GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-05 17:45:44 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: rihhkxc0.exe; Driver: C:\Users\Gibon\AppData\Local\Temp\kfndiaob.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\SYSTEM32\dbgcore.DLL [2884] entry point in ".rdata" section 00000000705bc940 ? C:\Windows\system32\apphelp.dll [2884] entry point in ".rdata" section 0000000073cbf7c0 ? C:\Windows\system32\apphelp.dll [3144] entry point in ".rdata" section 0000000073cbf7c0 ? C:\Windows\system32\apphelp.dll [3600] entry point in ".rdata" section 0000000073cbf7c0 ? C:\Windows\system32\wbem\wbemsvc.dll [3600] entry point in ".rdata" section 0000000070458fc0 ? C:\Windows\System32\ActXPrxy.dll [3600] entry point in ".rdata" section 000000006db39c50 ? C:\Windows\System32\iertutil.dll [3600] entry point in ".rdata" section 0000000072b33570 ? C:\Windows\System32\DSREG.DLL [3600] entry point in ".rdata" section 000000006ddef900 ? C:\Windows\system32\mssprxy.dll [3600] entry point in ".rdata" section 000000006de2a650 .text C:\Windows\Explorer.EXE[5564] C:\Windows\System32\KERNEL32.DLL!CreateProcessW 00007ffc6e35bec0 6 bytes {JMP QWORD [RIP+0xb4170]} ? C:\Windows\SYSTEM32\iertutil.dll [6856] entry point in ".rdata" section 0000000072b33570 ? C:\Windows\SYSTEM32\NTASN1.dll [6856] entry point in ".rdata" section 000000007000a020 ? C:\Windows\SYSTEM32\dbgcore.DLL [6856] entry point in ".rdata" section 00000000705bc940 ? C:\Windows\system32\ncryptsslp.dll [6856] entry point in ".rdata" section 000000006ffe04f0 ? C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [6856] entry point in ".rdata" section 0000000060ec7ec0 ? C:\Windows\System32\iertutil.dll [7432] entry point in ".rdata" section 0000000072b33570 ? C:\Windows\System32\DSREG.DLL [7432] entry point in ".rdata" section 000000006ddef900 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc6e4f65c0 16 bytes {MOV RAX, 0x7ffc487062b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8132] C:\Windows\System32\USER32.dll!CreateWindowExW 00007ffc6d4ec4f0 6 bytes {JMP QWORD [RIP+0x1c3b40]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8132] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8132] C:\Windows\system32\mswsock.dll!WSPStartup 00007ffc6a1e9850 6 bytes {JMP QWORD [RIP+0x767e0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\System32\USER32.dll!CreateWindowExW 00007ffc6d4ec4f0 6 bytes {JMP QWORD [RIP+0x1c3b40]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc6e4f6260 16 bytes {MOV RAX, 0x7ff77aa5f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc6e4f6540 16 bytes {MOV RAX, 0x7ff77aa5f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc6e4f6580 16 bytes {MOV RAX, 0x7ff77aa5fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc6e4f65a0 16 bytes {MOV RAX, 0x7ff77aa5fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc6e4f65c0 16 bytes {MOV RAX, 0x7ff77aa5f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffc6e4f6600 16 bytes {MOV RAX, 0x7ff77aa5f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc6e4f66a0 16 bytes {MOV RAX, 0x7ff77aa5fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc6e4f66c0 16 bytes {MOV RAX, 0x7ff77aa5fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc6e4f6720 16 bytes {MOV RAX, 0x7ff77aa5fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc6e4f6860 16 bytes {MOV RAX, 0x7ff77aa5fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc6e4f6b60 16 bytes {MOV RAX, 0x7ff77aa5fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc6e4f83d0 16 bytes {MOV RAX, 0x7ff77aa5fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc6e4f8490 16 bytes {MOV RAX, 0x7ff77aa5fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc6e4f8730 16 bytes {MOV RAX, 0x7ff77aa5fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8200] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc6e4f6260 16 bytes {MOV RAX, 0x7ff77aa5f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc6e4f6540 16 bytes {MOV RAX, 0x7ff77aa5f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc6e4f6580 16 bytes {MOV RAX, 0x7ff77aa5fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc6e4f65a0 16 bytes {MOV RAX, 0x7ff77aa5fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc6e4f65c0 16 bytes {MOV RAX, 0x7ff77aa5f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffc6e4f6600 16 bytes {MOV RAX, 0x7ff77aa5f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc6e4f66a0 16 bytes {MOV RAX, 0x7ff77aa5fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc6e4f66c0 16 bytes {MOV RAX, 0x7ff77aa5fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc6e4f6720 16 bytes {MOV RAX, 0x7ff77aa5fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc6e4f6860 16 bytes {MOV RAX, 0x7ff77aa5fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc6e4f6b60 16 bytes {MOV RAX, 0x7ff77aa5fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc6e4f83d0 16 bytes {MOV RAX, 0x7ff77aa5fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc6e4f8490 16 bytes {MOV RAX, 0x7ff77aa5fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc6e4f8730 16 bytes {MOV RAX, 0x7ff77aa5fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5860] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc6e4f6260 16 bytes {MOV RAX, 0x7ff77aa5f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc6e4f6540 16 bytes {MOV RAX, 0x7ff77aa5f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc6e4f6580 16 bytes {MOV RAX, 0x7ff77aa5fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc6e4f65a0 16 bytes {MOV RAX, 0x7ff77aa5fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc6e4f65c0 16 bytes {MOV RAX, 0x7ff77aa5f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffc6e4f6600 16 bytes {MOV RAX, 0x7ff77aa5f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc6e4f66a0 16 bytes {MOV RAX, 0x7ff77aa5fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc6e4f66c0 16 bytes {MOV RAX, 0x7ff77aa5fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc6e4f6720 16 bytes {MOV RAX, 0x7ff77aa5fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc6e4f6860 16 bytes {MOV RAX, 0x7ff77aa5fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc6e4f6b60 16 bytes {MOV RAX, 0x7ff77aa5fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc6e4f83d0 16 bytes {MOV RAX, 0x7ff77aa5fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc6e4f8490 16 bytes {MOV RAX, 0x7ff77aa5fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc6e4f8730 16 bytes {MOV RAX, 0x7ff77aa5fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8244] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc6e4f6260 16 bytes {MOV RAX, 0x7ff77aa5f960; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc6e4f6540 16 bytes {MOV RAX, 0x7ff77aa5f9e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc6e4f6580 16 bytes {MOV RAX, 0x7ff77aa5fdd0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc6e4f65a0 16 bytes {MOV RAX, 0x7ff77aa5fbc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc6e4f65c0 16 bytes {MOV RAX, 0x7ff77aa5f840; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffc6e4f6600 16 bytes {MOV RAX, 0x7ff77aa5f8b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc6e4f66a0 16 bytes {MOV RAX, 0x7ff77aa5fa50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc6e4f66c0 16 bytes {MOV RAX, 0x7ff77aa5fe20; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc6e4f6720 16 bytes {MOV RAX, 0x7ff77aa5fb40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc6e4f6860 16 bytes {MOV RAX, 0x7ff77aa5fb80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc6e4f6b60 16 bytes {MOV RAX, 0x7ff77aa5fac0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc6e4f83d0 16 bytes {MOV RAX, 0x7ff77aa5fe00; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc6e4f8490 16 bytes {MOV RAX, 0x7ff77aa5fda0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc6e4f8730 16 bytes {MOV RAX, 0x7ff77aa5fba0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8280] C:\Windows\System32\SHELL32.dll!SHFileOperationW 00007ffc6bc4e690 6 bytes {JMP QWORD [RIP+0x15119a0]} ? C:\Windows\system32\apphelp.dll [6324] entry point in ".rdata" section 0000000073cbf7c0 ? C:\Windows\system32\wbem\wbemsvc.dll [11040] entry point in ".rdata" section 0000000070458fc0 ? C:\Windows\SYSTEM32\NTASN1.dll [10864] entry point in ".rdata" section 000000007000a020 ? C:\Windows\SYSTEM32\iertutil.dll [10864] entry point in ".rdata" section 0000000072b33570 ? C:\Windows\system32\wbem\wbemsvc.dll [10316] entry point in ".rdata" section 0000000070458fc0 ? C:\Windows\SYSTEM32\NTASN1.dll [10316] entry point in ".rdata" section 000000007000a020 ? C:\Windows\system32\ncryptsslp.dll [10316] entry point in ".rdata" section 000000006ffe04f0 ? C:\Windows\system32\mssprxy.dll [10316] entry point in ".rdata" section 000000006de2a650 ? C:\Windows\System32\ActXPrxy.dll [10244] entry point in ".rdata" section 000000006db39c50 ? C:\Windows\SYSTEM32\iertutil.dll [10244] entry point in ".rdata" section 0000000072b33570 ? C:\Windows\SYSTEM32\NTASN1.dll [10244] entry point in ".rdata" section 000000007000a020 ? C:\Windows\system32\ncryptsslp.dll [10244] entry point in ".rdata" section 000000006ffe04f0 ? C:\Windows\SYSTEM32\NTASN1.dll [11644] entry point in ".rdata" section 000000007000a020 ? C:\Windows\system32\ncryptsslp.dll [11644] entry point in ".rdata" section 000000006ffe04f0 ? C:\Windows\system32\wbem\wbemsvc.dll [10312] entry point in ".rdata" section 0000000070458fc0 ? C:\Windows\SYSTEM32\NTASN1.dll [10312] entry point in ".rdata" section 000000007000a020 ? C:\Windows\system32\ncryptsslp.dll [10312] entry point in ".rdata" section 000000006ffe04f0 ? C:\Windows\system32\apphelp.dll [8540] entry point in ".rdata" section 0000000073cbf7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_unlock] [cccccccccccccccc] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!__dllonexit] [cccccccccccccccc] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_onexit] [130b928ec8348] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_lock] [8b480000279ae800] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_purecall] [574c98548c033c8] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_initterm] [ccccccccccccc328] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_amsg_exit] [4808588948c48b48] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_XcptFilter] [4c18788948107089] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!memset] [ec83485741207089] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_callnewh] [4cfa8b4c018b4820] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!malloc] [158d48f18b4cc28b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!free] [8b48ff330002fcc4] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_wcsnicmp] [850002ef9115ff00] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!wcsstr] [48000081d1880fc0] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!wcscat_s] [8b48c78b30245c8b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_wcsupr] [3824748b4840247c] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_wcsicmp] [c483484824748b4c] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!_vsnwprintf] [ccccccccc35f4120] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!sscanf_s] [83485340cccccccc] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[msvcrt.dll!memcmp] [e515ffda8b4820ec] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlNtStatusToDosError] [3300008241840fc0] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!NtCreateSection] [ccc35b20c48348c0] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlImageRvaToVa] [cccccccccccccccc] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlImageDirectoryEntryToData] [74894808245c8948] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlFreeHeap] [4940ec8348571024] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlAllocateHeap] [e8db33f18b48f88b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!NtOpenThreadToken] [2874c085fffff624] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!NtClose] [8d00038b11058b48] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!NtQueryInformationToken] [245c89ca8b440253] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!NtOpenProcessToken] [202444c7c78b4c28] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlInitUnicodeString] [ffce8b4800020003] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlCaptureContext] [d88b480002eef315] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlLookupFunctionEntry] [c38b485824748b48] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!RtlVirtualUnwind] [c4834850245c8b48] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ntdll.dll!NtQuerySection] [ccccccccccc35f40] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!UnmapViewOfFile] [245c8b48c38b3824] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetLocalTime] [ccc35f20c4834830] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!CreateFileMappingW] [cccccccccccccccc] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!FileTimeToSystemTime] [74894818245c8948] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!SystemTimeToFileTime] [5641544157552024] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetFileTime] [feb024ac8d485741] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetVersionExW] [250ec8148ffff] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!QueryActCtxW] [385e8058b4800] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!LoadLibraryExW] [140858948c43348] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetModuleFileNameW] [fa8b4ce433450000] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetModuleHandleW] [f18b4c402464894c] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!CreateActCtxW] [fc8b413424648944] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!ReleaseActCtx] [c985483024648944] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!ActivateActCtx] [854800007eea840f] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!DeactivateActCtx] [4800007ee1840fd2] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!MapViewOfFile] [443824548d48018b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!DisableThreadLibraryCalls] [de8b00007ec6880f] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!RaiseException] [8b880ff685] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetLastError] [f01e98300008027] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!lstrcmpiA] [1f983000000ac84] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!RegQueryValueExW] [8b4900008015850f] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!HeapFree] [8b493c24548d4806] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!BasepGetExeArchType] [8b483c24648944ce] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [2f26815ff4040] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!RegOpenKeyExW] [4378f685de8b0000] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!CreateFileW] [9d840f023c247c83] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetSystemDirectoryW] [8776058d4800007e] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!CloseHandle] [1482444c70003] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!LoadLibraryW] [c750244489480000] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!CheckElevationEnabled] [49fffffe49e84824] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetProcAddress] [9a840fc085480789] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!LocalFree] [15ffcf8b4800007f] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetProcessHeap] [8b48c38b0002f194] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!CreateProcessW] [cc3348000001408d] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!RegCloseKey] [9c8d4c00002f2be8] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!Sleep] [5b8b490000025024] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!UnhandledExceptionFilter] [e38b4948738b4940] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [5d5f5c415e415f41] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetCurrentProcess] [244c8d4c068b49c3] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!TerminateProcess] [48ce8b49c0334534] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!QueryPerformanceCounter] [ff01508d4138408b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetCurrentProcessId] [85f08b0002f1c315] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetCurrentThreadId] [8b00007ef0880fc0] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [244c8b9e78f685de] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!GetTickCount] [41e84024548d4834] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!SetWindowLongPtrW] [8300007ff78f0f13] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!SendMessageW] [f0bf983217d11f9] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!GetSystemMetrics] [cf98300007fab8e] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!GetWindowLongPtrW] [7e14740df9832074] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!SendDlgItemMessageW] [2c7077f0ff9830c] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!IsWindowEnabled] [2f80b8c300000008] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!GetDlgItem] [402c7c38898] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!GetParent] [202c7c300] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!EnableWindow] [ccccccccccccccc3] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!LoadStringA] [74894808245c8948] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!LoadStringW] [4118247c89481024] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[USER32.dll!InsertMenuW] [4cf63320ec834856] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHLWAPI.dll!PathFindExtensionW] [e8cc3348000000a0] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHLWAPI.dll!PathFindFileNameW] [707dbb8c3000000] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHLWAPI.dll!StrCmpIW] [cccccccccce1eb80] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHELL32.dll!SHParseDisplayName] [10fa8300007eb18e] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHELL32.dll!SHGetPathFromIDListW] [8d4800007f108f0f] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHELL32.dll!SHChangeNotify] [fffffd70e8202454] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHELL32.dll!SHGetNameFromIDList] [7fd8840fc085] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[SHELL32.dll!SHGetItemFromDataObject] [422030247c81c033] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[ole32.dll!CoGetObject] [b8107ec985450c4b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [85df8b00007eec88] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!NdrOleAllocate] [8d4c068b494f78ff] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [40247c8b4830244c] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [4c3424548bce8b49] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!IUnknown_Release_Proxy] [15ff38408b48c78b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [c085f08b0002f174] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [de8b00007ed5880f] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!NdrDllGetClassObject] [ffffff4b880ff685] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [582444893024448b] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [2444c750247c8948] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [ff15e90000000248] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [e940247c8b48ffff] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!NdrDllCanUnloadNow] [ccccccccffffff27] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_Connect] [b8ec8148cccccccc] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!NdrOleFree] [8406058b48000000] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [848948c433480003] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [15fa83000000a024] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[apphelp.dll!SdbReleaseDatabase] [7ff5870ffe8bd9] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[apphelp.dll!SdbQueryFlagMask] [158d480f468d4400] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[apphelp.dll!SdbGetAppPatchDir] [34b1e80002fd9c] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[apphelp.dll!SdbInitDatabase] [7fdd850fc08500] IAT C:\Windows\Explorer.EXE[5564] @ C:\Windows\system32\acppage.dll[apphelp.dll!SdbGetMatchingExe] [fff850f7bb60f00] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [744:808] ffffc50b175a6c20 Thread C:\Windows\Explorer.EXE [5564:9040] 00007ffc3ee320e0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1401805810 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x89 0xFF 0x89 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x89 0x67 0x4E 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x89 0x97 0xC5 0xD5 ... ---- Files - GMER 2.2 ---- File C:\Users\Gibon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01a3c0 843196 bytes File C:\Users\Gibon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01a3c1 905066 bytes ---- EOF - GMER 2.2 ----