GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-14 14:57:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: ctzi0mte.exe; Driver: C:\Users\PAWELP~1\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1940] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072d61a22 2 bytes [D6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1940] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072d61ad0 2 bytes [D6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1940] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072d61b08 2 bytes [D6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1940] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072d61bba 2 bytes [D6, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1940] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072d61bda 2 bytes [D6, 72] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [4520] entry point in ".rdata" section 00000000680371e6 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3f991 7 bytes {MOV EDX, 0xef9e28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fbd5 7 bytes {MOV EDX, 0xef9e68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fc05 7 bytes {MOV EDX, 0xef9da8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fc1d 7 bytes {MOV EDX, 0xef9d28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fc35 7 bytes {MOV EDX, 0xef9f28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fc65 7 bytes {MOV EDX, 0xef9f68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fce5 7 bytes {MOV EDX, 0xef9ee8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fcfd 7 bytes {MOV EDX, 0xef9ea8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fd49 7 bytes {MOV EDX, 0xef9c68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3fe41 7 bytes {MOV EDX, 0xef9ca8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40099 7 bytes {MOV EDX, 0xef9c28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c410a5 7 bytes {MOV EDX, 0xef9de8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c4111d 7 bytes {MOV EDX, 0xef9d68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c41321 7 bytes {MOV EDX, 0xef9ce8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3f991 7 bytes {MOV EDX, 0xd33628; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fbd5 7 bytes {MOV EDX, 0xd33668; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fc05 7 bytes {MOV EDX, 0xd335a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fc1d 7 bytes {MOV EDX, 0xd33528; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fc35 7 bytes {MOV EDX, 0xd33728; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fc65 7 bytes {MOV EDX, 0xd33768; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fce5 7 bytes {MOV EDX, 0xd336e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fcfd 7 bytes {MOV EDX, 0xd336a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fd49 7 bytes {MOV EDX, 0xd33468; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3fe41 7 bytes {MOV EDX, 0xd334a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40099 7 bytes {MOV EDX, 0xd33428; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c410a5 7 bytes {MOV EDX, 0xd335e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c4111d 7 bytes {MOV EDX, 0xd33568; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c41321 7 bytes {MOV EDX, 0xd334e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3f991 7 bytes {MOV EDX, 0x7c5228; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fbd5 7 bytes {MOV EDX, 0x7c5268; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fc05 7 bytes {MOV EDX, 0x7c51a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fc1d 7 bytes {MOV EDX, 0x7c5128; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fc35 7 bytes {MOV EDX, 0x7c5328; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fc65 7 bytes {MOV EDX, 0x7c5368; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fce5 7 bytes {MOV EDX, 0x7c52e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fcfd 7 bytes {MOV EDX, 0x7c52a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fd49 7 bytes {MOV EDX, 0x7c5068; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3fe41 7 bytes {MOV EDX, 0x7c50a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40099 7 bytes {MOV EDX, 0x7c5028; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c410a5 7 bytes {MOV EDX, 0x7c51e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c4111d 7 bytes {MOV EDX, 0x7c5168; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c41321 7 bytes {MOV EDX, 0x7c50e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\RadioSure\RadioSure.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\RadioSure\RadioSure.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Program Files (x86)\TuneUp Utilities 2013\integrator.exe[4372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Program Files (x86)\TuneUp Utilities 2013\integrator.exe[4372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3f991 7 bytes {MOV EDX, 0x6caa28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fbd5 7 bytes {MOV EDX, 0x6caa68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fc05 7 bytes {MOV EDX, 0x6ca9a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fc1d 7 bytes {MOV EDX, 0x6ca928; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fc35 7 bytes {MOV EDX, 0x6cab28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fc65 7 bytes {MOV EDX, 0x6cab68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fce5 7 bytes {MOV EDX, 0x6caae8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fcfd 7 bytes {MOV EDX, 0x6caaa8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fd49 7 bytes {MOV EDX, 0x6ca868; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3fe41 7 bytes {MOV EDX, 0x6ca8a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40099 7 bytes {MOV EDX, 0x6ca828; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c410a5 7 bytes {MOV EDX, 0x6ca9e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c4111d 7 bytes {MOV EDX, 0x6ca968; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c41321 7 bytes {MOV EDX, 0x6ca8e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3f991 7 bytes {MOV EDX, 0xd57e28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fbd5 7 bytes {MOV EDX, 0xd57e68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fc05 7 bytes {MOV EDX, 0xd57da8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fc1d 7 bytes {MOV EDX, 0xd57d28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fc35 7 bytes {MOV EDX, 0xd57f28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fc65 7 bytes {MOV EDX, 0xd57f68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fce5 7 bytes {MOV EDX, 0xd57ee8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fcfd 7 bytes {MOV EDX, 0xd57ea8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fd49 7 bytes {MOV EDX, 0xd57c68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3fe41 7 bytes {MOV EDX, 0xd57ca8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40099 7 bytes {MOV EDX, 0xd57c28; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c410a5 7 bytes {MOV EDX, 0xd57de8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c4111d 7 bytes {MOV EDX, 0xd57d68; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c41321 7 bytes {MOV EDX, 0xd57ce8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3f991 7 bytes {MOV EDX, 0x965628; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fbd5 7 bytes {MOV EDX, 0x965668; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fc05 7 bytes {MOV EDX, 0x9655a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fc1d 7 bytes {MOV EDX, 0x965528; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fc35 7 bytes {MOV EDX, 0x965728; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fc65 7 bytes {MOV EDX, 0x965768; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fce5 7 bytes {MOV EDX, 0x9656e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fcfd 7 bytes {MOV EDX, 0x9656a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fd49 7 bytes {MOV EDX, 0x965468; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3fe41 7 bytes {MOV EDX, 0x9654a8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40099 7 bytes {MOV EDX, 0x965428; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c410a5 7 bytes {MOV EDX, 0x9655e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c4111d 7 bytes {MOV EDX, 0x965568; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c41321 7 bytes {MOV EDX, 0x9654e8; JMP RDX} .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bf1465 2 bytes [BF, 77] .text C:\Users\Pawel PC\AppData\Local\Google\Chrome\Application\chrome.exe[5696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bf14bb 2 bytes [BF, 77] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\O22y Inc\The Elder Scrolls V Skyrim \x2013 Dawnguard\Uninstall\unins000.exe 1 ---- EOF - GMER 2.1 ----