GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-30 00:18:30 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 232,89GB Running: c4302h4f.exe; Driver: C:\Users\Chrisso\AppData\Local\Temp\pgddrpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x90E936E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x90E93800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x90E93010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x90E934D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x90E93300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x90E933E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x90E93120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x90E93210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x90E935E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83253A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8328D212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 832946EC 8 Bytes [E0, 36, E9, 90, 00, 38, E9, ...] {LOOPNZ 0x38; JMP 0xe9380097; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 83294734 4 Bytes [10, 30, E9, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 83294754 4 Bytes [D0, 34, E9, 90] {SAL BYTE [ECX+EBP*8], 0x1; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 832949F4 8 Bytes [00, 33, E9, 90, E0, 33, E9, ...] {ADD [EBX], DH; JMP 0xe933e097; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 83294A04 8 Bytes [20, 31, E9, 90, 10, 32, E9, ...] {AND [ECX], DH; JMP 0xe9321097; NOP } .text ... ? System32\Drivers\spir.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, A8, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, AB, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, A8, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, A9, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, AA, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, A9, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, AA, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, A8, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, A9, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, AA, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, AB, AE, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[1196] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 98, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 9B, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 98, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 99, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 9A, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 99, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 9A, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 98, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 99, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 9A, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 9B, 9B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[2456] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes CALL 5AA35658 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, EB, 45, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes CALL 5AA35D68 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes JMP 5AA35E18 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes JMP E2FF0045 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes JMP 5AA35E98 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes JMP E2FF0045 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes CALL 5AA35FC8 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes JMP 5AA366C8 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes JMP E2FF0045 .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, EB, 45, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[5180] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 04, 8E, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 07, 8E, 00] {SUB [EDI], AL; MOV ES, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 04, 8E, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 05, 8E, 00] {TEST AL, 0x5; MOV ES, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 06, 8E, 00] {TEST AL, 0x6; MOV ES, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 05, 8E, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 06, 8E, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 04, 8E, 00] {TEST AL, 0x4; MOV ES, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 05, 8E, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 06, 8E, 00] {SUB [ESI], AL; MOV ES, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 07, 8E, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6004] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, C0, 32, 00] {SUB AL, AL; XOR AL, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, C3, 32, 00] {SUB BL, AL; XOR AL, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, C0, 32, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, C1, 32, 00] {TEST AL, 0xc1; XOR AL, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, C2, 32, 00] {TEST AL, 0xc2; XOR AL, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, C1, 32, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, C2, 32, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, C0, 32, 00] {TEST AL, 0xc0; XOR AL, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, C1, 32, 00] {SUB CL, AL; XOR AL, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, C2, 32, 00] {SUB DL, AL; XOR AL, [EAX]} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, C3, 32, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6176] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, AC, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, AF, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, AC, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, AD, E2, 00] {TEST AL, 0xad; LOOP 0x4} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, AE, E2, 00] {TEST AL, 0xae; LOOP 0x4} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, AD, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, AE, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, AC, E2, 00] {TEST AL, 0xac; LOOP 0x4} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, AD, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, AE, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, AF, E2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6296] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6424] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [18, 00, 97, 67] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6424] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6424] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6424] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, CC, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, CF, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, CC, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, CD, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, CE, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, CD, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, CE, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, CC, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, CD, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, CE, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, CF, F5, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[6544] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, DC, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, DF, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, DC, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, DD, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, DE, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, DD, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, DE, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, DC, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, DD, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, DE, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, DF, CB, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7156] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, AC, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, AF, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, AC, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, AD, 77, 00] {TEST AL, 0xad; JA 0x4} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, AE, 77, 00] {TEST AL, 0xae; JA 0x4} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, AD, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, AE, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, AC, 77, 00] {TEST AL, 0xac; JA 0x4} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, AD, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, AE, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, AF, 77, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[7204] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, 4C, D2, 00] {SUB [EDX+EDX*8+0x0], CL} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, 4F, D2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, 4C, D2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, 4D, D2, 00] {TEST AL, 0x4d; ROL [EAX], CL} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, 4E, D2, 00] {TEST AL, 0x4e; ROL [EAX], CL} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, 4D, D2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, 4E, D2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, 4C, D2, 00] {TEST AL, 0x4c; ROL [EAX], CL} .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, 4D, D2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, 4E, D2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, 4F, D2, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8040] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtCreateFile + 6 77A4560E 4 Bytes [28, F8, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtCreateFile + B 77A45613 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtMapViewOfSection + 6 77A45C6E 4 Bytes [28, FB, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtMapViewOfSection + B 77A45C73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenFile + 6 77A45D1E 4 Bytes [68, F8, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenFile + B 77A45D23 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcess + 6 77A45DCE 4 Bytes [A8, F9, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcess + B 77A45DD3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcessToken + B 77A45DE3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DEE 4 Bytes [A8, FA, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenProcessTokenEx + B 77A45DF3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThread + 6 77A45E4E 4 Bytes [68, F9, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThread + B 77A45E53 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThreadToken + 6 77A45E5E 4 Bytes [68, FA, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThreadToken + B 77A45E63 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtOpenThreadTokenEx + B 77A45E73 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtQueryAttributesFile + 6 77A45F7E 4 Bytes [A8, F8, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtQueryAttributesFile + B 77A45F83 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtQueryFullAttributesFile + B 77A46033 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationFile + 6 77A4667E 4 Bytes [28, F9, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationFile + B 77A46683 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationThread + 6 77A466DE 4 Bytes [28, FA, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtSetInformationThread + B 77A466E3 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtUnmapViewOfSection + 6 77A469FE 4 Bytes [68, FB, 5B, 00] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] ntdll.dll!NtUnmapViewOfSection + B 77A46A03 1 Byte [E2] .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] GDI32.dll!D3DKMTQueryAdapterInfo 755ECB76 5 Bytes JMP 642919D0 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\Chrisso\AppData\Local\Google\Chrome\Application\chrome.exe[8060] GDI32.dll!D3DKMTGetDisplayModeList 755EF320 5 Bytes JMP 64291950 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7375249F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73735652] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73735710] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [7375251A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7374857E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73744D32] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [737450D9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [737451AE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [737466DB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [737482D5] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73748824] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73749085] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7374E228] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2868] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73744C64] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 857AE1F8 Device \FileSystem\fastfat \FatCdrom 896514A8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \FileSystem\fastfat \Fat 896514A8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spir.sys >>UNKNOWN [0x85788938]<< 85788938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ff0030] 86ff0030 Trace 3 CLASSPNP.SYS[8b39159e] -> nt!IofCallDriver -> [0x86533380] 86533380 Trace 5 ACPI.sys[8ab9c3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8654a028] 8654a028 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61e36f6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dac3950 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dac3950@bcb1f33d8de5 0x26 0x70 0x02 0x62 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1d-0f-d0-14-44@TeredoAddress 2001:0:5ef5:79fd:1477:8653:e049:b215 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 28020 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 493311 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x40 0xE0 0xF8 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E84353BA-75DE-440E-8BD2-D0CC877FF26C}@LeaseObtainedTime 1412025422 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E84353BA-75DE-440E-8BD2-D0CC877FF26C}@T1 1412061422 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E84353BA-75DE-440E-8BD2-D0CC877FF26C}@T2 1412088422 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E84353BA-75DE-440E-8BD2-D0CC877FF26C}@LeaseTerminatesTime 1412097422 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61e36f6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dac3950 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dac3950@bcb1f33d8de5 0x26 0x70 0x02 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x40 0xE0 0xF8 0x6B ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9B7A9136-F315-11DF-927E-806E6F6E6963} 14113949968 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9B7A9137-F315-11DF-927E-806E6F6E6963} 146929720 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 ---- EOF - GMER 2.1 ----