GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-05 19:13:06 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD753LJ rev.1AA01113 698,64GB Running: Gmer.exe; Driver: C:\Users\UKASZC~1\AppData\Local\Temp\kwldipow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8DC9CB10] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8DC9D5EE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8DCA95E0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8DCA962C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8DCA97C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8DCA954E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x8DCA9670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8DCA9596] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8DC9DB24] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8DC9DD40] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8DCA9780] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8DC9E3DC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8DC9CB76] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8DCA1B58] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8DC9C75E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8DC9CBDC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8DCA1F4E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8DC9EE6C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8DCA960A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8DCA964E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8DCA97EA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8DCA9574] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8DCA1452] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8DCA96FE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8DCA95BE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8DCA183A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8DCA97A4] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x916CC0CC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8DC9ED38] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8DC9EA46] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8DC9CC42] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8DC9CCA8] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x916CC316] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8DC9C7F8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8DC9C9CE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8DC9C95C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8DC9E5A6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8DC9E708] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8DC9CA56] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x916CC194] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8DC9E236] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8DC9CD0E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8DC9D64A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C55A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8F212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C96460 4 Bytes [10, CB, C9, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C964E8 4 Bytes [EE, D5, C9, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C9653C 8 Bytes [E0, 95, CA, 8D, 2C, 96, CA, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C96548 4 Bytes [C6, 97, CA, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C96564 4 Bytes [4E, 95, CA, 8D] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91A18000, 0x38E905, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Application Updater\ApplicationUpdater.exe[200] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[384] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\wininit.exe[464] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[488] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\services.exe[512] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, 28, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, 2B, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, 28, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, 29, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 76894C0C C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, 2A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, 29, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, 2A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 76894C9D C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, 28, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 76894E5B C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, 29, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, 2A, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, 2B, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 00FB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 00FB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[692] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\atiesrxx.exe[828] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[868] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, 60, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, 63, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, 60, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, 61, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 7688BD44 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, 62, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, 61, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, 62, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 7688BDD5 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, 60, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 7688BF93 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, 61, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, 62, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, 63, 5F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 007C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 007C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1228] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\atieclxx.exe[1332] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1344] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, DC, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, DF, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, DC, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, DD, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 768918C0 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, DE, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, DD, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, DE, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 76891951 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, DC, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 76891B0F C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, DD, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, DE, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, DF, BA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 00C603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 00C601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1480] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1516] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\Explorer.EXE[1572] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1600] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[1612] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, 9C, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, 9F, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, 9C, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, 9D, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 7688BB80 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, 9E, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, 9D, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, 9E, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 7688BC11 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, 9C, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 7688BDCF C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, 9D, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, 9E, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, 9F, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 006E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 006E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\System32\C2MP\TrayMenu.exe[2172] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\System32\WUDFHost.exe[2212] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Users\Łukasz Ciapała\AppData\Local\Lollipop\Lollipop.exe[2224] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2244] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, DC, 0B, 00] {SUB AH, BL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, DF, 0B, 00] {SUB BH, BL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, DC, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, DD, 0B, 00] {TEST AL, 0xdd; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 768869C0 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, DE, 0B, 00] {TEST AL, 0xde; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, DD, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, DE, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 76886A51 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, DC, 0B, 00] {TEST AL, 0xdc; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 76886C0F C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, DD, 0B, 00] {SUB CH, BL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, DE, 0B, 00] {SUB DH, BL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, DF, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 001003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 001001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3080] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Users\Łukasz Ciapała\Desktop\fixitpc\Gmer.exe[3208] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3412] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3608] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[3632] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, 28, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, 2B, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, 28, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, 29, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 7689520C C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, 2A, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, 29, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, 2A, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 7689529D C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, 28, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 7689545B C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, 29, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, 2A, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, 2B, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 010503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 010501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] WS2_32.dll!closesocket 76A03918 5 Bytes JMP 10002ED8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] WS2_32.dll!WSASend 76A04406 5 Bytes JMP 10002A6C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] WS2_32.dll!recv 76A06B0E 5 Bytes JMP 10002AEC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] WS2_32.dll!send 76A06F01 5 Bytes JMP 100029FF .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] WS2_32.dll!WSARecv 76A07089 5 Bytes JMP 10002C0F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] WS2_32.dll!WSAGetOverlappedResult 76A07489 5 Bytes JMP 10002D84 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, 6C, 3E, 00] {SUB [ESI+EDI+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, 6F, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, 6C, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, 6D, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 76889C50 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, 6E, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, 6D, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, 6E, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 76889CE1 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, 6C, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 76889E9F C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, 6D, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, 6E, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, 6F, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 005F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 005F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4428] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4448] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + 6 7788560E 4 Bytes [28, F4, 18, 00] {SUB AH, DH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + B 77885613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + 6 77885C6E 4 Bytes [28, F7, 18, 00] {SUB BH, DH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + B 77885C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + 6 77885D1E 4 Bytes [68, F4, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + B 77885D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + 6 77885DCE 4 Bytes [A8, F5, 18, 00] {TEST AL, 0xf5; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + B 77885DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessToken + 6 77885DDE 4 Bytes CALL 768876D8 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessToken + B 77885DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + 6 77885DEE 4 Bytes [A8, F6, 18, 00] {TEST AL, 0xf6; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + B 77885DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + 6 77885E4E 4 Bytes [68, F5, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + B 77885E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + 6 77885E5E 4 Bytes [68, F6, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + B 77885E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadTokenEx + 6 77885E6E 4 Bytes CALL 76887769 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadTokenEx + B 77885E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + 6 77885F7E 4 Bytes [A8, F4, 18, 00] {TEST AL, 0xf4; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + B 77885F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryFullAttributesFile + 6 7788602E 4 Bytes CALL 76887927 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryFullAttributesFile + B 77886033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + 6 7788667E 4 Bytes [28, F5, 18, 00] {SUB CH, DH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + B 77886683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + 6 778866DE 4 Bytes [28, F6, 18, 00] {SUB DH, DH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + B 778866E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + 6 778869FE 4 Bytes [68, F7, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + B 77886A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!LdrUnloadDll 7789C8DE 5 Bytes JMP 002903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!LdrLoadDll 778A22AE 5 Bytes JMP 002901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4516] KERNEL32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[5064] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\System32\svchost.exe[5172] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[5956] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] .text C:\Program Files\Winamp\winamp.exe[6096] kernel32.dll!GetBinaryTypeW + 70 75C469E4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@DisplayName BuzzSearch 2013.11.07.232809 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@UninstallString C:\Program Files\BuzzSearch\BuzzSearchuninstall.exe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@QuietUninstallString C:\Program Files\BuzzSearch\BuzzSearchuninstall.exe /S Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@InstallLocation C:\Program Files\BuzzSearch Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@DisplayIcon C:\Program Files\BuzzSearch\BuzzSearch.ico Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@Publisher BuzzSearch Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@HelpLink mailto:support@mybuzzsearch.com Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@URLUpdateInfo http://mybuzzsearch.com Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@URLInfoAbout http://mybuzzsearch.com/support Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@DisplayVersion 2013.11.07.232809 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@NoModify 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@NoRepair 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch@EstimatedSize 768 ---- EOF - GMER 2.1 ----