- | M] (APN LLC.) -- C:\Users\Dell\AppData\Local\VNT\vntldr.exe
PRC - [2014-08-22 23:56:12 | 001,942,424 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014-08-22 23:56:12 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014-07-02 21:31:43 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014-06-12 01:42:22 | 000,591,776 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
PRC - [2014-05-08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014-05-08 10:47:44 | 002,993,376 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014-04-20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
PRC - [2014-04-20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
PRC - [2014-04-20 01:41:12 | 000,860,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
PRC - [2014-04-20 01:41:10 | 000,359,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
PRC - [2014-03-11 07:04:00 | 006,033,408 | ---- | M] ( ) -- C:\Program Files (x86)\ChomikBox\chomikbox.exe
PRC - [2010-11-20 04:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009-11-04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009-11-04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014-08-30 04:49:41 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
MOD - [2014-08-30 04:49:38 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
MOD - [2014-08-30 04:49:33 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
MOD - [2014-08-30 04:49:31 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
MOD - [2014-08-30 04:49:30 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
MOD - [2014-04-23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-04-23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-03-03 23:05:14 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\tsplugins\integration\chomikbox_win7.tsp
MOD - [2014-01-21 20:07:52 | 008,878,248 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll
MOD - [2011-12-02 14:15:16 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstcontroller-0.10.dll
MOD - [2011-12-02 14:15:16 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstpbutils-0.10.dll
MOD - [2011-12-02 14:15:16 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstinterfaces-0.10.dll
MOD - [2011-12-02 14:15:14 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libvorbisenc-2.dll
MOD - [2011-12-02 14:15:14 | 000,718,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgnutls-26.dll
MOD - [2011-12-02 14:15:14 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstreamer-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,604,160 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgcrypt-11.dll
MOD - [2011-12-02 14:15:14 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libFLAC-8.dll
MOD - [2011-12-02 14:15:14 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libvorbis-0.dll
MOD - [2011-12-02 14:15:14 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgsttag-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avutil-lgpl-50.dll
MOD - [2011-12-02 14:15:14 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstaudio-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstrtp-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libbz2.dll
MOD - [2011-12-02 14:15:14 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstapp-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgpg-error-0.dll
MOD - [2011-12-02 14:15:14 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libogg-0.dll
MOD - [2011-12-02 14:15:06 | 000,228,864 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdirectsound.dll
MOD - [2011-12-02 14:15:06 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcoreelements.dll
MOD - [2011-12-02 14:15:06 | 000,197,632 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstplaybin.dll
MOD - [2011-12-02 14:15:06 | 000,180,736 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstffmpeg-lgpl.dll
MOD - [2011-12-02 14:15:06 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegdemux.dll
MOD - [2011-12-02 14:15:06 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstqtdemux.dll
MOD - [2011-12-02 14:15:06 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstogg.dll
MOD - [2011-12-02 14:15:06 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstqtmux.dll
MOD - [2011-12-02 14:15:06 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstasf.dll
MOD - [2011-12-02 14:15:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdecodebin2.dll
MOD - [2011-12-02 14:15:06 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudioconvert.dll
MOD - [2011-12-02 14:15:06 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libtasn1-3.dll
MOD - [2011-12-02 14:15:06 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstflac.dll
MOD - [2011-12-02 14:15:06 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstasfmux.dll
MOD - [2011-12-02 14:15:06 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsttypefindfunctions.dll
MOD - [2011-12-02 14:15:06 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegstream.dll
MOD - [2011-12-02 14:15:06 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstvorbis.dll
MOD - [2011-12-02 14:15:06 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudioresample.dll
MOD - [2011-12-02 14:15:06 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwavpack.dll
MOD - [2011-12-02 14:15:06 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegaudioparse.dll
MOD - [2011-12-02 14:15:06 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwavparse.dll
MOD - [2011-12-02 14:15:06 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegtsmux.dll
MOD - [2011-12-02 14:15:06 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaiff.dll
MOD - [2011-12-02 14:15:06 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstrawparse.dll
MOD - [2011-12-02 14:15:06 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstinterleave.dll
MOD - [2011-12-02 14:15:06 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstreplaygain.dll
MOD - [2011-12-02 14:15:06 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstvolume.dll
MOD - [2011-12-02 14:15:06 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdecodebin.dll
MOD - [2011-12-02 14:15:06 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstid3demux.dll
MOD - [2011-12-02 14:15:06 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstreal.dll
MOD - [2011-12-02 14:15:06 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegpsmux.dll
MOD - [2011-12-02 14:15:06 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstautodetect.dll
MOD - [2011-12-02 14:15:06 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstequalizer.dll
MOD - [2011-12-02 14:15:06 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstneonhttpsrc.dll
MOD - [2011-12-02 14:15:06 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcdxaparse.dll
MOD - [2011-12-02 14:15:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsttta.dll
MOD - [2011-12-02 14:15:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudiorate.dll
MOD - [2011-12-02 14:15:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwasapi.dll
MOD - [2011-12-02 14:15:06 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstlevel.dll
MOD - [2011-12-02 14:15:06 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstauparse.dll
MOD - [2011-12-02 14:15:06 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstalaw.dll
MOD - [2011-12-02 14:15:06 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstspeed.dll
MOD - [2011-12-02 14:15:06 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwaveformsink.dll
MOD - [2011-12-02 14:15:06 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsticydemux.dll
MOD - [2011-12-02 14:15:06 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwaveenc.dll
MOD - [2011-12-02 14:15:06 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstapetag.dll
MOD - [2011-12-02 14:15:06 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstnetsim.dll
MOD - [2011-12-02 14:15:06 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstacmmp3dec.dll
MOD - [2011-12-02 14:15:06 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgststereo.dll
MOD - [2011-12-02 14:15:06 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcoreindexers.dll
MOD - [2011-12-02 14:15:06 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstapp.dll
MOD - [2011-12-02 14:14:40 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avformat-lgpl-52.dll
MOD - [2011-12-02 14:14:40 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libexpat-1.dll
MOD - [2011-12-02 14:14:40 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\z.dll
MOD - [2011-12-02 14:14:32 | 005,038,592 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avcodec-lgpl-52.dll
MOD - [2011-12-02 14:14:32 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libxml2-2.dll
MOD - [2011-12-02 14:14:32 | 000,563,712 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\liborc-0.4-0.dll
MOD - [2011-12-02 14:14:32 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstbase-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libwavpack-1.dll
MOD - [2011-12-02 14:14:32 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libneon-27.dll
MOD - [2011-12-02 14:14:32 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstrtsp-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstriff-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstvideo-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstsdp-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avcore-lgpl-0.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2014-06-25 18:41:47 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:[b]64bit:[/b] - [2014-06-21 00:19:27 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2010-04-07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
SRV - [2014-08-22 23:56:12 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014-07-09 02:58:36 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-06-12 01:42:22 | 000,591,776 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -- (WindowsProtectManger)
SRV - [2014-05-08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-04-20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-04-07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe -- (STacSV)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-11-04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-11-04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2014-09-08 00:38:36 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2014-09-08 00:38:36 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:[b]64bit:[/b] - [2014-06-21 00:19:27 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2014-06-21 00:19:26 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2014-06-13 13:36:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys -- ({57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64)
DRV:[b]64bit:[/b] - [2014-04-10 17:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:[b]64bit:[/b] - [2014-03-28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:[b]64bit:[/b] - [2014-03-26 17:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:[b]64bit:[/b] - [2014-03-25 16:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:[b]64bit:[/b] - [2014-02-25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2014-02-20 12:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:[b]64bit:[/b] - [2013-08-08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2013-04-12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:[b]64bit:[/b] - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010-11-20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-04-07 04:35:04 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2010-03-04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-02-27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010-01-28 06:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009-12-10 19:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2009-09-17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-29 00:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-08 00:11:41 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-08 00:11:42 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-08 00:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-08 00:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-08 00:11:41 | 000,000,000 | ---D | M]
[2014-01-21 20:07:48 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByD0EtB0F0C0E0CtBtDtBtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1396349096
CHR - plugin: Error reading preferences file
CHR - Extension: KMP Media Toolbar = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaipkbmjkakicapiinmamgjlkaeehh\45.6_0\
CHR - Extension: Dokumenty Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Dysk Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Kingdom Rush = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.1.0.1_0\
CHR - Extension: Szukaj w Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky Protection = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: Ocean Pacific = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\
CHR - Extension: AdBlock = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Rozszerzenie Subskrypcje RSS (od Google) = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.4_0\
CHR - Extension: Google Wallet = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [fst_pl_141] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe (APN LLC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [ChomikBox] C:\Program Files (x86)\ChomikBox\chomikbox.exe ( )
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [uTorrent] C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:[b]64bit:[/b] - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O9:[b]64bit:[/b] - Extra Button: Klawiatura wirtualna - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Klawiatura wirtualna - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF4BDEC9-0547-4347-BFA5-6483D5BFD1BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-06-25 17:58:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014-09-08 09:51:43 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\!!!!Czysczenie
[2014-09-08 00:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014-09-08 00:10:35 | 000,792,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014-09-08 00:10:35 | 000,243,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klhk.sys
[2014-09-08 00:10:35 | 000,140,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014-09-02 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2
[2014-09-02 18:18:19 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv
[2014-09-02 18:18:13 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8
[2014-09-02 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions
[2014-09-01 23:14:18 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Adobe Acrobat XI Pro 11.0.0 RePack
[2014-09-01 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]
[2014-08-31 09:29:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014-08-31 09:03:01 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\PS
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014-09-08 10:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-09-08 09:58:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-09-08 09:55:07 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-09-08 09:55:07 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-09-08 09:47:59 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-09-08 09:47:21 | 3113,164,800 | -HS- | M] () -- C:\hiberfil.sys
[2014-09-08 09:45:41 | 000,002,330 | ---- | M] () -- C:\Users\Dell\Desktop\Bezpieczne pieniądze.lnk
[2014-09-08 09:32:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-09-08 00:38:36 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014-09-08 00:38:36 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014-09-08 00:12:08 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014-09-08 00:04:25 | 000,000,163 | ---- | M] () -- C:\Users\Dell\Desktop\CBIT1-140905-12527-04.zip
[2014-09-06 08:16:23 | 005,754,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-09-05 20:20:45 | 000,425,984 | ---- | M] () -- C:\Users\Dell\Documents\Untitled-1.indd
[2014-09-05 06:44:07 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-09-04 07:47:32 | 000,510,501 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 3.JPG
[2014-09-04 07:47:32 | 000,477,163 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 5.JPG
[2014-09-04 07:47:32 | 000,417,763 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 2.JPG
[2014-09-04 07:47:32 | 000,371,544 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 4.JPG
[2014-09-04 07:47:32 | 000,350,314 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 1.JPG
[2014-09-04 07:46:54 | 002,095,433 | ---- | M] () -- C:\Users\Dell\Desktop\Gmail.zip
[2014-09-03 18:41:55 | 001,201,894 | ---- | M] () -- C:\Users\Dell\Desktop\wq.pdf
[2014-09-02 22:26:25 | 003,203,763 | ---- | M] () -- C:\Users\Dell\Desktop\vxcvxcxvc.png
[2014-09-02 22:26:19 | 000,000,132 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
[2014-09-02 22:25:51 | 000,241,309 | ---- | M] () -- C:\Users\Dell\Desktop\138234ef2d52e2caf6d5001a3736c207.png
[2014-09-02 22:25:07 | 000,252,640 | ---- | M] () -- C:\Users\Dell\Desktop\40706aa1b8b59c75c42089173fb0bce5.jpg
[2014-09-02 22:24:54 | 000,240,444 | ---- | M] () -- C:\Users\Dell\Desktop\8c88175f0873b3c59fcf9d21ef4bdda4.jpg
[2014-09-02 22:21:18 | 206,218,934 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.psd
[2014-09-02 22:17:20 | 000,236,588 | ---- | M] () -- C:\Users\Dell\Desktop\281d0fa23e3765b16c8cd1dacb82dde4.jpg
[2014-09-02 22:15:03 | 000,095,296 | ---- | M] () -- C:\Users\Dell\Desktop\tumblr_mx8v07youX1ry9ihzo1_500.jpg
[2014-09-02 22:14:09 | 000,117,208 | ---- | M] () -- C:\Users\Dell\Desktop\70ce197a10b42dc5cd84f6dd4ce6892d.jpg
[2014-09-02 22:13:19 | 000,030,455 | ---- | M] () -- C:\Users\Dell\Desktop\dolla-dolla-bill-yall-sloth-meme.jpg
[2014-09-02 22:13:08 | 000,320,860 | ---- | M] () -- C:\Users\Dell\Desktop\new_sloth_face_0914b.jpg
[2014-09-02 22:12:10 | 004,409,720 | ---- | M] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq (1).jpg
[2014-09-02 22:11:41 | 000,182,710 | ---- | M] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq.jpg
[2014-09-02 22:09:47 | 000,044,925 | ---- | M] () -- C:\Users\Dell\Desktop\SlothTShirt_PirateSloth_Black_1.jpg
[2014-09-02 21:58:37 | 000,192,045 | ---- | M] () -- C:\Users\Dell\Desktop\347-Men_Sloth.jpg
[2014-09-02 21:55:34 | 032,498,035 | ---- | M] () -- C:\Users\Dell\Desktop\fdggf.png
[2014-09-02 21:39:19 | 004,035,734 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_054re1.png
[2014-09-02 21:34:07 | 003,398,006 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.png
[2014-09-02 21:16:00 | 025,419,924 | ---- | M] () -- C:\Users\Dell\Desktop\okladka.ai
[2014-09-02 20:00:51 | 006,558,343 | ---- | M] () -- C:\Users\Dell\Desktop\fgd.jpg
[2014-09-02 19:52:23 | 001,536,401 | ---- | M] () -- C:\Users\Dell\Desktop\fgd - Kopia.jpg
[2014-09-02 19:37:12 | 006,469,236 | ---- | M] () -- C:\Users\Dell\Desktop\_DSCd9339.jpg
[2014-09-02 18:14:25 | 000,000,505 | ---- | M] () -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2.rar
[2014-09-02 18:14:09 | 000,694,174 | ---- | M] () -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8.zip
[2014-09-02 18:14:00 | 000,001,467 | ---- | M] () -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv.zip
[2014-09-02 18:08:20 | 000,024,559 | ---- | M] () -- C:\Users\Dell\Desktop\caitlins_actions__by_mumbojumbo89.atn
[2014-09-02 18:06:34 | 000,008,673 | ---- | M] () -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions.zip
[2014-09-02 17:14:32 | 011,743,431 | ---- | M] () -- C:\Users\Dell\Desktop\okadkafxmag.zip
[2014-09-02 17:13:40 | 004,043,973 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9339.jpg
[2014-09-02 17:13:40 | 003,088,694 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9408.jpg
[2014-09-02 17:13:40 | 002,832,451 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9369.jpg
[2014-09-02 17:13:40 | 001,841,814 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9884.jpg
[2014-09-02 17:13:40 | 000,002,858 | ---- | M] () -- C:\Users\Dell\Desktop\image001.jpg
[2014-09-01 23:10:21 | 000,019,143 | ---- | M] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_Extended_Final_CS6_13 0_x86x64_[PL]_[Crack][Torrenty.org].torrent
[2014-09-01 23:08:52 | 000,014,730 | ---- | M] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_v13 0_Extended_Final_x86_x64_[PL]_[Crack][Armaros-torrenty org][Torrenty.org].torrent
[2014-09-01 01:06:41 | 000,403,601 | ---- | M] () -- C:\Users\Dell\Desktop\158210_original.jpg
[2014-08-31 17:05:38 | 002,101,596 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.JPG
[2014-08-31 09:11:23 | 001,343,611 | ---- | M] () -- C:\Users\Dell\Desktop\tatuaz.ai
[2014-08-31 08:56:46 | 001,662,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-08-31 08:56:46 | 000,737,880 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-08-31 08:56:46 | 000,652,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-08-31 08:56:46 | 000,154,536 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-08-31 08:56:46 | 000,120,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-08-13 19:22:14 | 000,121,809 | ---- | M] () -- C:\Users\Dell\Desktop\jonathan-s-harris_praying-angel.zip
[2014-08-13 18:55:23 | 000,140,836 | ---- | M] () -- C:\Users\Dell\Desktop\Infinity_by_Tarin_Yuangtrakul.rar
[2014-08-13 18:48:29 | 000,187,146 | ---- | M] () -- C:\Users\Dell\Desktop\Nord™ Typefamily.zip
[2014-08-13 18:47:40 | 000,008,041 | ---- | M] () -- C:\Users\Dell\Desktop\Komoda.zip
[2014-08-13 18:47:09 | 000,048,546 | ---- | M] () -- C:\Users\Dell\Desktop\Elegant Lux Mager.zip
[2014-08-13 18:46:27 | 005,766,338 | ---- | M] () -- C:\Users\Dell\Desktop\futuracha.eps
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014-09-08 00:16:22 | 000,002,330 | ---- | C] () -- C:\Users\Dell\Desktop\Bezpieczne pieniądze.lnk
[2014-09-08 00:13:08 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014-09-08 00:04:24 | 000,000,163 | ---- | C] () -- C:\Users\Dell\Desktop\CBIT1-140905-12527-04.zip
[2014-09-05 20:20:43 | 000,425,984 | ---- | C] () -- C:\Users\Dell\Documents\Untitled-1.indd
[2014-09-04 07:50:28 | 000,510,501 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 3.JPG
[2014-09-04 07:50:28 | 000,477,163 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 5.JPG
[2014-09-04 07:50:28 | 000,417,763 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 2.JPG
[2014-09-04 07:50:28 | 000,371,544 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 4.JPG
[2014-09-04 07:50:28 | 000,350,314 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 1.JPG
[2014-09-04 07:46:48 | 002,095,433 | ---- | C] () -- C:\Users\Dell\Desktop\Gmail.zip
[2014-09-03 18:41:47 | 001,201,894 | ---- | C] () -- C:\Users\Dell\Desktop\wq.pdf
[2014-09-02 22:26:17 | 003,203,763 | ---- | C] () -- C:\Users\Dell\Desktop\vxcvxcxvc.png
[2014-09-02 22:25:49 | 000,241,309 | ---- | C] () -- C:\Users\Dell\Desktop\138234ef2d52e2caf6d5001a3736c207.png
[2014-09-02 22:25:05 | 000,252,640 | ---- | C] () -- C:\Users\Dell\Desktop\40706aa1b8b59c75c42089173fb0bce5.jpg
[2014-09-02 22:24:47 | 000,240,444 | ---- | C] () -- C:\Users\Dell\Desktop\8c88175f0873b3c59fcf9d21ef4bdda4.jpg
[2014-09-02 22:20:48 | 206,218,934 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.psd
[2014-09-02 22:17:20 | 000,236,588 | ---- | C] () -- C:\Users\Dell\Desktop\281d0fa23e3765b16c8cd1dacb82dde4.jpg
[2014-09-02 22:14:59 | 000,095,296 | ---- | C] () -- C:\Users\Dell\Desktop\tumblr_mx8v07youX1ry9ihzo1_500.jpg
[2014-09-02 22:14:08 | 000,117,208 | ---- | C] () -- C:\Users\Dell\Desktop\70ce197a10b42dc5cd84f6dd4ce6892d.jpg
[2014-09-02 22:13:18 | 000,030,455 | ---- | C] () -- C:\Users\Dell\Desktop\dolla-dolla-bill-yall-sloth-meme.jpg
[2014-09-02 22:13:07 | 000,320,860 | ---- | C] () -- C:\Users\Dell\Desktop\new_sloth_face_0914b.jpg
[2014-09-02 22:12:06 | 004,409,720 | ---- | C] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq (1).jpg
[2014-09-02 22:11:39 | 000,182,710 | ---- | C] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq.jpg
[2014-09-02 22:09:43 | 000,044,925 | ---- | C] () -- C:\Users\Dell\Desktop\SlothTShirt_PirateSloth_Black_1.jpg
[2014-09-02 21:58:26 | 000,192,045 | ---- | C] () -- C:\Users\Dell\Desktop\347-Men_Sloth.jpg
[2014-09-02 21:46:11 | 032,498,035 | ---- | C] () -- C:\Users\Dell\Desktop\fdggf.png
[2014-09-02 21:39:08 | 004,035,734 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_054re1.png
[2014-09-02 21:33:47 | 003,398,006 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.png
[2014-09-02 21:28:04 | 002,101,596 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.JPG
[2014-09-02 21:15:59 | 025,419,924 | ---- | C] () -- C:\Users\Dell\Desktop\okladka.ai
[2014-09-02 20:00:16 | 001,536,401 | ---- | C] () -- C:\Users\Dell\Desktop\fgd - Kopia.jpg
[2014-09-02 19:52:14 | 006,558,343 | ---- | C] () -- C:\Users\Dell\Desktop\fgd.jpg
[2014-09-02 19:37:02 | 006,469,236 | ---- | C] () -- C:\Users\Dell\Desktop\_DSCd9339.jpg
[2014-09-02 18:14:23 | 000,000,505 | ---- | C] () -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2.rar
[2014-09-02 18:14:06 | 000,694,174 | ---- | C] () -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8.zip
[2014-09-02 18:13:57 | 000,001,467 | ---- | C] () -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv.zip
[2014-09-02 18:08:19 | 000,024,559 | ---- | C] () -- C:\Users\Dell\Desktop\caitlins_actions__by_mumbojumbo89.atn
[2014-09-02 18:06:21 | 000,008,673 | ---- | C] () -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions.zip
[2014-09-02 17:35:46 | 004,043,973 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9339.jpg
[2014-09-02 17:35:46 | 003,088,694 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9408.jpg
[2014-09-02 17:35:46 | 002,832,451 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9369.jpg
[2014-09-02 17:35:46 | 001,841,814 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9884.jpg
[2014-09-02 17:35:46 | 000,002,858 | ---- | C] () -- C:\Users\Dell\Desktop\image001.jpg
[2014-09-02 17:13:39 | 011,743,431 | ---- | C] () -- C:\Users\Dell\Desktop\okadkafxmag.zip
[2014-09-02 16:55:26 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2014-09-02 16:54:36 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2014-09-02 16:53:35 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2014-09-01 23:10:19 | 000,019,143 | ---- | C] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_Extended_Final_CS6_13 0_x86x64_[PL]_[Crack][Torrenty.org].torrent
[2014-09-01 23:08:42 | 000,014,730 | ---- | C] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_v13 0_Extended_Final_x86_x64_[PL]_[Crack][Armaros-torrenty org][Torrenty.org].torrent
[2014-09-01 01:06:38 | 000,403,601 | ---- | C] () -- C:\Users\Dell\Desktop\158210_original.jpg
[2014-08-13 19:25:16 | 001,343,611 | ---- | C] () -- C:\Users\Dell\Desktop\tatuaz.ai
[2014-08-13 19:22:12 | 000,121,809 | ---- | C] () -- C:\Users\Dell\Desktop\jonathan-s-harris_praying-angel.zip
[2014-08-13 18:55:22 | 000,140,836 | ---- | C] () -- C:\Users\Dell\Desktop\Infinity_by_Tarin_Yuangtrakul.rar
[2014-08-13 18:48:26 | 000,187,146 | ---- | C] () -- C:\Users\Dell\Desktop\Nord™ Typefamily.zip
[2014-08-13 18:47:39 | 000,008,041 | ---- | C] () -- C:\Users\Dell\Desktop\Komoda.zip
[2014-08-13 18:47:02 | 000,048,546 | ---- | C] () -- C:\Users\Dell\Desktop\Elegant Lux Mager.zip
[2014-08-13 18:46:23 | 005,766,338 | ---- | C] () -- C:\Users\Dell\Desktop\futuracha.eps
[2014-06-29 18:31:45 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2014-06-25 18:43:20 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2014-06-25 18:12:59 | 001,637,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-06-25 13:05:23 | 000,000,132 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
[2014-06-21 00:13:48 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Extras
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2014-09-08 09:58:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop\!!!!Czysczenie
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,87 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,38% Memory free
7,73 Gb Paging File | 5,01 Gb Available in Paging File | 64,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 126,46 Gb Free Space | 64,75% Space Free | Partition Type: NTFS
Drive D: | 270,35 Gb Total Space | 112,80 Gb Free Space | 41,72% Space Free | Partition Type: NTFS
Computer Name: DELL-KOMPUTER | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BF8399C-5286-4F1D-A339-B1418B09759A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{84BFE9E8-10D2-4BBE-B1FF-AD648E185804}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03260C4F-527C-4204-B7D6-C066B38197DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1540C57A-DEEB-420C-B5FE-D6D31927857D}" = protocol=17 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe |
"{1B16FA1A-9208-4B5B-A6BD-CF42B8E43DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe |
"{1C974472-B603-4340-A42C-316D27B8E477}" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\utorrent\utorrent.exe |
"{597AC82D-F092-46F0-B01A-E63A6923E16B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B1CB9DE-958B-43D8-B326-C2F5BB61F4A1}" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\utorrent\utorrent.exe |
"{6C7009E4-7DDD-4AC1-8B9C-78C0D4448FCD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{746DC671-006E-4CE6-99D4-4797A4548B29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{781F0394-8CA2-4BA5-AF4C-1C0F1AB7B201}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{96A83176-7A0E-4E7F-96AA-5FB7A2CE66C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{9B49B961-CB48-4B36-BC3C-FEFB6556761A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D782DFE0-4E70-4D65-AC80-7C6B32EDF88D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E9D6EAAF-BBCE-4135-ADE9-E7DF5F0D89C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED678125-8C56-4DFB-8E16-52E8F58EA82C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"TCP Query User{74F29A7F-FF97-429B-9E4F-F82B27A0BA4C}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9FE0C869-FE2C-42CA-8F34-8118559A5447}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |
"UDP Query User{83AB0CDC-B8FE-4F6A-8716-59C54ACD8ECE}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CBCC5596-BD8B-4AFF-91FA-17E9071B23D8}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418005FF}" = Java 8 Update 5 (64-bit)
"{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR 5.01 (64-bitowy)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Obsługa programów Apple
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4D5056-3700-A76A-76A7-A758B70C1001}" = KMP Media Toolbar
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Polish
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C7B52FAF-58D8-438C-B810-F78C3C927504}" = ChomikBox
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"Google Chrome" = Google Chrome
"InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.5.5 Full
"NapiProjekt_is1" = NapiProjekt (2.2.0.2399)
"Samsung ML-1660 Series" = Konserwacja programu Samsung ML-1660 Series
"The KMPlayer" = The KMPlayer (remove only)
"WindowsProtectManger" = WindowsProtectManger20.0.0.401
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2014-09-08 04:00:45 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092
Error - 2014-09-08 04:00:46 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2014-09-08 04:00:46 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122
Error - 2014-09-08 04:00:46 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122
Error - 2014-09-08 04:00:47 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2014-09-08 04:00:47 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3136
Error - 2014-09-08 04:00:47 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3136
Error - 2014-09-08 04:00:49 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2014-09-08 04:00:49 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4306
Error - 2014-09-08 04:00:49 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4306
[ Broadcom Wireless LAN Events ]
Error - 2014-06-24 04:42:54 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 10:42:54, Tue, Jun 24, 14 Error - Error in WNetOpenEnum trying to disconnect
drives
Error - 2014-06-24 04:42:54 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 10:42:54, Tue, Jun 24, 14 Error - Error in WNetOpenEnum trying to disconnect
drives
Error - 2014-06-26 01:42:57 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 07:42:57, Thu, Jun 26, 14 Error - Error in WNetOpenEnum trying to disconnect
drives
Error - 2014-06-26 01:42:57 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 07:42:57, Thu, Jun 26, 14 Error - Error in WNetOpenEnum trying to disconnect
drives
Error - 2014-08-10 03:42:04 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 09:42:02, Sun, Aug 10, 14 Error - Unable to gain access to user store
[ System Events ]
Error - 2014-09-02 10:18:28 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2
Error - 2014-09-02 10:18:28 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2
Error - 2014-09-06 02:16:36 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2
Error - 2014-09-06 02:16:36 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2
Error - 2014-09-07 18:15:04 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2
Error - 2014-09-07 18:15:07 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2
Error - 2014-09-08 03:43:28 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2
Error - 2014-09-08 03:43:30 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2
Error - 2014-09-08 03:47:38 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu: %%2
Error - 2014-09-08 03:47:44 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu: %%2
< End of report >
Gmer log.
- Kod: Zaznacz wszystko
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-08 11:13:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS545050A7E380 rev.GG2OAC90 465,76GB
Running: 3u102nqp.exe; Driver: C:\Users\Dell\AppData\Local\Temp\aftciaob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075891465 2 bytes [89, 75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758914bb 2 bytes [89, 75]
.text ... * 2
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075891465 2 bytes [89, 75]
.text C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758914bb 2 bytes [89, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes JMP 3f30953f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes JMP 3f30953f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes JMP 3f30953f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes JMP 3f30953f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774311f5 8 bytes {JMP 0xd}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077431fd7 8 bytes {JMP 0xb}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774327d2 8 bytes {JMP 0x10}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774333c0 16 bytes {JMP 0x4e}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774813e0 2 bytes [FF, 25]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3 00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880046a2ec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4044:3932] 000007fefb862ab8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4044:4472] 000007fef7f75124
Thread C:\Windows\System32\svchost.exe [5488:5676] 000007feee719688
---- Processes - GMER 2.1 ----
Library C:\Users\Dell\AppData\Local\VNT\vntsrv.dll (*** suspicious ***) @ C:\Users\Dell\AppData\Local\VNT\vntldr.exe [4404] (Virtual New Tab Server/APN LLC.)(2014-07-18 05:36:53) 0000000066f10000
---- EOF - GMER 2.1 ----
