GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-20 17:58:29 Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEVS-22UST0 rev.01.01A01 0.00MB Running: dokxkjpd.exe; Driver: C:\DOCUME~1\johny\LOCALS~1\Temp\kwldapod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xF79DB700] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6EEC360, 0x21B68D, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [18, 00, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[376] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, F4, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, F7, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, F4, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, F5, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B912D90 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, F6, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, F5, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, F6, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B912E24 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, F4, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B912FB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, F5, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, F6, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, F7, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 64, 5E, 00] {SUB [ESI+EBX*2+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 67, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 64, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 65, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B913C00 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 66, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 65, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 66, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B913C94 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 64, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B913E21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 65, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 66, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 67, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 74, 81, 00] {SUB [ECX+EAX*4+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 77, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 74, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 75, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B915F10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 76, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 75, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 76, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B915FA4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 74, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B916131 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 75, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 76, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 77, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 90, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 93, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 90, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 91, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B91972C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 92, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 91, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 92, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B9197C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 90, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B91994D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 91, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 92, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 93, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 88, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 8B, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 88, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 89, 31, 00] {TEST AL, 0x89; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B910F24 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 8A, 31, 00] {TEST AL, 0x8a; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 89, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 8A, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B910FB8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 88, 31, 00] {TEST AL, 0x88; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B911145 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 89, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 8A, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 8B, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\ggapp.exe[4068] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 014755E8 C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\ggapp.exe[4068] kernel32.dll!lstrlenW + 43 7C809A7C 7 Bytes JMP 01FAE5F0 C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\ggapp.exe[4068] kernel32.dll!MapViewOfFileEx + 6A 7C80B788 7 Bytes JMP 01FAE638 C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\ggapp.exe[4068] kernel32.dll!lstrcpyn + 70 7C810381 7 Bytes JMP 0148572C C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\ggapp.exe[4068] GDI32.dll!SetWindowOrgEx + 15E 77F1960B 7 Bytes JMP 01FAE65F C:\Documents and Settings\johny\Local Settings\Application Data\GG\Application\xulrunner\xul.dll ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ----