GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-29 14:01:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: d7ninlgd.exe; Driver: C:\Users\Dawid\AppData\Local\Temp\awddikob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88005381d64 12 bytes {MOV RAX, 0xfffffa8006b632a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070ae1a22 2 bytes [AE, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070ae1ad0 2 bytes [AE, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070ae1b08 2 bytes [AE, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070ae1bba 2 bytes [AE, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070ae1bda 2 bytes [AE, 70] .text C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe[3820] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe[3820] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E7, 7E, C3] .text C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe[3820] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E7, 7E, C3, 90, ...] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3496] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3496] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E8, 7E, C3] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3496] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E8, 7E, C3, 90, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3516] C:\Windows\syswow64\KERNEL32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3516] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E7, 7E, C3] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3516] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E7, 7E, C3, 90, ...] .text C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[3524] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[3524] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E7, 7E, C3] .text C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[3524] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E7, 7E, C3, 90, ...] .text C:\Program Files (x86)\msi\MSI VGA Overclock Tool\VGAOCAP.exe[3608] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\msi\MSI VGA Overclock Tool\VGAOCAP.exe[3608] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E7, 7E, C3] .text C:\Program Files (x86)\msi\MSI VGA Overclock Tool\VGAOCAP.exe[3608] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E7, 7E, C3, 90, ...] .text C:\Program Files (x86)\msi\Cinema ProII\CinemaProII.exe[3708] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\msi\Cinema ProII\CinemaProII.exe[3708] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E7, 7E, C3] .text C:\Program Files (x86)\msi\Cinema ProII\CinemaProII.exe[3708] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E7, 7E, C3, 90, ...] .text C:\Program Files (x86)\msi\Cinema ProII\Cinema ProII Controler.exe[3592] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\msi\Cinema ProII\Cinema ProII Controler.exe[3592] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E8, 7E, C3] .text C:\Program Files (x86)\msi\Cinema ProII\Cinema ProII Controler.exe[3592] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E8, 7E, C3, 90, ...] .text C:\Program Files (x86)\msi\LockIndicator\LockIndicator.exe[3944] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[3188] C:\Windows\syswow64\KERNEL32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[3188] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E8, 7E, C3] .text C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[3188] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E8, 7E, C3, 90, ...] .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3208] C:\Windows\syswow64\KERNEL32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3208] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E8, 7E, C3] .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3208] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E8, 7E, C3, 90, ...] .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d80048 10 bytes [68, 42, 25, E8, 7E, C3, 90, ...] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3612] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5848] entry point in ".rdata" section 0000000058ae71e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0xc3f628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0xc3f668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0xc3f5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0xc3f528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0xc3f728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0xc3f768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0xc3f6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0xc3f6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0xc3f468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0xc3f4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0xc3f428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0xc3f5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0xc3f568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0xc3f4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x252e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x252e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x252da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x252d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x252f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x252f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x252ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x252ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x252c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x252ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x252c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x252de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x252d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x252ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x93ea28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x93ea68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x93e9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x93e928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x93eb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x93eb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x93eae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x93eaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x93e868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x93e8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x93e828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x93e9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x93e968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x93e8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x37e628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x37e668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x37e5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x37e528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x37e728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x37e768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x37e6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x37e6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x37e468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x37e4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x37e428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x37e5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x37e568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x37e4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x7b0a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x7b0a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x7b09a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x7b0928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x7b0b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x7b0b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x7b0ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x7b0aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x7b0868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x7b08a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x7b0828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x7b09e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x7b0968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x7b08e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x5c7228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x5c7268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x5c71a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x5c7128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x5c7328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x5c7368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x5c72e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x5c72a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x5c7068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x5c70a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x5c7028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x5c71e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x5c7168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x5c70e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x251a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x251a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x2519a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x251928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x251b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x251b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x251ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x251aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x251868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x2518a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x251828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x2519e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x251968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x2518e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x511e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x511e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x511da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x511d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x511f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x511f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x511ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x511ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x511c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x511ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x511c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x511de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x511d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x511ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x69e628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x69e668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x69e5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x69e528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x69e728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x69e768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x69e6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x69e6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x69e468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x69e4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x69e428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x69e5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x69e568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x69e4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x55fa28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x55fa68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x55f9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x55f928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x55fb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x55fb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x55fae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x55faa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x55f868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x55f8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x55f828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x55f9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x55f968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x55f8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0x251628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0x251668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0x2515a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0x251528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0x251728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0x251768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0x2516e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0x2516a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0x251468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0x2514a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0x251428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0x2515e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0x251568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0x2514e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0xa1f628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0xa1f668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0xa1f5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0xa1f528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0xa1f728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0xa1f768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0xa1f6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0xa1f6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0xa1f468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0xa1f4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0xa1f428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0xa1f5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0xa1f568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0xa1f4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0xab7628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0xab7668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0xab75a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0xab7528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0xab7728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0xab7768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0xab76e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0xab76a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0xab7468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0xab74a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0xab7428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0xab75e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0xab7568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0xab74e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d7f991 7 bytes {MOV EDX, 0xf5e228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d7fbd5 7 bytes {MOV EDX, 0xf5e268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d7fc05 7 bytes {MOV EDX, 0xf5e1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d7fc1d 7 bytes {MOV EDX, 0xf5e128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d7fc35 7 bytes {MOV EDX, 0xf5e328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d7fc65 7 bytes {MOV EDX, 0xf5e368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d7fce5 7 bytes {MOV EDX, 0xf5e2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d7fcfd 7 bytes {MOV EDX, 0xf5e2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d7fd49 7 bytes {MOV EDX, 0xf5e068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d7fe41 7 bytes {MOV EDX, 0xf5e0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d80099 7 bytes {MOV EDX, 0xf5e028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d810a5 7 bytes {MOV EDX, 0xf5e1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d8111d 7 bytes {MOV EDX, 0xf5e168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d81321 7 bytes {MOV EDX, 0xf5e0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe[6296] C:\Windows\syswow64\kernel32.dll!LoadAppInitDlls 0000000075846c93 4 bytes [33, C0, C3, 00] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe[6296] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076f14296 6 bytes [68, DF, 1D, E7, 7E, C3] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe[6296] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076f14889 11 bytes [68, B5, 1C, E7, 7E, C3, 90, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b51465 2 bytes [B5, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b514bb 2 bytes [B5, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010b1f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010b1cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010b269c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010b2a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010b28f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003760d18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Devices - GMER 2.1 ---- Device \Driver\avtilkr3 \Device\Scsi\avtilkr31Port1Path0Target0Lun0 fffffa8006e232c0 Device \Driver\avtilkr3 \Device\Scsi\avtilkr31 fffffa8006e232c0 Device \FileSystem\Ntfs \Ntfs fffffa80045cb2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8006c3c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80066712c0 Device \Driver\cdrom \Device\CdRom1 fffffa80066712c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8006c3c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{9C0BCEB5-7039-4446-8290-8A9F8CF026EC} fffffa800693f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0F1521DD-590E-44F2-9638-F32D6691AE05} fffffa800693f2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8006c3c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{AD1FE3FE-62D6-4333-A945-EE2BDA3B4AF8} fffffa800693f2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800693f2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8006c3c2c0 Device \Driver\avtilkr3 \Device\ScsiPort1 fffffa8006e232c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D4BF63E3-6B25-4856-AC7A-EAC2468C7318} fffffa800693f2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\avtilkr3.SYS fffff88007796000-fffff880077e7000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3612:4008] 000000007ee8e4ab ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{28CD7A26-82DE-4BD3-8497-DF8F1CAB73A7}\Connection@Name isatap.{0F1521DD-590E-44F2-9638-F32D6691AE05} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{28CD7A26-82DE-4BD3-8497-DF8F1CAB73A7}?\Device\{1AE40BE1-AA82-40E6-AEE8-A365D5F0CD0D}?\Device\{789C5E6C-0A76-4EB7-8DCD-1CB3BC44E3B2}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{28CD7A26-82DE-4BD3-8497-DF8F1CAB73A7}"?"{1AE40BE1-AA82-40E6-AEE8-A365D5F0CD0D}"?"{789C5E6C-0A76-4EB7-8DCD-1CB3BC44E3B2}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{28CD7A26-82DE-4BD3-8497-DF8F1CAB73A7}?\Device\TCPIP6TUNNEL_{1AE40BE1-AA82-40E6-AEE8-A365D5F0CD0D}?\Device\TCPIP6TUNNEL_{789C5E6C-0A76-4EB7-8DCD-1CB3BC44E3B2}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97183bd09 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97183bd09@68ebae36b8c7 0x5A 0xDD 0x9B 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{28CD7A26-82DE-4BD3-8497-DF8F1CAB73A7}@InterfaceName isatap.{0F1521DD-590E-44F2-9638-F32D6691AE05} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{28CD7A26-82DE-4BD3-8497-DF8F1CAB73A7}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-27-22-bd-18-88@ClientLocalPort 54015 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-27-22-bd-18-88@TeredoAddress 2001:0:5ef5:79fd:14a2:2d00:4f9b:386f Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 8813 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3298 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x01 0x29 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0xE8 0xB4 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0xEF 0x3E 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97183bd09 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97183bd09@68ebae36b8c7 0x5A 0xDD 0x9B 0x8D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x01 0x29 0x5A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0xE8 0xB4 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0xEF 0x3E 0xF1 ... ---- EOF - GMER 2.1 ----