GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-04 19:50:38 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD800JD-22MSA1 rev.10.01E01 74,53GB Running: vdskngpz.exe; Driver: C:\Users\Tasman\AppData\Local\Temp\pxldipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x87F4C3D4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x883389F4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x87F4CEB2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x87F5928A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x87F592D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x87F59470] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x87F591F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0x87F5931A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x87F59240] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x87F4D3E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x87F4D604] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x87F5942A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x87F4DCA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x87F4C43A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x87F50E32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x88338ACC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x87F4C026] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x88338EAE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x87F4C4A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x87F51228] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x87F4E7E4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x87F592B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x87F592F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x87F59494] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x87F5921E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x87F5072A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x87F593A8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x87F59268] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x87F50B16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x87F5944E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x88338C4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x87F4E5FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x87F4E30A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x87F4C506] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x87F4C56C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0x87F4DB1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x87F4C0C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x87F4C292] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x87F4C220] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x87F4DE6A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x87F4DFCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x87F4C31A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0x87F4D958] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x87F4DAFA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x88335C8C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x87F4C5D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x87F4CF0E] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwSaveKey + 13CD 82C3C9C9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C5C512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 82C63760 4 Bytes [D4, C3, F4, 87] .text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C63788 4 Bytes [F4, 89, 33, 88] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 82C637E8 4 Bytes [B2, CE, F4, 87] .text ntoskrnl.exe!KeRemoveQueueEx + 146F 82C6383C 8 Bytes [8A, 92, F5, 87, D6, 92, F5, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 147B 82C63848 4 Bytes [70, 94, F5, 87] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtCreateFile + 6 777855CE 4 Bytes [28, A4, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtCreateFile + B 777855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtMapViewOfSection + 6 77785C2E 4 Bytes [28, A7, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtMapViewOfSection + B 77785C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenFile + 6 77785CDE 4 Bytes [68, A4, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenFile + B 77785CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenProcess + 6 77785D8E 4 Bytes [A8, A5, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenProcess + B 77785D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenProcessToken + 6 77785D9E 4 Bytes CALL 76790B48 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenProcessToken + B 77785DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenProcessTokenEx + 6 77785DAE 4 Bytes [A8, A6, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenProcessTokenEx + B 77785DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenThread + 6 77785E0E 4 Bytes [68, A5, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenThread + B 77785E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenThreadToken + 6 77785E1E 4 Bytes [68, A6, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenThreadToken + B 77785E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenThreadTokenEx + 6 77785E2E 4 Bytes CALL 76790BD9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtOpenThreadTokenEx + B 77785E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtQueryAttributesFile + 6 77785F3E 4 Bytes [A8, A4, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtQueryAttributesFile + B 77785F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtQueryFullAttributesFile + 6 77785FEE 4 Bytes CALL 76790D97 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtQueryFullAttributesFile + B 77785FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtSetInformationFile + 6 7778663E 4 Bytes [28, A5, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtSetInformationFile + B 77786643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtSetInformationThread + 6 7778669E 4 Bytes [28, A6, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtSetInformationThread + B 777866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtUnmapViewOfSection + 6 777869BE 4 Bytes [68, A7, AD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!NtUnmapViewOfSection + B 777869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!LdrUnloadDll 7779C8DE 5 Bytes JMP 00B303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] ntdll.dll!LdrLoadDll 777A22B8 5 Bytes JMP 00B301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtCreateFile + 6 777855CE 4 Bytes [28, 4C, 55, 00] {SUB [EBP+EDX*2+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtCreateFile + B 777855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + 6 77785C2E 4 Bytes [28, 4F, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + B 77785C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenFile + 6 77785CDE 4 Bytes [68, 4C, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenFile + B 77785CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcess + 6 77785D8E 4 Bytes [A8, 4D, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcess + B 77785D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessToken + 6 77785D9E 4 Bytes CALL 7678B2F0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessToken + B 77785DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessTokenEx + 6 77785DAE 4 Bytes [A8, 4E, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessTokenEx + B 77785DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThread + 6 77785E0E 4 Bytes [68, 4D, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThread + B 77785E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadToken + 6 77785E1E 4 Bytes [68, 4E, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadToken + B 77785E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadTokenEx + 6 77785E2E 4 Bytes CALL 7678B381 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadTokenEx + B 77785E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryAttributesFile + 6 77785F3E 4 Bytes [A8, 4C, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryAttributesFile + B 77785F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryFullAttributesFile + 6 77785FEE 4 Bytes CALL 7678B53F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryFullAttributesFile + B 77785FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationFile + 6 7778663E 4 Bytes [28, 4D, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationFile + B 77786643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationThread + 6 7778669E 4 Bytes [28, 4E, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationThread + B 777866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + 6 777869BE 4 Bytes [68, 4F, 55, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + B 777869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!LdrUnloadDll 7779C8DE 5 Bytes JMP 005B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!LdrLoadDll 777A22B8 5 Bytes JMP 005B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 77785C2E 4 Bytes [18, 20, 9B, 6C] {SBB [EAX], AH; WAIT ; INS BYTE [ES:EDI], DX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + B 77785C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!LdrUnloadDll 7779C8DE 5 Bytes JMP 000F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!LdrLoadDll 777A22B8 5 Bytes JMP 000F01F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] kernel32.dll!SetUnhandledExceptionFilter 75EF3D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2732] kernel32.dll!SetUnhandledExceptionFilter 75EF3D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + 6 777855CE 4 Bytes [28, 7C, 9F, 00] {SUB [EDI+EBX*4+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + B 777855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + 6 77785C2E 4 Bytes [28, 7F, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + B 77785C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + 6 77785CDE 4 Bytes [68, 7C, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + B 77785CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + 6 77785D8E 4 Bytes [A8, 7D, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + B 77785D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + 6 77785D9E 4 Bytes CALL 7678FD20 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + B 77785DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + 6 77785DAE 4 Bytes [A8, 7E, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + B 77785DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + 6 77785E0E 4 Bytes [68, 7D, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + B 77785E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + 6 77785E1E 4 Bytes [68, 7E, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + B 77785E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + 6 77785E2E 4 Bytes CALL 7678FDB1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + B 77785E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + 6 77785F3E 4 Bytes [A8, 7C, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + B 77785F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + 6 77785FEE 4 Bytes CALL 7678FF6F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + B 77785FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + 6 7778663E 4 Bytes [28, 7D, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + B 77786643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + 6 7778669E 4 Bytes [28, 7E, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + B 777866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + 6 777869BE 4 Bytes [68, 7F, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + B 777869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!LdrUnloadDll 7779C8DE 5 Bytes JMP 00AC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!LdrLoadDll 777A22B8 5 Bytes JMP 00AC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + 6 777855CE 4 Bytes [28, 90, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + B 777855D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + 6 77785C2E 4 Bytes [28, 93, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + B 77785C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + 6 77785CDE 4 Bytes [68, 90, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + B 77785CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + 6 77785D8E 4 Bytes [A8, 91, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + B 77785D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + 6 77785D9E 4 Bytes CALL 7678C634 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + B 77785DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + 6 77785DAE 4 Bytes [A8, 92, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + B 77785DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + 6 77785E0E 4 Bytes [68, 91, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + B 77785E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + 6 77785E1E 4 Bytes [68, 92, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + B 77785E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + 6 77785E2E 4 Bytes CALL 7678C6C5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + B 77785E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + 6 77785F3E 4 Bytes [A8, 90, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + B 77785F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + 6 77785FEE 4 Bytes CALL 7678C883 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + B 77785FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + 6 7778663E 4 Bytes [28, 91, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + B 77786643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + 6 7778669E 4 Bytes [28, 92, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + B 777866A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + 6 777869BE 4 Bytes [68, 93, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + B 777869C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!LdrUnloadDll 7779C8DE 5 Bytes JMP 007403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!LdrLoadDll 777A22B8 5 Bytes JMP 007401F8 ---- EOF - GMER 2.1 ----