GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-14 06:45:15 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F 298,09GB Running: rc1z51vs.exe; Driver: C:\Users\Marzena\AppData\Local\Temp\uxliifow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E57A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E911F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, 00, 02, 01] {SUB [EAX], AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtMapViewOfSection + 6 77875C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, 03, 02, 01] {SUB [EBX], AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, 00, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, 01, 02, 01] {TEST AL, 0x1; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessToken + 6 77875D9E 4 Bytes CALL 76885FA4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, 02, 02, 01] {TEST AL, 0x2; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, 01, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, 02, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadTokenEx + 6 77875E2E 4 Bytes CALL 76886035 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, 00, 02, 01] {TEST AL, 0x0; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryFullAttributesFile + 6 77875FEE 4 Bytes CALL 768861F3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, 01, 02, 01] {SUB [ECX], AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, 02, 02, 01] {SUB [EDX], AL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, 03, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2520] kernel32.dll!SetUnhandledExceptionFilter 774FF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, 9C, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, 9F, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, 9C, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, 9D, 8A, 00] {TEST AL, 0x9d; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, 9E, 8A, 00] {TEST AL, 0x9e; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, 9D, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, 9E, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, 9C, 8A, 00] {TEST AL, 0x9c; MOV AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, 9D, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, 9E, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, 9F, 8A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, BC, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, BF, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, BC, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, BD, 7B, 00] {TEST AL, 0xbd; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, BE, 7B, 00] {TEST AL, 0xbe; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, BD, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, BE, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, BC, 7B, 00] {TEST AL, 0xbc; JNP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, BD, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, BE, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, BF, 7B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes CALL 5A8655FE .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, EB, 2B, 00] {SUB BL, CH; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes CALL 5A865D0E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes JMP 5A865DBE .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes JMP E2FF002B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes JMP 5A865E3E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes JMP E2FF002B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes CALL 5A865F6E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes JMP 5A86666E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes JMP E2FF002B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, EB, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, 18, 00, 01] {SUB [EAX], BL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, 1B, 00, 01] {SUB [EBX], BL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, 18, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, 19, 00, 01] {TEST AL, 0x19; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + 6 77875D9E 4 Bytes CALL 76885DBC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, 1A, 00, 01] {TEST AL, 0x1a; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, 19, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, 1A, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + 6 77875E2E 4 Bytes CALL 76885E4D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, 18, 00, 01] {TEST AL, 0x18; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + 6 77875FEE 4 Bytes CALL 7688600B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, 19, 00, 01] {SUB [ECX], BL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, 1A, 00, 01] {SUB [EDX], BL; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, 1B, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtCreateFile + 6 778755CE 4 Bytes [28, F8, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtCreateFile + B 778755D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtMapViewOfSection + 6 77875C2E 4 Bytes [28, FB, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtMapViewOfSection + B 77875C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenFile + 6 77875CDE 4 Bytes [68, F8, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenFile + B 77875CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcess + 6 77875D8E 4 Bytes [A8, F9, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcess + B 77875D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessToken + B 77875DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessTokenEx + 6 77875DAE 4 Bytes [A8, FA, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenProcessTokenEx + B 77875DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThread + 6 77875E0E 4 Bytes [68, F9, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThread + B 77875E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadToken + 6 77875E1E 4 Bytes [68, FA, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadToken + B 77875E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtOpenThreadTokenEx + B 77875E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryAttributesFile + 6 77875F3E 4 Bytes [A8, F8, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryAttributesFile + B 77875F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtQueryFullAttributesFile + B 77875FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationFile + 6 7787663E 4 Bytes [28, F9, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationFile + B 77876643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationThread + 6 7787669E 4 Bytes [28, FA, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtSetInformationThread + B 778766A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtUnmapViewOfSection + 6 778769BE 4 Bytes [68, FB, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3984] ntdll.dll!NtUnmapViewOfSection + B 778769C3 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745C24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745A562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745A56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745C2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745B85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745B4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745B5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745B51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745B6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745B8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745B8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745B90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745BE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745B4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----