GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-01 11:23:22 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-603CA0 rev.18.01H18 465.76GB Running: rg3bz7n0.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8EEC114A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8EEC121A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8EEC0D7C] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8EEC0F6A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8EEC1000] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8EEC0E32] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8EEC0ECE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8EEC109C] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82897839 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828BC3F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 4A0 828C3E30 8 Bytes [4A, 11, EC, 8E, 1A, 12, EC, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 828C3E78 4 Bytes [7C, 0D, EC, 8E] .text ntkrnlpa.exe!RtlSidHashLookup + 7A8 828C4138 8 Bytes [6A, 0F, EC, 8E, 00, 10, EC, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 828C4148 8 Bytes [32, 0E, EC, 8E, CE, 0E, EC, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 82C 828C41BC 4 Bytes [9C, 10, EC, 8E] ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtCreateFile + 6 77CA46B6 4 Bytes [28, 88, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtCreateFile + B 77CA46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtMapViewOfSection + 6 77CA4D16 4 Bytes [28, 8B, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtMapViewOfSection + B 77CA4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenFile + 6 77CA4DC6 4 Bytes [68, 88, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenFile + B 77CA4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcess + 6 77CA4E76 4 Bytes [A8, 89, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcess + B 77CA4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcessToken + 6 77CA4E86 4 Bytes CALL 76CA6C14 .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcessToken + B 77CA4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcessTokenEx + 6 77CA4E96 4 Bytes [A8, 8A, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcessTokenEx + B 77CA4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThread + 6 77CA4EF6 4 Bytes [68, 89, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThread + B 77CA4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThreadToken + 6 77CA4F06 4 Bytes [68, 8A, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThreadToken + B 77CA4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThreadTokenEx + 6 77CA4F16 4 Bytes CALL 76CA6CA5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThreadTokenEx + B 77CA4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtQueryAttributesFile + 6 77CA5026 4 Bytes [A8, 88, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtQueryAttributesFile + B 77CA502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtQueryFullAttributesFile + 6 77CA50D6 4 Bytes CALL 76CA6E63 .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtQueryFullAttributesFile + B 77CA50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationFile + 6 77CA5726 4 Bytes [28, 89, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationFile + B 77CA572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationThread + 6 77CA5786 4 Bytes [28, 8A, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationThread + B 77CA578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtUnmapViewOfSection + 6 77CA5AA6 4 Bytes [68, 8B, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtUnmapViewOfSection + B 77CA5AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtCreateFile + 6 77CA46B6 4 Bytes [28, 20, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtCreateFile + B 77CA46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + 6 77CA4D16 4 Bytes [28, 23, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + B 77CA4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenFile + 6 77CA4DC6 4 Bytes [68, 20, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenFile + B 77CA4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcess + 6 77CA4E76 4 Bytes [A8, 21, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcess + B 77CA4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessToken + 6 77CA4E86 4 Bytes CALL 76CAE3AC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessToken + B 77CA4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessTokenEx + 6 77CA4E96 4 Bytes [A8, 22, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessTokenEx + B 77CA4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThread + 6 77CA4EF6 4 Bytes [68, 21, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThread + B 77CA4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadToken + 6 77CA4F06 4 Bytes [68, 22, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadToken + B 77CA4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadTokenEx + 6 77CA4F16 4 Bytes CALL 76CAE43D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadTokenEx + B 77CA4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryAttributesFile + 6 77CA5026 4 Bytes [A8, 20, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryAttributesFile + B 77CA502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryFullAttributesFile + 6 77CA50D6 4 Bytes CALL 76CAE5FB .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryFullAttributesFile + B 77CA50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationFile + 6 77CA5726 4 Bytes [28, 21, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationFile + B 77CA572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationThread + 6 77CA5786 4 Bytes [28, 22, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationThread + B 77CA578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + 6 77CA5AA6 4 Bytes [68, 23, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + B 77CA5AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtCreateFile + 6 77CA46B6 2 Bytes [28, 34] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtCreateFile + 9 77CA46B9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtCreateFile + 9 77CA46B9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtMapViewOfSection + 6 77CA4D16 2 Bytes [28, 37] {SUB [EDI], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtMapViewOfSection + 9 77CA4D19 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtMapViewOfSection + 9 77CA4D19 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenFile + 6 77CA4DC6 2 Bytes [68, 34] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenFile + 9 77CA4DC9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenFile + 9 77CA4DC9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcess + 6 77CA4E76 2 Bytes [A8, 35] {TEST AL, 0x35} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcess + 9 77CA4E79 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcess + 9 77CA4E79 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcessToken + 9 77CA4E89 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcessToken + 9 77CA4E89 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcessTokenEx + 6 77CA4E96 2 Bytes [A8, 36] {TEST AL, 0x36} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcessTokenEx + 9 77CA4E99 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenProcessTokenEx + 9 77CA4E99 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThread + 6 77CA4EF6 2 Bytes [68, 35] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThread + 9 77CA4EF9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThread + 9 77CA4EF9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThreadToken + 6 77CA4F06 2 Bytes [68, 36] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThreadToken + 9 77CA4F09 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThreadToken + 9 77CA4F09 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThreadTokenEx + 9 77CA4F19 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtOpenThreadTokenEx + 9 77CA4F19 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtQueryAttributesFile + 6 77CA5026 2 Bytes [A8, 34] {TEST AL, 0x34} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtQueryAttributesFile + 9 77CA5029 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtQueryAttributesFile + 9 77CA5029 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtQueryFullAttributesFile + 9 77CA50D9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtQueryFullAttributesFile + 9 77CA50D9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtSetInformationFile + 6 77CA5726 2 Bytes [28, 35] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtSetInformationFile + 9 77CA5729 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtSetInformationFile + 9 77CA5729 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtSetInformationThread + 6 77CA5786 2 Bytes [28, 36] {SUB [ESI], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtSetInformationThread + 9 77CA5789 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtSetInformationThread + 9 77CA5789 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtUnmapViewOfSection + 6 77CA5AA6 2 Bytes [68, 37] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtUnmapViewOfSection + 9 77CA5AA9 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!NtUnmapViewOfSection + 9 77CA5AA9 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + 6 77CA46B6 4 Bytes [28, F4, 08, 01] {SUB AH, DH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + B 77CA46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + 6 77CA4D16 4 Bytes [28, F7, 08, 01] {SUB BH, DH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + B 77CA4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + 6 77CA4DC6 4 Bytes [68, F4, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + B 77CA4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + 6 77CA4E76 4 Bytes [A8, F5, 08, 01] {TEST AL, 0xf5; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + B 77CA4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessToken + B 77CA4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + 6 77CA4E96 4 Bytes [A8, F6, 08, 01] {TEST AL, 0xf6; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + B 77CA4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + 6 77CA4EF6 4 Bytes [68, F5, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + B 77CA4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + 6 77CA4F06 4 Bytes [68, F6, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + B 77CA4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadTokenEx + B 77CA4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + 6 77CA5026 4 Bytes [A8, F4, 08, 01] {TEST AL, 0xf4; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + B 77CA502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryFullAttributesFile + B 77CA50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + 6 77CA5726 4 Bytes [28, F5, 08, 01] {SUB CH, DH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + B 77CA572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + 6 77CA5786 4 Bytes [28, F6, 08, 01] {SUB DH, DH; OR [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + B 77CA578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + 6 77CA5AA6 4 Bytes [68, F7, 08, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + B 77CA5AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 77CA46B6 4 Bytes [28, BC, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 77CA46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 77CA4D16 4 Bytes [28, BF, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 77CA4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 77CA4DC6 4 Bytes [68, BC, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 77CA4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 77CA4E76 4 Bytes [A8, BD, 63, 00] {TEST AL, 0xbd; ARPL [EAX], AX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 77CA4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + 6 77CA4E86 4 Bytes CALL 76CAB248 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 77CA4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 77CA4E96 4 Bytes [A8, BE, 63, 00] {TEST AL, 0xbe; ARPL [EAX], AX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 77CA4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 77CA4EF6 4 Bytes [68, BD, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 77CA4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 77CA4F06 4 Bytes [68, BE, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 77CA4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + 6 77CA4F16 4 Bytes CALL 76CAB2D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 77CA4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 77CA5026 4 Bytes [A8, BC, 63, 00] {TEST AL, 0xbc; ARPL [EAX], AX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 77CA502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + 6 77CA50D6 4 Bytes CALL 76CAB497 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 77CA50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 77CA5726 4 Bytes [28, BD, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 77CA572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 77CA5786 4 Bytes [28, BE, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 77CA578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77CA5AA6 4 Bytes [68, BF, 63, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 77CA5AAB 1 Byte [E2] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2616] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2616] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2616] @ C:\Windows\system32\crypt32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2616] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\RunDll32.exe[3300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\RunDll32.exe[3300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\RunDll32.exe[3300] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\RunDll32.exe[3300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\RunDll32.exe[3300] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\system32\RunDll32.exe[3300] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75325E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) ---- EOF - GMER 2.0 ----