GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-02 17:41:42 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD753LJ rev.1AA01118 698,64GB Running: gmer.exe; Driver: C:\Users\XX\AppData\Local\Temp\uwrdypod.sys ---- System - GMER 2.1 ---- SSDT BDDA037E ZwCreateSection SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xBE03E6E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xBE03E800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xBE03E010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xBE03E4D0] SSDT BDDA0388 ZwRequestWaitReplyPort SSDT BDDA0383 ZwSetContextThread SSDT BDDA038D ZwSetSecurityObject SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xBE03E300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xBE03E3E0] SSDT BDDA0392 ZwSystemDebugControl SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xBE03E120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xBE03E210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xBE03E5E0] INT 0x51 ? B169CA58 INT 0x61 ? B20FF558 INT 0x62 ? B20BF7D8 INT 0x71 ? B20FF7D8 INT 0x72 ? B169C2D8 INT 0x82 ? B169C558 INT 0x92 ? B20BFA58 INT 0xA0 ? B20BFCD8 INT 0xA2 ? B08D27D8 INT 0xB0 ? B20FF2D8 INT 0xB1 ? B08D2CD8 INT 0xB2 ? B169CCD8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D E328AA49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E32C44D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 E32CB62C 4 Bytes [7E, 03, DA, BD] .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 E32CB78C 8 Bytes [E0, E6, 03, BE, 00, E8, 03, ...] {LOOPNZ 0xffffffe8; ADD EDI, [ESI-0x41fc1800]} .text ntkrnlpa.exe!KeRemoveQueueEx + 139F E32CB7D4 4 Bytes [10, E0, 03, BE] .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF E32CB7F4 4 Bytes [D0, E4, 03, BE] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 E32CB988 4 Bytes [88, 03, DA, BD] .text ... ? system32\drivers\24288966.sys System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\9384717eede54217.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0xBE806000, 0x2BFAE2, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\SearchIndexer.exe[920] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\gmer\gmer.exe[1780] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, D8, 1C, 00] {SUB AL, BL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, DB, 1C, 00] {SUB BL, BL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, D8, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, D9, 1C, 00] {TEST AL, 0xd9; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 76107A7C C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, DA, 1C, 00] {TEST AL, 0xda; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, D9, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, DA, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 76107B0D C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, D8, 1C, 00] {TEST AL, 0xd8; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 76107CCB C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, D9, 1C, 00] {SUB CL, BL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, DA, 1C, 00] {SUB DL, BL; SBB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, DB, 1C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3556] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\WUDFHost.exe[3900] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3988] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [18, 20, 7D, 60] {SBB [EAX], AH; JGE 0x64} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4328] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, 1C, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, 1F, E3, 00] {SUB [EDI], BL; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, 1C, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, 1D, E3, 00] {TEST AL, 0x1d; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 761140C0 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, 1E, E3, 00] {TEST AL, 0x1e; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, 1D, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, 1E, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 76114151 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, 1C, E3, 00] {TEST AL, 0x1c; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 7611430F C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, 1D, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, 1E, E3, 00] {SUB [ESI], BL; JECXZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, 1F, E3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, 38, B4, 00] {SUB [EAX], BH; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, 3B, B4, 00] {SUB [EBX], BH; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, 38, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, 39, B4, 00] {TEST AL, 0x39; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 761111DC C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, 3A, B4, 00] {TEST AL, 0x3a; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, 39, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, 3A, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 7611126D C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, 38, B4, 00] {TEST AL, 0x38; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 7611142B C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, 39, B4, 00] {SUB [ECX], BH; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, 3A, B4, 00] {SUB [EDX], BH; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, 3B, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, B8, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, BB, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, B8, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, B9, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 7611585C C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, BA, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, B9, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, BA, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 761158ED C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, B8, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 76115AAB C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, B9, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, BA, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, BB, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4576] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, 84, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, 87, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, 84, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, 85, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 76107C28 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, 86, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, 85, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, 86, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 76107CB9 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, 84, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 76107E77 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, 85, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, 86, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, 87, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4644] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[4660] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, EC, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, EF, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, EC, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, ED, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 76111990 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, EE, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, ED, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, EE, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 76111A21 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, EC, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 76111BDF C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, ED, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, EE, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, EF, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4712] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, 78, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, 7B, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, 78, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, 79, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 7610941C C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, 7A, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, 79, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, 7A, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 761094AD C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, 78, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 7610966B C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, 79, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, 7A, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, 7B, 36, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4720] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, 90, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, 93, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, 90, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, 91, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 7610B734 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, 92, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, 91, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, 92, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 7610B7C5 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, 90, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 7610B983 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, 91, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, 92, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, 93, 59, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4928] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[4992] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\FRST (1).exe[5220] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, B4, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, B7, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, B4, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, B5, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 7610FB58 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, B6, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, B5, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, B6, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 7610FBE9 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, B4, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 7610FDA7 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, B5, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, B6, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, B7, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + 6 771055CE 4 Bytes [28, F8, 32, 00] {SUB AL, BH; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + B 771055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + 6 77105C2E 4 Bytes [28, FB, 32, 00] {SUB BL, BH; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + B 77105C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + 6 77105CDE 4 Bytes [68, F8, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + B 77105CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + 6 77105D8E 4 Bytes [A8, F9, 32, 00] {TEST AL, 0xf9; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + B 77105D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessToken + 6 77105D9E 4 Bytes CALL 7610909C C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessToken + B 77105DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + 6 77105DAE 4 Bytes [A8, FA, 32, 00] {TEST AL, 0xfa; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + B 77105DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + 6 77105E0E 4 Bytes [68, F9, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + B 77105E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + 6 77105E1E 4 Bytes [68, FA, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + B 77105E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadTokenEx + 6 77105E2E 4 Bytes CALL 7610912D C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadTokenEx + B 77105E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + 6 77105F3E 4 Bytes [A8, F8, 32, 00] {TEST AL, 0xf8; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + B 77105F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryFullAttributesFile + 6 77105FEE 4 Bytes CALL 761092EB C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryFullAttributesFile + B 77105FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + 6 7710663E 4 Bytes [28, F9, 32, 00] {SUB CL, BH; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + B 77106643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + 6 7710669E 4 Bytes [28, FA, 32, 00] {SUB DL, BH; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + B 771066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + 6 771069BE 4 Bytes [68, FB, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + B 771069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\svchost.exe[5756] ntdll.dll!NtWriteVirtualMemory 77106A98 5 Bytes JMP 70B11000 C:\Program Files\AVG\AVG2015\avghookx.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [718324CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7181562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [718156EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71832546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [718285AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71824D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71825105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [718251DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [71826707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71828301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71828850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [718290B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7182E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [71824C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\76507945 \Device\KLMD22012015_02100401_B 24288966.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys Device \Driver\00001565 \Device\KLMD22012015_02100401 24288966.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----