GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-09 19:38:59 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: wivtsqx1.exe; Driver: C:\Users\Anna\AppData\Local\Temp\aftcqaog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x92D54AA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x92D5557E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x92D615C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x92D61614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x92D617AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x92D61536] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x92E0B6D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x92D6157E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x92D55AB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x92D55CD0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x92D61768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x92D5636C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x92D54B06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x92D59B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x92D546F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x92E0B7B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x92D54B6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x92D59F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x92D56E54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x92D615F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x92D61636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x92D617D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x92D6155C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x92D5943A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x92D616E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x92D615A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x92D59822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x92D6178C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x92E0B556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x92D56CC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x92D569D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x92D54BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x92D54C38] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x92E0B8AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x92D5478C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x92D5495E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x92D548EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x92D56536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x92D56698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x92D549E6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x92E0B624] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x92D561C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x92D54C9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x92D555DA] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 8344A9A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8346A512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 83471988 4 Bytes [A0, 4A, D5, 92] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 83471A10 4 Bytes [7E, 55, D5, 92] {JLE 0x57; AAD 0x92} .text ntoskrnl.exe!KeRemoveQueueEx + 146F 83471A64 8 Bytes [C8, 15, D6, 92, 14, 16, D6, ...] {ENTER 0xd615, 0x92; ADC AL, 0x16; SALC ; XCHG EDX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 147B 83471A70 4 Bytes [AE, 17, D6, 92] {SCASB ; POP SS; SALC ; XCHG EDX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 1497 83471A8C 4 Bytes [36, 15, D6, 92] .text ... PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 836251C1 4 Bytes CALL 92D57517 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 83661EFD 4 Bytes CALL 92D5752D \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8BF3F346] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtCreateFile + 6 7762560E 4 Bytes [28, E4, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtCreateFile + B 77625613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [28, E7, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenFile + 6 77625D1E 4 Bytes [68, E4, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenFile + B 77625D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenProcess + 6 77625DCE 4 Bytes [A8, E5, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenProcess + B 77625DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenProcessToken + B 77625DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenProcessTokenEx + 6 77625DEE 4 Bytes [A8, E6, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenProcessTokenEx + B 77625DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenThread + 6 77625E4E 4 Bytes [68, E5, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenThread + B 77625E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenThreadToken + 6 77625E5E 4 Bytes [68, E6, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenThreadToken + B 77625E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtOpenThreadTokenEx + B 77625E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtQueryAttributesFile + 6 77625F7E 4 Bytes [A8, E4, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtQueryAttributesFile + B 77625F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtQueryFullAttributesFile + B 77626033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtSetInformationFile + 6 7762667E 4 Bytes [28, E5, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtSetInformationFile + B 77626683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtSetInformationThread + 6 776266DE 4 Bytes [28, E6, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtSetInformationThread + B 776266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtUnmapViewOfSection + 6 776269FE 4 Bytes [68, E7, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!NtUnmapViewOfSection + B 77626A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 00FB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 00FB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[240] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\svchost.exe[368] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\wininit.exe[556] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\csrss.exe[572] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1352] kernel32.dll!SetUnhandledExceptionFilter 75C6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1352] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\PnkBstrA.exe[1472] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1536] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1552] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\svchost.exe[1780] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [18, 10, C4, 66] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2104] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2232] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[2276] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\svchost.exe[2380] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text ... .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2576] kernel32.dll!SetUnhandledExceptionFilter 75C6F5AB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2576] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2600] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\taskhost.exe[2768] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Users\Anna\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[2808] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\taskeng.exe[2824] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3720] kernel32.dll!SetUnhandledExceptionFilter 75C6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3720] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\System32\svchost.exe[3836] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3868] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\SearchIndexer.exe[3960] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4048] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtCreateFile + 6 7762560E 4 Bytes [28, C0, 86, 00] {SUB AL, AL; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtCreateFile + B 77625613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [28, C3, 86, 00] {SUB BL, AL; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenFile + 6 77625D1E 4 Bytes [68, C0, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenFile + B 77625D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenProcess + 6 77625DCE 4 Bytes [A8, C1, 86, 00] {TEST AL, 0xc1; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenProcess + B 77625DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenProcessToken + 6 77625DDE 4 Bytes CALL 7662E4A4 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenProcessToken + B 77625DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenProcessTokenEx + 6 77625DEE 4 Bytes [A8, C2, 86, 00] {TEST AL, 0xc2; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenProcessTokenEx + B 77625DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenThread + 6 77625E4E 4 Bytes [68, C1, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenThread + B 77625E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenThreadToken + 6 77625E5E 4 Bytes [68, C2, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenThreadToken + B 77625E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenThreadTokenEx + 6 77625E6E 4 Bytes CALL 7662E535 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtOpenThreadTokenEx + B 77625E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtQueryAttributesFile + 6 77625F7E 4 Bytes [A8, C0, 86, 00] {TEST AL, 0xc0; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtQueryAttributesFile + B 77625F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtQueryFullAttributesFile + 6 7762602E 4 Bytes CALL 7662E6F3 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtQueryFullAttributesFile + B 77626033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtSetInformationFile + 6 7762667E 4 Bytes [28, C1, 86, 00] {SUB CL, AL; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtSetInformationFile + B 77626683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtSetInformationThread + 6 776266DE 4 Bytes [28, C2, 86, 00] {SUB DL, AL; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtSetInformationThread + B 776266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtUnmapViewOfSection + 6 776269FE 4 Bytes [68, C3, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!NtUnmapViewOfSection + B 77626A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 009303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 009301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4140] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + 6 7762560E 4 Bytes [28, A4, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + B 77625613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [28, A7, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + 6 77625D1E 4 Bytes [68, A4, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + B 77625D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + 6 77625DCE 4 Bytes [A8, A5, 33, 00] {TEST AL, 0xa5; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + B 77625DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessToken + 6 77625DDE 4 Bytes CALL 76629188 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessToken + B 77625DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + 6 77625DEE 4 Bytes [A8, A6, 33, 00] {TEST AL, 0xa6; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + B 77625DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + 6 77625E4E 4 Bytes [68, A5, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + B 77625E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + 6 77625E5E 4 Bytes [68, A6, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + B 77625E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadTokenEx + 6 77625E6E 4 Bytes CALL 76629219 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadTokenEx + B 77625E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + 6 77625F7E 4 Bytes [A8, A4, 33, 00] {TEST AL, 0xa4; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + B 77625F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryFullAttributesFile + 6 7762602E 4 Bytes CALL 766293D7 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryFullAttributesFile + B 77626033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + 6 7762667E 4 Bytes [28, A5, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + B 77626683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + 6 776266DE 4 Bytes [28, A6, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + B 776266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + 6 776269FE 4 Bytes [68, A7, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + B 77626A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 003903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 003901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4172] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtCreateFile + 6 7762560E 4 Bytes [28, 24, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtCreateFile + B 77625613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [28, 27, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenFile + 6 77625D1E 4 Bytes [68, 24, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenFile + B 77625D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcess + 6 77625DCE 4 Bytes [A8, 25, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcess + B 77625DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessToken + 6 77625DDE 4 Bytes CALL 7662CC08 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessToken + B 77625DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessTokenEx + 6 77625DEE 4 Bytes [A8, 26, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessTokenEx + B 77625DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThread + 6 77625E4E 4 Bytes [68, 25, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThread + B 77625E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadToken + 6 77625E5E 4 Bytes [68, 26, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadToken + B 77625E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadTokenEx + 6 77625E6E 4 Bytes CALL 7662CC99 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadTokenEx + B 77625E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryAttributesFile + 6 77625F7E 4 Bytes [A8, 24, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryAttributesFile + B 77625F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryFullAttributesFile + 6 7762602E 4 Bytes CALL 7662CE57 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryFullAttributesFile + B 77626033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationFile + 6 7762667E 4 Bytes [28, 25, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationFile + B 77626683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationThread + 6 776266DE 4 Bytes [28, 26, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationThread + B 776266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtUnmapViewOfSection + 6 776269FE 4 Bytes [68, 27, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtUnmapViewOfSection + B 77626A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 008A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 008A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4356] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtCreateFile + 6 7762560E 4 Bytes [28, 18, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtCreateFile + B 77625613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [28, 1B, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenFile + 6 77625D1E 4 Bytes [68, 18, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenFile + B 77625D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcess + 6 77625DCE 4 Bytes [A8, 19, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcess + B 77625DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcessToken + B 77625DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcessTokenEx + 6 77625DEE 4 Bytes [A8, 1A, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenProcessTokenEx + B 77625DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThread + 6 77625E4E 4 Bytes [68, 19, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThread + B 77625E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThreadToken + 6 77625E5E 4 Bytes [68, 1A, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThreadToken + B 77625E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtOpenThreadTokenEx + B 77625E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtQueryAttributesFile + 6 77625F7E 4 Bytes [A8, 18, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtQueryAttributesFile + B 77625F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtQueryFullAttributesFile + B 77626033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationFile + 6 7762667E 4 Bytes [28, 19, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationFile + B 77626683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationThread + 6 776266DE 4 Bytes [28, 1A, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtSetInformationThread + B 776266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtUnmapViewOfSection + 6 776269FE 4 Bytes [68, 1B, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!NtUnmapViewOfSection + B 77626A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 011703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 011701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4444] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtCreateFile + 6 7762560E 4 Bytes [28, 5C, 0A, 00] {SUB [EDX+ECX+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtCreateFile + B 77625613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [28, 5F, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenFile + 6 77625D1E 4 Bytes [68, 5C, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenFile + B 77625D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcess + 6 77625DCE 4 Bytes [A8, 5D, 0A, 00] {TEST AL, 0x5d; OR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcess + B 77625DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessToken + 6 77625DDE 4 Bytes CALL 76626840 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessToken + B 77625DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessTokenEx + 6 77625DEE 4 Bytes [A8, 5E, 0A, 00] {TEST AL, 0x5e; OR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessTokenEx + B 77625DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThread + 6 77625E4E 4 Bytes [68, 5D, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThread + B 77625E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadToken + 6 77625E5E 4 Bytes [68, 5E, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadToken + B 77625E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadTokenEx + 6 77625E6E 4 Bytes CALL 766268D1 C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadTokenEx + B 77625E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryAttributesFile + 6 77625F7E 4 Bytes [A8, 5C, 0A, 00] {TEST AL, 0x5c; OR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryAttributesFile + B 77625F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryFullAttributesFile + 6 7762602E 4 Bytes CALL 76626A8F C:\windows\system32\GDI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryFullAttributesFile + B 77626033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationFile + 6 7762667E 4 Bytes [28, 5D, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationFile + B 77626683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationThread + 6 776266DE 4 Bytes [28, 5E, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationThread + B 776266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtUnmapViewOfSection + 6 776269FE 4 Bytes [68, 5F, 0A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtUnmapViewOfSection + B 77626A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 001703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 001701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5000] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtCreateFile + 6 7762560E 4 Bytes [28, 0C, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtCreateFile + B 77625613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtMapViewOfSection + 6 77625C6E 4 Bytes [28, 0F, 01, 01] {SUB [EDI], CL; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtMapViewOfSection + B 77625C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenFile + 6 77625D1E 4 Bytes [68, 0C, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenFile + B 77625D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcess + 6 77625DCE 4 Bytes [A8, 0D, 01, 01] {TEST AL, 0xd; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcess + B 77625DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcessToken + B 77625DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcessTokenEx + 6 77625DEE 4 Bytes [A8, 0E, 01, 01] {TEST AL, 0xe; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcessTokenEx + B 77625DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThread + 6 77625E4E 4 Bytes [68, 0D, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThread + B 77625E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThreadToken + 6 77625E5E 4 Bytes [68, 0E, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThreadToken + B 77625E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThreadTokenEx + B 77625E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtQueryAttributesFile + 6 77625F7E 4 Bytes [A8, 0C, 01, 01] {TEST AL, 0xc; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtQueryAttributesFile + B 77625F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtQueryFullAttributesFile + B 77626033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationFile + 6 7762667E 4 Bytes [28, 0D, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationFile + B 77626683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationThread + 6 776266DE 4 Bytes [28, 0E, 01, 01] {SUB [ESI], CL; ADD [ECX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationThread + B 776266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtUnmapViewOfSection + 6 776269FE 4 Bytes [68, 0F, 01, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtUnmapViewOfSection + B 77626A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!LdrUnloadDll 7763C8DE 5 Bytes JMP 010E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!LdrLoadDll 776422AE 5 Bytes JMP 010E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5260] KERNEL32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\windows\system32\sppsvc.exe[5280] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Users\Anna\Downloads\wivtsqx1.exe[5484] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5508] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5600] kernel32.dll!GetBinaryTypeW + 70 75C86AAC 1 Byte [62] .text ... ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [734624CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7344562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [734456EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73462546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [734585AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73454D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73455105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [734551DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73456707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73458301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73458850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [734590B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7345E254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[3540] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73454C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85A3C1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{82424B52-D060-475A-867F-BAF8D19D8B89} 874F51F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbuhci \Device\USBPDO-0 876F31F8 Device \Driver\usbuhci \Device\USBPDO-1 876F31F8 Device \Driver\usbuhci \Device\USBPDO-2 876F31F8 Device \Driver\usbehci \Device\USBPDO-3 8636F430 Device \Driver\usbuhci \Device\USBPDO-4 876F31F8 Device \Driver\usbuhci \Device\USBPDO-5 876F31F8 Device \Driver\usbuhci \Device\USBPDO-6 876F31F8 Device \Driver\usbehci \Device\USBPDO-7 8636F430 Device \Driver\cdrom \Device\CdRom0 87502430 Device \Driver\iaStor \Device\Ide\iaStor0 [8C0D5650] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8C0D5650] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8C0D5650] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 874F51F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{442FB787-B184-4F19-B4B4-DED6569817AA} 874F51F8 Device \Driver\usbuhci \Device\USBFDO-0 876F31F8 Device \Driver\usbuhci \Device\USBFDO-1 876F31F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{42BEF7EB-13E5-4D60-BA22-572C7AC8F720} 874F51F8 Device \Driver\usbuhci \Device\USBFDO-2 876F31F8 Device \Driver\usbehci \Device\USBFDO-3 8636F430 Device \Driver\usbuhci \Device\USBFDO-4 876F31F8 Device \Driver\usbuhci \Device\USBFDO-5 876F31F8 Device \Driver\usbuhci \Device\USBFDO-6 876F31F8 Device \Driver\usbehci \Device\USBFDO-7 8636F430 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----