GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-09 19:23:22 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596,17GB Running: ud70p02m.exe; Driver: C:\Users\Julia\AppData\Local\Temp\ugtdqpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90E31ACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x90EEE31C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90E325AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90E3E67A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90E3E6C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90E3E860] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90E3E5E8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90EEE6F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90E3E630] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90EEE986] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90EEEA70] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90E3E81A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90E33398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90E31B32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x90EEEB74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x90EEE3F4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x90EEB78E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90EEE7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90E31B98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90E36FE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90E33EDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90E3E6A4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90E3E6E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90E3E884] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90E3E60E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90E364E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90E3E798] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90E3E658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90E368CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90E3E83E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90EEE574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90E33CF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90E33A02] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90E31BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90E31C64] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90EEE8D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90E317B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90E3198A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90E31918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90E33562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90E336C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90E31A12] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90EEE642] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90E331F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x90EEB7BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90E31CCA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90EEE4A6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 83C89B55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83CC3BB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83CCAFB0 4 Bytes [CC, 1A, E3, 90] {INT 3 ; SBB AH, BL; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83CCAFD8 4 Bytes [1C, E3, EE, 90] {SBB AL, 0xe3; OUT DX, AL; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83CCB038 4 Bytes [AA, 25, E3, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83CCB08C 8 Bytes [7A, E6, E3, 90, C6, E6, E3, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83CCB098 4 Bytes [60, E8, E3, 90] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83E88CAF 4 Bytes CALL 90E345C3 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83EA2B51 4 Bytes CALL 90E345D9 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B78F346] .text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8BDBA000, 0x3C849, 0xE8000020] .dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8BDFF000, 0x3DC, 0x48000040] ? C:\windows\System32\Drivers\afs14yhz.SYS suspicious PE modification .text C:\windows\system32\DRIVERS\athsgt.sys section is writeable [0xB03CD300, 0x21F20, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] kernel32.dll!SetUnhandledExceptionFilter 774CF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2312] kernel32.dll!SetUnhandledExceptionFilter 774CF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtCreateFile + 6 775A56B6 4 Bytes [28, 44, 51, 00] {SUB [ECX+EDX*2+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtCreateFile + B 775A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [28, 47, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenFile + 6 775A5DC6 4 Bytes [68, 44, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenFile + B 775A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcess + 6 775A5E76 4 Bytes [A8, 45, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcess + B 775A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcessToken + 6 775A5E86 4 Bytes CALL 765AAFD0 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcessToken + B 775A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcessTokenEx + 6 775A5E96 4 Bytes [A8, 46, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcessTokenEx + B 775A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThread + 6 775A5EF6 4 Bytes [68, 45, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThread + B 775A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThreadToken + 6 775A5F06 4 Bytes [68, 46, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThreadToken + B 775A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThreadTokenEx + 6 775A5F16 4 Bytes CALL 765AB061 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThreadTokenEx + B 775A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtQueryAttributesFile + 6 775A6026 4 Bytes [A8, 44, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtQueryAttributesFile + B 775A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtQueryFullAttributesFile + 6 775A60D6 4 Bytes CALL 765AB21F C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtQueryFullAttributesFile + B 775A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationFile + 6 775A6726 4 Bytes [28, 45, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationFile + B 775A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationThread + 6 775A6786 4 Bytes [28, 46, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationThread + B 775A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtUnmapViewOfSection + 6 775A6AA6 4 Bytes [68, 47, 51, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtUnmapViewOfSection + B 775A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 007103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 007101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + 6 775A56B6 4 Bytes [28, 18, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + B 775A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [28, 1B, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + 6 775A5DC6 4 Bytes [68, 18, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + B 775A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + 6 775A5E76 4 Bytes [A8, 19, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + B 775A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + 6 775A5E86 4 Bytes CALL 765AC5A4 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + B 775A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + 6 775A5E96 4 Bytes [A8, 1A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + B 775A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + 6 775A5EF6 4 Bytes [68, 19, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + B 775A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + 6 775A5F06 4 Bytes [68, 1A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + B 775A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + 6 775A5F16 4 Bytes CALL 765AC635 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + B 775A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + 6 775A6026 4 Bytes [A8, 18, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + B 775A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + 6 775A60D6 4 Bytes CALL 765AC7F3 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + B 775A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + 6 775A6726 4 Bytes [28, 19, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + B 775A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + 6 775A6786 4 Bytes [28, 1A, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + B 775A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + 6 775A6AA6 4 Bytes [68, 1B, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + B 775A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 007D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 007D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + 6 775A56B6 4 Bytes [28, 30, 86, 00] {SUB [EAX], DH; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + B 775A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [28, 33, 86, 00] {SUB [EBX], DH; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + 6 775A5DC6 4 Bytes [68, 30, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + B 775A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + 6 775A5E76 4 Bytes [A8, 31, 86, 00] {TEST AL, 0x31; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + B 775A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + 6 775A5E86 4 Bytes CALL 765AE4BC C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + B 775A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + 6 775A5E96 4 Bytes [A8, 32, 86, 00] {TEST AL, 0x32; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + B 775A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + 6 775A5EF6 4 Bytes [68, 31, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + B 775A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + 6 775A5F06 4 Bytes [68, 32, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + B 775A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + 6 775A5F16 4 Bytes CALL 765AE54D C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + B 775A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + 6 775A6026 4 Bytes [A8, 30, 86, 00] {TEST AL, 0x30; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + B 775A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + 6 775A60D6 4 Bytes CALL 765AE70B C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + B 775A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + 6 775A6726 4 Bytes [28, 31, 86, 00] {SUB [ECX], DH; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + B 775A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + 6 775A6786 4 Bytes [28, 32, 86, 00] {SUB [EDX], DH; XCHG [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + B 775A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + 6 775A6AA6 4 Bytes [68, 33, 86, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + B 775A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 009303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 009301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [18, 20, 96, 69] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 001E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4300] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 001E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + 6 775A56B6 4 Bytes [28, DC, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + B 775A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [28, DF, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + 6 775A5DC6 4 Bytes [68, DC, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + B 775A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + 6 775A5E76 4 Bytes [A8, DD, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + B 775A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessToken + B 775A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + 6 775A5E96 4 Bytes [A8, DE, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + B 775A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + 6 775A5EF6 4 Bytes [68, DD, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + B 775A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + 6 775A5F06 4 Bytes [68, DE, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + B 775A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadTokenEx + B 775A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + 6 775A6026 4 Bytes [A8, DC, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + B 775A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryFullAttributesFile + B 775A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + 6 775A6726 4 Bytes [28, DD, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + B 775A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + 6 775A6786 4 Bytes [28, DE, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + B 775A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + 6 775A6AA6 4 Bytes [68, DF, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + B 775A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 00C503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 00C501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtCreateFile + 6 775A56B6 4 Bytes [28, E4, 09, 00] {SUB AH, AH; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtCreateFile + B 775A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [28, E7, 09, 00] {SUB BH, AH; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenFile + 6 775A5DC6 4 Bytes [68, E4, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenFile + B 775A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcess + 6 775A5E76 4 Bytes [A8, E5, 09, 00] {TEST AL, 0xe5; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcess + B 775A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessToken + 6 775A5E86 4 Bytes CALL 765A6870 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessToken + B 775A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessTokenEx + 6 775A5E96 4 Bytes [A8, E6, 09, 00] {TEST AL, 0xe6; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessTokenEx + B 775A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThread + 6 775A5EF6 4 Bytes [68, E5, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThread + B 775A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadToken + 6 775A5F06 4 Bytes [68, E6, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadToken + B 775A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadTokenEx + 6 775A5F16 4 Bytes CALL 765A6901 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadTokenEx + B 775A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryAttributesFile + 6 775A6026 4 Bytes [A8, E4, 09, 00] {TEST AL, 0xe4; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryAttributesFile + B 775A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryFullAttributesFile + 6 775A60D6 4 Bytes CALL 765A6ABF C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryFullAttributesFile + B 775A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationFile + 6 775A6726 4 Bytes [28, E5, 09, 00] {SUB CH, AH; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationFile + B 775A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationThread + 6 775A6786 4 Bytes [28, E6, 09, 00] {SUB DH, AH; OR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationThread + B 775A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtUnmapViewOfSection + 6 775A6AA6 4 Bytes [68, E7, 09, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtUnmapViewOfSection + B 775A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 000F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 000F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + 6 775A56B6 4 Bytes [28, 6C, BD, 00] {SUB [EBP+EDI*4+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + B 775A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [28, 6F, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + 6 775A5DC6 4 Bytes [68, 6C, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + B 775A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + 6 775A5E76 4 Bytes [A8, 6D, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + B 775A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + B 775A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + 6 775A5E96 4 Bytes [A8, 6E, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + B 775A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + 6 775A5EF6 4 Bytes [68, 6D, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + B 775A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + 6 775A5F06 4 Bytes [68, 6E, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + B 775A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + B 775A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + 6 775A6026 4 Bytes [A8, 6C, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + B 775A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + B 775A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + 6 775A6726 4 Bytes [28, 6D, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + B 775A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + 6 775A6786 4 Bytes [28, 6E, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + B 775A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + 6 775A6AA6 4 Bytes [68, 6F, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + B 775A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 00CA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 00CA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtCreateFile + 6 775A56B6 4 Bytes [28, 08, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtCreateFile + B 775A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtMapViewOfSection + 6 775A5D16 4 Bytes [28, 0B, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtMapViewOfSection + B 775A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenFile + 6 775A5DC6 4 Bytes [68, 08, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenFile + B 775A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcess + 6 775A5E76 4 Bytes [A8, 09, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcess + B 775A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessToken + B 775A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessTokenEx + 6 775A5E96 4 Bytes [A8, 0A, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessTokenEx + B 775A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThread + 6 775A5EF6 4 Bytes [68, 09, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThread + B 775A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadToken + 6 775A5F06 4 Bytes [68, 0A, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadToken + B 775A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadTokenEx + B 775A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryAttributesFile + 6 775A6026 4 Bytes [A8, 08, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryAttributesFile + B 775A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryFullAttributesFile + B 775A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationFile + 6 775A6726 4 Bytes [28, 09, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationFile + B 775A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationThread + 6 775A6786 4 Bytes [28, 0A, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationThread + B 775A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtUnmapViewOfSection + 6 775A6AA6 4 Bytes [68, 0B, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtUnmapViewOfSection + B 775A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!LdrUnloadDll 775BCBCE 5 Bytes JMP 010B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!LdrLoadDll 775C2576 5 Bytes JMP 010B01F8 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74132493] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74115625] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741156E3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [7413250E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74128572] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74124D26] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741250CD] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741251A2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741266CF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741282C9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74128818] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74129079] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7412E21C] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll IAT C:\windows\Explorer.EXE[1960] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74124C58] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 863581F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys ---- Modules - GMER 2.1 ---- Module (noname) (*** hidden *** ) 8915D000-8925E000 (1052672 bytes) ---- Threads - GMER 2.1 ---- Thread System [4:4572] 8917A1B0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0xEF 0x91 0xD6 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0xD4 0xDE 0xC6 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x54 0x9E 0x04 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x90 0x03 0x14 0xFC ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0xD4 0xDE 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x54 0x9E 0x04 0x89 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x7B 0xA6 0x19 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0xD4 0xDE 0xC6 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x54 0x9E 0x04 0x89 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@CEF522EB 2216 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2} 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\assets 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\assets\indexes 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\assets\indexes\1.7.10.json 88092 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\hs_err_pid5888.log 26469 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\launcher_profiles.json 655 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\logs 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\logs\2014-07-17-1.log.gz 728 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\logs\latest.log 17492 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\minecraft launcher 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\minecraft launcher\options.json 79 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\options.txt 1990 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\data 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\data\Mineshaft.dat 60957 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\data\Stronghold.dat 2552 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\data\Temple.dat 181 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\data\Village.dat 177 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\data\villages.dat 54 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\DIM-1 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\DIM1 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\level.dat 1347 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\level.dat_mcr 375 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\level.dat_old 1350 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\playerdata 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\playerdata\061c8322-cca4-4c1d-9094-f52d19d13caa.dat 1000 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.0.-1.mca 212992 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.0.0.mca 3014656 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.1.0.mca 3014656 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.1.1.mca 45056 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.2.0.mca 2662400 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.2.1.mca 163840 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.3.0.mca 1822720 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.3.1.mca 3821568 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.4.0.mca 385024 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.4.1.mca 2940928 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.5.1.mca 3047424 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.6.1.mca 2772992 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.6.2.mca 8192 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.7.1.mca 8192 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\region\r.7.2.mca 8192 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\session.lock 8 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\stats 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\saves\Emal\stats\061c8322-cca4-4c1d-9094-f52d19d13caa.json 2476 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\screenshots 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\screenshots\2014-07-19_15.34.37.png 232557 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\screenshots\2014-07-19_15.34.40.png 290722 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\versions 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\versions\1.7.10 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\r101\Minecraft Launcher.e_{51a2d8e5-0f3d-11e4-b494-00266c008eb2}\C\Users\Julia\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10.json 3660 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 4 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 5120 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 8192 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 8192 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Current Session 3297 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Extension State\000003.log 570 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 6 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Login Data-journal 512 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Preferences 2111 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Secure Preferences 18846 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Web Data 71680 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Local State 5808 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\Users\Julia 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\Users\Julia\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\Users\Julia\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\Users\Julia\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\windows 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\C\windows\Prefetch\SAFEZONEBROWSER.EXE-EA1E6E17.pf 46560 bytes File C:\avast! sandbox\S-1-5-21-3482297185-812369919-341804188-1000\sfzone\snx_fs.dat 7390 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 29696 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{fb9a6453-b870-11e4-b590-00266c008eb2}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{fb9a6453-b870-11e4-b590-00266c008eb2}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{fb9a6453-b870-11e4-b590-00266c008eb2}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----