GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-09 18:26:46 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1652GSX rev.LV010M 149,05GB Running: gmer.exe; Driver: C:\Users\Iza\AppData\Local\Temp\uxriipow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81C8F579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CB3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtCreateFile + 6 76F44A16 4 Bytes [28, 8C, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtCreateFile + B 76F44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtMapViewOfSection + 6 76F45076 4 Bytes [28, 8F, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtMapViewOfSection + B 76F4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenFile + 6 76F45126 4 Bytes [68, 8C, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenFile + B 76F4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcess + 6 76F451D6 4 Bytes [A8, 8D, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcess + B 76F451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessToken + 6 76F451E6 4 Bytes CALL 75F4F478 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessToken + B 76F451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessTokenEx + 6 76F451F6 4 Bytes [A8, 8E, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessTokenEx + B 76F451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThread + 6 76F45256 4 Bytes [68, 8D, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThread + B 76F4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadToken + 6 76F45266 4 Bytes [68, 8E, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadToken + B 76F4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadTokenEx + 6 76F45276 4 Bytes CALL 75F4F509 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadTokenEx + B 76F4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryAttributesFile + 6 76F45386 4 Bytes [A8, 8C, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryAttributesFile + B 76F4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryFullAttributesFile + 6 76F45436 4 Bytes CALL 75F4F6C7 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryFullAttributesFile + B 76F4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationFile + 6 76F45A86 4 Bytes [28, 8D, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationFile + B 76F45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationThread + 6 76F45AE6 4 Bytes [28, 8E, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationThread + B 76F45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtUnmapViewOfSection + 6 76F45E06 4 Bytes [68, 8F, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtUnmapViewOfSection + B 76F45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + 6 76F44A16 4 Bytes [28, 5C, FA, 00] {SUB [EDX+EDI*8+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + B 76F44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 76F45076 4 Bytes [28, 5F, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + B 76F4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + 6 76F45126 4 Bytes [68, 5C, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + B 76F4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + 6 76F451D6 4 Bytes [A8, 5D, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + B 76F451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + 6 76F451E6 4 Bytes CALL 75F54C48 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + B 76F451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + 6 76F451F6 4 Bytes [A8, 5E, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + B 76F451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + 6 76F45256 4 Bytes [68, 5D, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + B 76F4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + 6 76F45266 4 Bytes [68, 5E, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + B 76F4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + 6 76F45276 4 Bytes CALL 75F54CD9 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + B 76F4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + 6 76F45386 4 Bytes [A8, 5C, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + B 76F4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + 6 76F45436 4 Bytes CALL 75F54E97 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + B 76F4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + 6 76F45A86 4 Bytes [28, 5D, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + B 76F45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + 6 76F45AE6 4 Bytes [28, 5E, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + B 76F45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + 6 76F45E06 4 Bytes [68, 5F, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + B 76F45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + 6 76F44A16 4 Bytes [28, 48, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + B 76F44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + 6 76F45076 4 Bytes [28, 4B, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + B 76F4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + 6 76F45126 4 Bytes [68, 48, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + B 76F4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + 6 76F451D6 4 Bytes [A8, 49, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + B 76F451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + 6 76F451E6 4 Bytes CALL 75F47934 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + B 76F451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + 6 76F451F6 4 Bytes [A8, 4A, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + B 76F451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + 6 76F45256 4 Bytes [68, 49, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + B 76F4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + 6 76F45266 4 Bytes [68, 4A, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + B 76F4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + 6 76F45276 4 Bytes CALL 75F479C5 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + B 76F4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + 6 76F45386 4 Bytes [A8, 48, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + B 76F4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + 6 76F45436 4 Bytes CALL 75F47B83 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + B 76F4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + 6 76F45A86 4 Bytes [28, 49, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + B 76F45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + 6 76F45AE6 4 Bytes [28, 4A, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + B 76F45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + 6 76F45E06 4 Bytes [68, 4B, 27, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + B 76F45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtCreateFile + 6 76F44A16 4 Bytes [28, 30, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtCreateFile + B 76F44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtMapViewOfSection + 6 76F45076 4 Bytes [28, 33, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtMapViewOfSection + B 76F4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenFile + 6 76F45126 4 Bytes [68, 30, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenFile + B 76F4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenProcess + 6 76F451D6 4 Bytes [A8, 31, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenProcess + B 76F451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenProcessToken + 6 76F451E6 4 Bytes CALL 75F4EF1C C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenProcessToken + B 76F451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenProcessTokenEx + 6 76F451F6 4 Bytes [A8, 32, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenProcessTokenEx + B 76F451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenThread + 6 76F45256 4 Bytes [68, 31, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenThread + B 76F4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenThreadToken + 6 76F45266 4 Bytes [68, 32, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenThreadToken + B 76F4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenThreadTokenEx + 6 76F45276 4 Bytes CALL 75F4EFAD C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtOpenThreadTokenEx + B 76F4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtQueryAttributesFile + 6 76F45386 4 Bytes [A8, 30, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtQueryAttributesFile + B 76F4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtQueryFullAttributesFile + 6 76F45436 4 Bytes CALL 75F4F16B C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtQueryFullAttributesFile + B 76F4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtSetInformationFile + 6 76F45A86 4 Bytes [28, 31, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtSetInformationFile + B 76F45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtSetInformationThread + 6 76F45AE6 4 Bytes [28, 32, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtSetInformationThread + B 76F45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtUnmapViewOfSection + 6 76F45E06 4 Bytes [68, 33, 9D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1604] ntdll.dll!NtUnmapViewOfSection + B 76F45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtCreateFile + 6 76F44A16 4 Bytes [28, 4C, B4, 00] {SUB [ESP+ESI*4+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtCreateFile + B 76F44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtMapViewOfSection + 6 76F45076 4 Bytes [28, 4F, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtMapViewOfSection + B 76F4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenFile + 6 76F45126 4 Bytes [68, 4C, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenFile + B 76F4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcess + 6 76F451D6 4 Bytes [A8, 4D, B4, 00] {TEST AL, 0x4d; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcess + B 76F451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessToken + 6 76F451E6 4 Bytes CALL 75F50638 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessToken + B 76F451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessTokenEx + 6 76F451F6 4 Bytes [A8, 4E, B4, 00] {TEST AL, 0x4e; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenProcessTokenEx + B 76F451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThread + 6 76F45256 4 Bytes [68, 4D, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThread + B 76F4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadToken + 6 76F45266 4 Bytes [68, 4E, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadToken + B 76F4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadTokenEx + 6 76F45276 4 Bytes CALL 75F506C9 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtOpenThreadTokenEx + B 76F4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryAttributesFile + 6 76F45386 4 Bytes [A8, 4C, B4, 00] {TEST AL, 0x4c; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryAttributesFile + B 76F4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryFullAttributesFile + 6 76F45436 4 Bytes CALL 75F50887 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtQueryFullAttributesFile + B 76F4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationFile + 6 76F45A86 4 Bytes [28, 4D, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationFile + B 76F45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationThread + 6 76F45AE6 4 Bytes [28, 4E, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtSetInformationThread + B 76F45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtUnmapViewOfSection + 6 76F45E06 4 Bytes [68, 4F, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtUnmapViewOfSection + B 76F45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + 6 76F44A16 4 Bytes [28, 60, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + B 76F44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + 6 76F45076 4 Bytes [28, 63, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + B 76F4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + 6 76F45126 4 Bytes [68, 60, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + B 76F4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + 6 76F451D6 4 Bytes [A8, 61, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + B 76F451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessToken + 6 76F451E6 4 Bytes CALL 75F4914C C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessToken + B 76F451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + 6 76F451F6 4 Bytes [A8, 62, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + B 76F451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + 6 76F45256 4 Bytes [68, 61, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + B 76F4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + 6 76F45266 4 Bytes [68, 62, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + B 76F4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadTokenEx + 6 76F45276 4 Bytes CALL 75F491DD C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadTokenEx + B 76F4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + 6 76F45386 4 Bytes [A8, 60, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + B 76F4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryFullAttributesFile + 6 76F45436 4 Bytes CALL 75F4939B C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryFullAttributesFile + B 76F4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + 6 76F45A86 4 Bytes [28, 61, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + B 76F45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + 6 76F45AE6 4 Bytes [28, 62, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + B 76F45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + 6 76F45E06 4 Bytes [68, 63, 3F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + B 76F45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtCreateFile + 6 76F44A16 4 Bytes [28, 3C, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtCreateFile + B 76F44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtMapViewOfSection + 6 76F45076 4 Bytes [28, 3F, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtMapViewOfSection + B 76F4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenFile + 6 76F45126 4 Bytes [68, 3C, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenFile + B 76F4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcess + 6 76F451D6 4 Bytes [A8, 3D, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcess + B 76F451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcessToken + 6 76F451E6 4 Bytes CALL 75F4A028 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcessToken + B 76F451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcessTokenEx + 6 76F451F6 4 Bytes [A8, 3E, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcessTokenEx + B 76F451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThread + 6 76F45256 4 Bytes [68, 3D, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThread + B 76F4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThreadToken + 6 76F45266 4 Bytes [68, 3E, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThreadToken + B 76F4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThreadTokenEx + 6 76F45276 4 Bytes CALL 75F4A0B9 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThreadTokenEx + B 76F4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtQueryAttributesFile + 6 76F45386 4 Bytes [A8, 3C, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtQueryAttributesFile + B 76F4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtQueryFullAttributesFile + 6 76F45436 4 Bytes CALL 75F4A277 C:\Windows\system32\ole32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtQueryFullAttributesFile + B 76F4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationFile + 6 76F45A86 4 Bytes [28, 3D, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationFile + B 76F45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationThread + 6 76F45AE6 4 Bytes [28, 3E, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationThread + B 76F45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtUnmapViewOfSection + 6 76F45E06 4 Bytes [68, 3F, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtUnmapViewOfSection + B 76F45E0B 1 Byte [E2] ---- EOF - GMER 2.1 ----