GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-17 15:46:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: l5x17kzb.exe; Driver: C:\Users\Damian\AppData\Local\Temp\uglirpod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002ffb000 45 bytes [00, 00, 15, 00, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002ffb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3600] entry point in ".rdata" section 000000006f3871e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007739f991 7 bytes {MOV EDX, 0x568a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007739fbd5 7 bytes {MOV EDX, 0x568a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007739fc05 7 bytes {MOV EDX, 0x5689a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007739fc1d 7 bytes {MOV EDX, 0x568928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007739fc35 7 bytes {MOV EDX, 0x568b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007739fc65 7 bytes {MOV EDX, 0x568b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007739fce5 7 bytes {MOV EDX, 0x568ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007739fcfd 7 bytes {MOV EDX, 0x568aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007739fd49 7 bytes {MOV EDX, 0x568868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007739fe41 7 bytes {MOV EDX, 0x5688a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773a0099 7 bytes {MOV EDX, 0x568828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773a10a5 7 bytes {MOV EDX, 0x5689e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773a111d 7 bytes {MOV EDX, 0x568968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773a1321 7 bytes {MOV EDX, 0x5688e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007739f991 7 bytes {MOV EDX, 0x2f8628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007739fbd5 7 bytes {MOV EDX, 0x2f8668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007739fc05 7 bytes {MOV EDX, 0x2f85a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007739fc1d 7 bytes {MOV EDX, 0x2f8528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007739fc35 7 bytes {MOV EDX, 0x2f8728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007739fc65 7 bytes {MOV EDX, 0x2f8768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007739fce5 7 bytes {MOV EDX, 0x2f86e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007739fcfd 7 bytes {MOV EDX, 0x2f86a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007739fd49 7 bytes {MOV EDX, 0x2f8468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007739fe41 7 bytes {MOV EDX, 0x2f84a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773a0099 7 bytes {MOV EDX, 0x2f8428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773a10a5 7 bytes {MOV EDX, 0x2f85e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773a111d 7 bytes {MOV EDX, 0x2f8568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773a1321 7 bytes {MOV EDX, 0x2f84e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007739f991 7 bytes {MOV EDX, 0x301a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007739fbd5 7 bytes {MOV EDX, 0x301a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007739fc05 7 bytes {MOV EDX, 0x3019a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007739fc1d 7 bytes {MOV EDX, 0x301928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007739fc35 7 bytes {MOV EDX, 0x301b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007739fc65 7 bytes {MOV EDX, 0x301b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007739fce5 7 bytes {MOV EDX, 0x301ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007739fcfd 7 bytes {MOV EDX, 0x301aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007739fd49 7 bytes {MOV EDX, 0x301868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007739fe41 7 bytes {MOV EDX, 0x3018a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773a0099 7 bytes {MOV EDX, 0x301828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773a10a5 7 bytes {MOV EDX, 0x3019e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773a111d 7 bytes {MOV EDX, 0x301968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773a1321 7 bytes {MOV EDX, 0x3018e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007739f991 7 bytes {MOV EDX, 0x901a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007739fbd5 7 bytes {MOV EDX, 0x901a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007739fc05 7 bytes {MOV EDX, 0x9019a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007739fc1d 7 bytes {MOV EDX, 0x901928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007739fc35 7 bytes {MOV EDX, 0x901b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007739fc65 7 bytes {MOV EDX, 0x901b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007739fce5 7 bytes {MOV EDX, 0x901ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007739fcfd 7 bytes {MOV EDX, 0x901aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007739fd49 7 bytes {MOV EDX, 0x901868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007739fe41 7 bytes {MOV EDX, 0x9018a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773a0099 7 bytes {MOV EDX, 0x901828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773a10a5 7 bytes {MOV EDX, 0x9019e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773a111d 7 bytes {MOV EDX, 0x901968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773a1321 7 bytes {MOV EDX, 0x9018e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007739f991 7 bytes {MOV EDX, 0xfcb228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007739fbd5 7 bytes {MOV EDX, 0xfcb268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007739fc05 7 bytes {MOV EDX, 0xfcb1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007739fc1d 7 bytes {MOV EDX, 0xfcb128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007739fc35 7 bytes {MOV EDX, 0xfcb328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007739fc65 7 bytes {MOV EDX, 0xfcb368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007739fce5 7 bytes {MOV EDX, 0xfcb2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007739fcfd 7 bytes {MOV EDX, 0xfcb2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007739fd49 7 bytes {MOV EDX, 0xfcb068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007739fe41 7 bytes {MOV EDX, 0xfcb0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773a0099 7 bytes {MOV EDX, 0xfcb028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773a10a5 7 bytes {MOV EDX, 0xfcb1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773a111d 7 bytes {MOV EDX, 0xfcb168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773a1321 7 bytes {MOV EDX, 0xfcb0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007739f991 7 bytes {MOV EDX, 0x113a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007739fbd5 7 bytes {MOV EDX, 0x113a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007739fc05 7 bytes {MOV EDX, 0x1139a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007739fc1d 7 bytes {MOV EDX, 0x113928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007739fc35 7 bytes {MOV EDX, 0x113b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007739fc65 7 bytes {MOV EDX, 0x113b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007739fce5 7 bytes {MOV EDX, 0x113ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007739fcfd 7 bytes {MOV EDX, 0x113aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007739fd49 7 bytes {MOV EDX, 0x113868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007739fe41 7 bytes {MOV EDX, 0x1138a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773a0099 7 bytes {MOV EDX, 0x113828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773a10a5 7 bytes {MOV EDX, 0x1139e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773a111d 7 bytes {MOV EDX, 0x113968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773a1321 7 bytes {MOV EDX, 0x1138e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007739f991 7 bytes {MOV EDX, 0x6e4a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007739fbd5 7 bytes {MOV EDX, 0x6e4a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007739fc05 7 bytes {MOV EDX, 0x6e49a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007739fc1d 7 bytes {MOV EDX, 0x6e4928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007739fc35 7 bytes {MOV EDX, 0x6e4b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007739fc65 7 bytes {MOV EDX, 0x6e4b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007739fce5 7 bytes {MOV EDX, 0x6e4ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007739fcfd 7 bytes {MOV EDX, 0x6e4aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007739fd49 7 bytes {MOV EDX, 0x6e4868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007739fe41 7 bytes {MOV EDX, 0x6e48a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773a0099 7 bytes {MOV EDX, 0x6e4828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773a10a5 7 bytes {MOV EDX, 0x6e49e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773a111d 7 bytes {MOV EDX, 0x6e4968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773a1321 7 bytes {MOV EDX, 0x6e48e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074de1465 2 bytes [DE, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074de14bb 2 bytes [DE, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1500:1716] 000007fef9a92a7c ---- EOF - GMER 2.1 ----