GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-19 23:49:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD502IJ rev.1AA01110 465,76GB Running: 2c54d06j.exe; Driver: C:\Users\SAWNY~1\AppData\Local\Temp\kwrdipod.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770e1465 2 bytes [0E, 77] .text C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770e14bb 2 bytes [0E, 77] .text ... * 2 .text C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770e1465 2 bytes [0E, 77] .text C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770e14bb 2 bytes [0E, 77] .text ... * 2 .text C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770e1465 2 bytes [0E, 77] .text C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770e14bb 2 bytes [0E, 77] .text ... * 2 .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770e1465 2 bytes [0E, 77] .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770e14bb 2 bytes [0E, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770e1465 2 bytes [0E, 77] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770e14bb 2 bytes [0E, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770e1465 2 bytes [0E, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770e14bb 2 bytes [0E, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f81590 14 bytes {MOV RAX, 0x7feead064e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f813e0 7 bytes [48, B8, 60, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f813e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f81550 7 bytes [48, B8, E0, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f81558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 7 bytes [48, B8, D0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f81578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f81580 7 bytes [48, B8, C0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f81588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f81590 7 bytes [48, B8, 40, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f81598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f815b0 7 bytes [48, B8, B0, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f815b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f81600 7 bytes [48, B8, 50, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f81608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f81610 7 bytes [48, B8, 20, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f81618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f81640 7 bytes [48, B8, 40, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f81648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f816e0 7 bytes [48, B8, 80, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f816e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f81860 7 bytes [48, B8, C0, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f81868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f822d0 7 bytes [48, B8, 00, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f822d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 7 bytes [48, B8, A0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f82328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f82470 7 bytes [48, B8, A0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f82478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f813e0 7 bytes [48, B8, 60, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f813e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f81550 7 bytes [48, B8, E0, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f81558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 7 bytes [48, B8, D0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f81578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f81580 7 bytes [48, B8, C0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f81588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f81590 7 bytes [48, B8, 40, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f81598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f815b0 7 bytes [48, B8, B0, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f815b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f81600 7 bytes [48, B8, 50, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f81608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f81610 7 bytes [48, B8, 20, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f81618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f81640 7 bytes [48, B8, 40, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f81648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f816e0 7 bytes [48, B8, 80, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f816e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f81860 7 bytes [48, B8, C0, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f81868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f822d0 7 bytes [48, B8, 00, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f822d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 7 bytes [48, B8, A0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f82328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f82470 7 bytes [48, B8, A0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f82478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f813e0 7 bytes [48, B8, 60, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f813e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f81550 7 bytes [48, B8, E0, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f81558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 7 bytes [48, B8, D0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f81578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f81580 7 bytes [48, B8, C0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f81588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f81590 7 bytes [48, B8, 40, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f81598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f815b0 7 bytes [48, B8, B0, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f815b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f81600 7 bytes [48, B8, 50, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f81608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f81610 7 bytes [48, B8, 20, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f81618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f81640 7 bytes [48, B8, 40, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f81648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f816e0 7 bytes [48, B8, 80, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f816e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f81860 7 bytes [48, B8, C0, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f81868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f822d0 7 bytes [48, B8, 00, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f822d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 7 bytes [48, B8, A0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f82328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f82470 7 bytes [48, B8, A0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f82478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f813e0 7 bytes [48, B8, 60, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f813e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f81550 7 bytes [48, B8, E0, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f81558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 7 bytes [48, B8, D0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f81578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f81580 7 bytes [48, B8, C0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f81588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f81590 7 bytes [48, B8, 40, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f81598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f815b0 7 bytes [48, B8, B0, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f815b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f81600 7 bytes [48, B8, 50, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f81608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f81610 7 bytes [48, B8, 20, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f81618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f81640 7 bytes [48, B8, 40, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f81648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f816e0 7 bytes [48, B8, 80, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f816e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f81860 7 bytes [48, B8, C0, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f81868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f822d0 7 bytes [48, B8, 00, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f822d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 7 bytes [48, B8, A0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f82328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f82470 7 bytes [48, B8, A0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f82478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f813e0 7 bytes [48, B8, 60, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f813e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f81550 7 bytes [48, B8, E0, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f81558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 7 bytes [48, B8, D0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f81578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f81580 7 bytes [48, B8, C0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f81588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f81590 7 bytes [48, B8, 40, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f81598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f815b0 7 bytes [48, B8, B0, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f815b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f81600 7 bytes [48, B8, 50, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f81608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f81610 7 bytes [48, B8, 20, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f81618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f81640 7 bytes [48, B8, 40, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f81648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f816e0 7 bytes [48, B8, 80, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f816e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f81860 7 bytes [48, B8, C0, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f81868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f822d0 7 bytes [48, B8, 00, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f822d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 7 bytes [48, B8, A0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f82328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f82470 7 bytes [48, B8, A0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f82478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f813e0 7 bytes [48, B8, 60, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076f813e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076f81550 7 bytes [48, B8, E0, 0D, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076f81558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 7 bytes [48, B8, D0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076f81578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076f81580 7 bytes [48, B8, C0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076f81588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f81590 7 bytes [48, B8, 40, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076f81598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076f815b0 7 bytes [48, B8, B0, 0C, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076f815b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076f81600 7 bytes [48, B8, 50, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076f81608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076f81610 7 bytes [48, B8, 20, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076f81618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f81640 7 bytes [48, B8, 40, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076f81648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076f816e0 7 bytes [48, B8, 80, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076f816e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f81860 7 bytes [48, B8, C0, 0E, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076f81868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076f822d0 7 bytes [48, B8, 00, 12, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076f822d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 7 bytes [48, B8, A0, 11, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076f82328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076f82470 7 bytes [48, B8, A0, 0F, 66, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076f82478 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee56fe23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee56fe9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee56fec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee56fe9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2852] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee483bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee56fe23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee56fe9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee56fec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee56fe9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2400] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee483bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee56fe23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee56fe9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee56fec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee56fe9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4536] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee483bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee56fe23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee56fe9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee56fec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee56fe9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4744] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee483bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee56fe23c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee56fe9a8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee56fec08] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee56fe9c0] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee483bd5c] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread System [4:2304] fffffa8006291058 Thread System [4:2308] fffffa80062bf9c8 Thread System [4:2316] fffffa80062c8cf8 Thread System [4:2320] fffffa80062c75f4 Thread System [4:2328] fffffa80062c113c Thread C:\Windows\system32\svchost.exe [992:1860] 0000000001500c6c Thread C:\Windows\system32\svchost.exe [992:1252] 0000000001500c6c Thread C:\Windows\system32\svchost.exe [992:1244] 0000000001500c6c Thread C:\Windows\system32\svchost.exe [992:2460] 00000000014f7378 Thread C:\Windows\system32\svchost.exe [992:2464] 00000000014f7378 Thread C:\Windows\Explorer.EXE [1404:3268] 0000000003d2449c Thread C:\Windows\Explorer.EXE [1404:3272] 000000000739d680 Thread C:\Windows\Explorer.EXE [1404:3280] 00000000074657e8 Thread C:\Windows\Explorer.EXE [1404:3284] 00000000074657e8 Thread C:\Windows\Explorer.EXE [1404:3288] 00000000074657e8 Thread C:\Windows\Explorer.EXE [1404:3292] 00000000074657e8 ---- EOF - GMER 2.2 ----