GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-10 19:46:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: ysrj2zsy.exe; Driver: C:\Users\mentol\AppData\Local\Temp\uwdiypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7582b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7582b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 758a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 758a89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 758a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 758a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 758a8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7581fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000075d31555 2 bytes JMP 75826937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 758a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 758a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 758a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7581fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7582b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 758a906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2472] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 758a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c9bdb0 14 bytes {MOV RAX, 0x7fefad230f0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c9bc00 7 bytes [48, B8, 68, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077c9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077c9bd70 7 bytes [48, B8, C0, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077c9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c9bd90 7 bytes [48, B8, 3C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077c9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077c9bda0 7 bytes [48, B8, 3C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077c9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c9bdb0 7 bytes [48, B8, 48, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077c9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077c9bdd0 7 bytes [48, B8, 8C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077c9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077c9be20 7 bytes [48, B8, E4, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077c9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077c9be30 7 bytes [48, B8, 78, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077c9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077c9be60 7 bytes [48, B8, CC, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077c9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077c9bf00 7 bytes [48, B8, 14, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077c9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077c9c080 7 bytes [48, B8, 90, F1, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077c9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077c9caf0 7 bytes [48, B8, 60, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077c9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c9cb40 7 bytes [48, B8, 9C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077c9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077c9cc90 7 bytes [48, B8, 28, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077c9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c9bc00 7 bytes [48, B8, 68, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077c9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077c9bd70 7 bytes [48, B8, C0, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077c9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c9bd90 7 bytes [48, B8, 3C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077c9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077c9bda0 7 bytes [48, B8, 3C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077c9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c9bdb0 7 bytes [48, B8, 48, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077c9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077c9bdd0 7 bytes [48, B8, 8C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077c9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077c9be20 7 bytes [48, B8, E4, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077c9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077c9be30 7 bytes [48, B8, 78, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077c9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077c9be60 7 bytes [48, B8, CC, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077c9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077c9bf00 7 bytes [48, B8, 14, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077c9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077c9c080 7 bytes [48, B8, 90, F1, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077c9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077c9caf0 7 bytes [48, B8, 60, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077c9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c9cb40 7 bytes [48, B8, 9C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077c9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077c9cc90 7 bytes [48, B8, 28, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077c9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c9bc00 7 bytes [48, B8, 68, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077c9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077c9bd70 7 bytes [48, B8, C0, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077c9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c9bd90 7 bytes [48, B8, 3C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077c9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077c9bda0 7 bytes [48, B8, 3C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077c9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c9bdb0 7 bytes [48, B8, 48, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077c9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077c9bdd0 7 bytes [48, B8, 8C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077c9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077c9be20 7 bytes [48, B8, E4, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077c9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077c9be30 7 bytes [48, B8, 78, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077c9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077c9be60 7 bytes [48, B8, CC, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077c9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077c9bf00 7 bytes [48, B8, 14, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077c9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077c9c080 7 bytes [48, B8, 90, F1, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077c9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077c9caf0 7 bytes [48, B8, 60, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077c9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c9cb40 7 bytes [48, B8, 9C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077c9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077c9cc90 7 bytes [48, B8, 28, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077c9cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c9bc00 7 bytes [48, B8, 68, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077c9bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077c9bd70 7 bytes [48, B8, C0, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077c9bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c9bd90 7 bytes [48, B8, 3C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077c9bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077c9bda0 7 bytes [48, B8, 3C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077c9bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077c9bdb0 7 bytes [48, B8, 48, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077c9bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077c9bdd0 7 bytes [48, B8, 8C, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077c9bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077c9be20 7 bytes [48, B8, E4, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077c9be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077c9be30 7 bytes [48, B8, 78, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077c9be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077c9be60 7 bytes [48, B8, CC, F2, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077c9be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077c9bf00 7 bytes [48, B8, 14, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077c9bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077c9c080 7 bytes [48, B8, 90, F1, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077c9c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077c9caf0 7 bytes [48, B8, 60, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077c9caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c9cb40 7 bytes [48, B8, 9C, F3, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077c9cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077c9cc90 7 bytes [48, B8, 28, F4, 49, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077c9cc98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feef636880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feef635fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feef636868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feef636ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2112] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feef636860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feef636880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feef635fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feef636868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feef636ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feef636860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feef636880] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feef635fc4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feef636868] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feef636ca4] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feef636860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!memcpy] [7fee78df0f4] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!strchr] [7fee78df0e0] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!free] [7fee7904254] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!wcscat_s] [7fee790433c] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!wcscpy_s] [7fee7904520] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!strcpy_s] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!memset] [7fee7139ea0] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!_wcsnicmp] [7fee71477a0] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!isdigit] [7fee713c5b4] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!__RTDynamicCast] [7fee71474b0] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!wcsncpy_s] [7fee71338f0] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!qsort] [7fee713387c] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!??3@YAXPEAX@Z] [7fee7133e6c] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!??1type_info@@UEAA@XZ] [7fee7134020] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!_initterm] [7fee713c5b4] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!malloc] [7fee7134020] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!_XcptFilter] [7fee713ce68] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[msvcrt.dll!_wcsicmp] [7fee71392a8] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtOpenThreadToken] [7fee7133a54] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlNtStatusToDosError] [7fee713ba70] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlInitializeResource] [7fee714aa00] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlGetLastNtStatus] [7fee714466c] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlAcquireResourceExclusive] [7fee713c054] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlDeleteResource] [7fee714670c] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlReleaseResource] [7fee713c278] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtDeviceIoControlFile] [7fee7138dc4] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlCopyUnicodeString] [7fee7133be0] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtOpenFile] [7fee714fd78] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtImpersonateAnonymousToken] [7fee7135da0] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtCreateFile] [7fee7134020] C:\Windows\system32\framedynos.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtFsControlFile] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtSetInformationThread] [7feff8e10ac] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlCaptureContext] [7feff90ab88] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlLookupFunctionEntry] [7feff8f001c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlInitAnsiString] [7feff8e1520] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlOemStringToUnicodeString] [7feff8e8ea0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlUnicodeToOemN] [7feff8e1500] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NlsMbOemCodePageTag] [7feff92bfd4] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlVirtualUnwind] [7feff8e8e28] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!NtClose] [7feff920b58] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[ntdll.dll!RtlInitUnicodeString] [7feff8e137c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[RPCRT4.dll!RpcBindingFromStringBindingW] [77a40dc0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[RPCRT4.dll!NdrClientCall3] [77a43350] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[RPCRT4.dll!RpcStringFreeW] [77a44ea0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[RPCRT4.dll!RpcBindingFree] [77a43c30] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[RPCRT4.dll!RpcStringBindingComposeW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[RPCRT4.dll!I_RpcExceptionFilter] [7fefe5d1320] C:\Windows\system32\OLEAUT32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetCurrentProcessId] [7fefe05da70] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!UnhandledExceptionFilter] [7fefe0501b0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetCurrentProcess] [7fefe05d84c] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!TerminateProcess] [7fefe05e700] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!CloseHandle] [7fefe064250] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!CreateEventW] [7fefe064220] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!LocalFree] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!LocalAlloc] [77a49010] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetComputerNameExW] [77a7b9c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!SetUnhandledExceptionFilter] [77a7ba20] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetSystemTimeAsFileTime] [77a7bb00] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetCurrentThreadId] [77acbaa0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!DisableThreadLibraryCalls] [77a45180] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!FreeLibrary] [77a7c0b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetLastError] [77a433d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetProcAddress] [77a51760] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!LoadLibraryExA] [77a44ee0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!DelayLoadFailureHook] [77a43370] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!Sleep] [77a51480] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[3532] @ C:\Windows\system32\BROWCLI.DLL[KERNEL32.dll!GetTickCount] [77a514f0] C:\Windows\system32\kernel32.dll ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----