GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-29 21:08:08 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD250HJ rev.FH100-06 232,88GB Running: i2bcqbz1.exe; Driver: J:\Users\Zacny\AppData\Local\Temp\awddikod.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A87A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC11F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text J:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A20000, 0x1458B8, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text J:\Windows\system32\wininit.exe[464] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\winlogon.exe[520] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\services.exe[564] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\lsass.exe[576] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\svchost.exe[692] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, D8, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, DB, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, D8, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, D9, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76AA077C J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, DA, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, D9, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, DA, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76AA080D J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, D8, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76AA09CB J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, D9, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, DA, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, DB, A9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[700] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Skype\Phone\Skype.exe[728] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\svchost.exe[756] user32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\atiesrxx.exe[816] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\System32\svchost.exe[896] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text ... .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, 7C, D9, 00] {SUB [ECX+EBX*8+0x0], BH} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, 7F, D9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, 7C, D9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, 7D, D9, 00] {TEST AL, 0x7d; FLD DWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76AA3720 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, 7E, D9, 00] {TEST AL, 0x7e; FLD DWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, 7D, D9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, 7E, D9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76AA37B1 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, 7C, D9, 00] {TEST AL, 0x7c; FLD DWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76AA396F J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, 7D, D9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, 7E, D9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, 7F, D9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\Explorer.EXE[2148] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\taskhost.exe[2240] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2340] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 J:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, EC, DC, 00] {SUB AH, CH; FADD QWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, EF, DC, 00] {SUB BH, CH; FADD QWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, EC, DC, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, ED, DC, 00] {TEST AL, 0xed; FADD QWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76AA3A90 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, EE, DC, 00] {TEST AL, 0xee; FADD QWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, ED, DC, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, EE, DC, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76AA3B21 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, EC, DC, 00] {TEST AL, 0xec; FADD QWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76AA3CDF J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, ED, DC, 00] {SUB CH, CH; FADD QWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, EE, DC, 00] {SUB DH, CH; FADD QWORD [EAX]} .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, EF, DC, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2436] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, F0, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, F3, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, F0, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, F1, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76A96B94 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, F2, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, F1, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, F2, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76A96C25 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, F0, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76A96DE3 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, F1, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, F2, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, F3, 0D, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[2492] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\SearchIndexer.exe[2740] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2856] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, 9C, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, 9F, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, 9C, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, 9D, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76AA2740 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, 9E, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, 9D, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, 9E, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76AA27D1 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, 9C, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76AA298F J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, 9D, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, 9E, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, 9F, C9, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3028] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Users\Zacny\Downloads\i2bcqbz1.exe[3084] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3096] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, B8, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, BB, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, B8, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, B9, B1, 00] {TEST AL, 0xb9; MOV CL, 0x0} .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76AA0F5C J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, BA, B1, 00] {TEST AL, 0xba; MOV CL, 0x0} .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, B9, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, BA, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76AA0FED J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, B8, B1, 00] {TEST AL, 0xb8; MOV CL, 0x0} .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76AA11AB J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, B9, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, BA, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, BB, B1, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[3548] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, B0, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, B3, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, B0, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, B1, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76AA2154 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, B2, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, B1, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, B2, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76AA21E5 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, B0, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76AA23A3 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, B1, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, B2, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, B3, C3, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[4436] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text G:\Gry\League of Legends\RADS\system\rads_user_kernel.exe[4944] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text G:\Gry\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.171\deploy\LoLLauncher.exe[5108] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + 6 77A955CE 4 Bytes [28, A4, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + B 77A955D3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + 6 77A95C2E 4 Bytes [28, A7, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + B 77A95C33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + 6 77A95CDE 4 Bytes [68, A4, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + B 77A95CE3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + 6 77A95D8E 4 Bytes [A8, A5, E2, 00] {TEST AL, 0xa5; LOOP 0x4} .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + B 77A95D93 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + 6 77A95D9E 4 Bytes CALL 76AA4048 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + B 77A95DA3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + 6 77A95DAE 4 Bytes [A8, A6, E2, 00] {TEST AL, 0xa6; LOOP 0x4} .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + B 77A95DB3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + 6 77A95E0E 4 Bytes [68, A5, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + B 77A95E13 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + 6 77A95E1E 4 Bytes [68, A6, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + B 77A95E23 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + 6 77A95E2E 4 Bytes CALL 76AA40D9 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + B 77A95E33 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + 6 77A95F3E 4 Bytes [A8, A4, E2, 00] {TEST AL, 0xa4; LOOP 0x4} .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + B 77A95F43 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + 6 77A95FEE 4 Bytes CALL 76AA4297 J:\Windows\system32\SHELL32.dll .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + B 77A95FF3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + 6 77A9663E 4 Bytes [28, A5, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + B 77A96643 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + 6 77A9669E 4 Bytes [28, A6, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + B 77A966A3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + 6 77A969BE 4 Bytes [68, A7, E2, 00] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + B 77A969C3 1 Byte [E2] .text J:\Program Files\Google\Chrome\Application\chrome.exe[5832] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\taskeng.exe[6104] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Windows\system32\wuauclt.exe[6124] USER32.dll!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll .text J:\Users\Zacny\Downloads\OTL.exe[6128] user32.DLL!DialogBoxParamW 76543B9B 5 Bytes JMP 75954970 j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll ---- User IAT/EAT - GMER 2.1 ---- IAT J:\Windows\system32\winlogon.exe[520] @ J:\Windows\system32\winlogon.exe [ntdll.dll!NtClose] [7595E470] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\winlogon.exe[520] @ J:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [7595A420] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtDeleteFile] [7595A6F0] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtQueryInformationFile] [75959E10] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtSetInformationFile] [7595A740] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtDeleteKey] [7595E4F0] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtOpenKey] [7595E3B0] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtEnumerateKey] [7595E180] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtDeleteValueKey] [7595E540] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtSetValueKey] [7595E2D0] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtQueryValueKey] [7595E260] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtCreateKey] [7595E340] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtOpenFile] [7595A590] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtQueryKey] [75959DD0] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\system32\services.exe[564] @ J:\Windows\system32\services.exe [ntdll.dll!NtClose] [7595E470] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\Explorer.EXE[2148] @ J:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [7595A420] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\Explorer.EXE[2148] @ J:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [7595A3D0] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll IAT J:\Windows\Explorer.EXE[2148] @ J:\Windows\Explorer.EXE [ntdll.dll!NtClose] [7595E470] j:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll ---- EOF - GMER 2.1 ----