GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-14 15:07:22 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL032C 149,05GB Running: f5grn0f1.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90E52BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90E53684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90E5F6F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90E5F744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90E5F8DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90E5F666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90F09DF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90E5F6AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90F0A080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90F0A16A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90E5F898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90E54472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90E52C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90E57C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x90E527F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90F09ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90E52C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90E5805E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90E54F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90E5F722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90E5F766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90E5F902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90E5F68C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90E57560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90E5F816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90E5F6D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90E5794C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90E5F8BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90F09C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90E54DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90E54ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90E52CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90E52D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90F09FCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90E52892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90E52A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90E529F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90E5463C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90E5479E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90E52AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90F09D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90E542CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90E52DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90F09BA0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C57A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C91212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C98460 4 Bytes [A6, 2B, E5, 90] {CMPSB ; SUB ESP, EBP; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C984E8 4 Bytes [84, 36, E5, 90] {TEST [ESI], DH; IN EAX, 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C9853C 2 Bytes [F8, F6] .text ntkrnlpa.exe!KeRemoveQueueEx + 11AA 82C9853F 5 Bytes [90, 44, F7, E5, 90] {NOP ; INC ESP; MUL EBP; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C98548 4 Bytes [DE, F8, E5, 90] {FDIVP ST0, ST0; IN EAX, 0x90} .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E534EF 4 Bytes CALL 90E55641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E6D357 4 Bytes CALL 90E55657 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B141CF2] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[372] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\wininit.exe[424] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[436] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\services.exe[488] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\winlogon.exe[512] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1264] kernel32.dll!SetUnhandledExceptionFilter 7698F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1264] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[1344] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1348] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[1456] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1564] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text ... .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3368] kernel32.dll!SetUnhandledExceptionFilter 7698F5AB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3368] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3380] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3468] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3500] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[3764] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\avastui.exe[3988] kernel32.dll!SetUnhandledExceptionFilter 7698F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[3988] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4032] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\ChomikBox\chomikbox.exe[4060] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtCreateFile + 6 76E4560E 4 Bytes [28, 20, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtCreateFile + B 76E45613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtMapViewOfSection + 6 76E45C6E 4 Bytes [28, 23, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtMapViewOfSection + B 76E45C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenFile + 6 76E45D1E 4 Bytes [68, 20, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenFile + B 76E45D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcess + 6 76E45DCE 4 Bytes [A8, 21, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcess + B 76E45DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcessToken + 6 76E45DDE 4 Bytes CALL 75E4E004 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcessToken + B 76E45DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DEE 4 Bytes [A8, 22, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenProcessTokenEx + B 76E45DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThread + 6 76E45E4E 4 Bytes [68, 21, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThread + B 76E45E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThreadToken + 6 76E45E5E 4 Bytes [68, 22, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThreadToken + B 76E45E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E6E 4 Bytes CALL 75E4E095 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtOpenThreadTokenEx + B 76E45E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtQueryAttributesFile + 6 76E45F7E 4 Bytes [A8, 20, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtQueryAttributesFile + B 76E45F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtQueryFullAttributesFile + 6 76E4602E 4 Bytes CALL 75E4E253 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtQueryFullAttributesFile + B 76E46033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationFile + 6 76E4667E 4 Bytes [28, 21, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationFile + B 76E46683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationThread + 6 76E466DE 4 Bytes [28, 22, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtSetInformationThread + B 76E466E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtUnmapViewOfSection + 6 76E469FE 4 Bytes [68, 23, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!NtUnmapViewOfSection + B 76E46A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!LdrUnloadDll 76E5C8DE 5 Bytes JMP 008F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] ntdll.dll!LdrLoadDll 76E622AE 5 Bytes JMP 008F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4176] KERNEL32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Users\User\Downloads\f5grn0f1.exe[4368] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtMapViewOfSection + 6 76E45C6E 4 Bytes [18, 10, 9E, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtMapViewOfSection + B 76E45C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!LdrUnloadDll 76E5C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!LdrLoadDll 76E622AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4372] KERNEL32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + 6 76E4560E 4 Bytes [28, 14, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtCreateFile + B 76E45613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + 6 76E45C6E 4 Bytes [28, 17, 0B, 00] {SUB [EDI], DL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtMapViewOfSection + B 76E45C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + 6 76E45D1E 4 Bytes [68, 14, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenFile + B 76E45D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + 6 76E45DCE 4 Bytes [A8, 15, 0B, 00] {TEST AL, 0x15; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcess + B 76E45DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + 6 76E45DDE 4 Bytes CALL 75E468F8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessToken + B 76E45DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DEE 4 Bytes [A8, 16, 0B, 00] {TEST AL, 0x16; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenProcessTokenEx + B 76E45DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + 6 76E45E4E 4 Bytes [68, 15, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThread + B 76E45E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + 6 76E45E5E 4 Bytes [68, 16, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadToken + B 76E45E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E6E 4 Bytes CALL 75E46989 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtOpenThreadTokenEx + B 76E45E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + 6 76E45F7E 4 Bytes [A8, 14, 0B, 00] {TEST AL, 0x14; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryAttributesFile + B 76E45F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + 6 76E4602E 4 Bytes CALL 75E46B47 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtQueryFullAttributesFile + B 76E46033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + 6 76E4667E 4 Bytes [28, 15, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationFile + B 76E46683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + 6 76E466DE 4 Bytes [28, 16, 0B, 00] {SUB [ESI], DL; OR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtSetInformationThread + B 76E466E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 76E469FE 4 Bytes [68, 17, 0B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!NtUnmapViewOfSection + B 76E46A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!LdrUnloadDll 76E5C8DE 5 Bytes JMP 001103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] ntdll.dll!LdrLoadDll 76E622AE 5 Bytes JMP 001101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4624] KERNEL32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtCreateFile + 6 76E4560E 4 Bytes [28, 7C, 17, 00] {SUB [EDI+EDX+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtCreateFile + B 76E45613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtMapViewOfSection + 6 76E45C6E 4 Bytes [28, 7F, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtMapViewOfSection + B 76E45C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenFile + 6 76E45D1E 4 Bytes [68, 7C, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenFile + B 76E45D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcess + 6 76E45DCE 4 Bytes [A8, 7D, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcess + B 76E45DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessToken + 6 76E45DDE 4 Bytes CALL 75E47560 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessToken + B 76E45DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DEE 4 Bytes [A8, 7E, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenProcessTokenEx + B 76E45DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThread + 6 76E45E4E 4 Bytes [68, 7D, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThread + B 76E45E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadToken + 6 76E45E5E 4 Bytes [68, 7E, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadToken + B 76E45E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E6E 4 Bytes CALL 75E475F1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtOpenThreadTokenEx + B 76E45E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryAttributesFile + 6 76E45F7E 4 Bytes [A8, 7C, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryAttributesFile + B 76E45F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryFullAttributesFile + 6 76E4602E 4 Bytes CALL 75E477AF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtQueryFullAttributesFile + B 76E46033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationFile + 6 76E4667E 4 Bytes [28, 7D, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationFile + B 76E46683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationThread + 6 76E466DE 4 Bytes [28, 7E, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtSetInformationThread + B 76E466E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtUnmapViewOfSection + 6 76E469FE 4 Bytes [68, 7F, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!NtUnmapViewOfSection + B 76E46A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!LdrUnloadDll 76E5C8DE 5 Bytes JMP 002403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] ntdll.dll!LdrLoadDll 76E622AE 5 Bytes JMP 002401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5052] KERNEL32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + 6 76E4560E 4 Bytes [28, F8, 2C, 00] {SUB AL, BH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + B 76E45613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + 6 76E45C6E 4 Bytes [28, FB, 2C, 00] {SUB BL, BH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + B 76E45C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + 6 76E45D1E 4 Bytes [68, F8, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + B 76E45D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + 6 76E45DCE 4 Bytes [A8, F9, 2C, 00] {TEST AL, 0xf9; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + B 76E45DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + 6 76E45DDE 4 Bytes CALL 75E48ADC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + B 76E45DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DEE 4 Bytes [A8, FA, 2C, 00] {TEST AL, 0xfa; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + B 76E45DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + 6 76E45E4E 4 Bytes [68, F9, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + B 76E45E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + 6 76E45E5E 4 Bytes [68, FA, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + B 76E45E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E6E 4 Bytes CALL 75E48B6D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + B 76E45E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + 6 76E45F7E 4 Bytes [A8, F8, 2C, 00] {TEST AL, 0xf8; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + B 76E45F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + 6 76E4602E 4 Bytes CALL 75E48D2B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + B 76E46033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + 6 76E4667E 4 Bytes [28, F9, 2C, 00] {SUB CL, BH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + B 76E46683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + 6 76E466DE 4 Bytes [28, FA, 2C, 00] {SUB DL, BH; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + B 76E466E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + 6 76E469FE 4 Bytes [68, FB, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + B 76E46A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!LdrUnloadDll 76E5C8DE 5 Bytes JMP 003903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!LdrLoadDll 76E622AE 5 Bytes JMP 003901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] KERNEL32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Windows\servicing\TrustedInstaller.exe[5532] kernel32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtCreateFile + 6 76E4560E 4 Bytes [28, 6C, CF, 00] {SUB [EDI+ECX*8+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtCreateFile + B 76E45613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtMapViewOfSection + 6 76E45C6E 4 Bytes [28, 6F, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtMapViewOfSection + B 76E45C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenFile + 6 76E45D1E 4 Bytes [68, 6C, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenFile + B 76E45D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenProcess + 6 76E45DCE 4 Bytes [A8, 6D, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenProcess + B 76E45DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenProcessToken + 6 76E45DDE 4 Bytes CALL 75E52D50 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenProcessToken + B 76E45DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DEE 4 Bytes [A8, 6E, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenProcessTokenEx + B 76E45DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenThread + 6 76E45E4E 4 Bytes [68, 6D, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenThread + B 76E45E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenThreadToken + 6 76E45E5E 4 Bytes [68, 6E, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenThreadToken + B 76E45E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E6E 4 Bytes CALL 75E52DE1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtOpenThreadTokenEx + B 76E45E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtQueryAttributesFile + 6 76E45F7E 4 Bytes [A8, 6C, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtQueryAttributesFile + B 76E45F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtQueryFullAttributesFile + 6 76E4602E 4 Bytes CALL 75E52F9F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtQueryFullAttributesFile + B 76E46033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtSetInformationFile + 6 76E4667E 4 Bytes [28, 6D, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtSetInformationFile + B 76E46683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtSetInformationThread + 6 76E466DE 4 Bytes [28, 6E, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtSetInformationThread + B 76E466E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtUnmapViewOfSection + 6 76E469FE 4 Bytes [68, 6F, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!NtUnmapViewOfSection + B 76E46A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!LdrUnloadDll 76E5C8DE 5 Bytes JMP 00D503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] ntdll.dll!LdrLoadDll 76E622AE 5 Bytes JMP 00D501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5756] KERNEL32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtCreateFile + 6 76E4560E 4 Bytes [28, 58, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtCreateFile + B 76E45613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtMapViewOfSection + 6 76E45C6E 4 Bytes [28, 5B, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtMapViewOfSection + B 76E45C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenFile + 6 76E45D1E 4 Bytes [68, 58, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenFile + B 76E45D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcess + 6 76E45DCE 4 Bytes [A8, 59, 1A, 00] {TEST AL, 0x59; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcess + B 76E45DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessToken + 6 76E45DDE 4 Bytes CALL 75E4783C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessToken + B 76E45DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DEE 4 Bytes [A8, 5A, 1A, 00] {TEST AL, 0x5a; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessTokenEx + B 76E45DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThread + 6 76E45E4E 4 Bytes [68, 59, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThread + B 76E45E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadToken + 6 76E45E5E 4 Bytes [68, 5A, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadToken + B 76E45E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E6E 4 Bytes CALL 75E478CD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadTokenEx + B 76E45E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryAttributesFile + 6 76E45F7E 4 Bytes [A8, 58, 1A, 00] {TEST AL, 0x58; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryAttributesFile + B 76E45F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryFullAttributesFile + 6 76E4602E 4 Bytes CALL 75E47A8B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryFullAttributesFile + B 76E46033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationFile + 6 76E4667E 4 Bytes [28, 59, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationFile + B 76E46683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationThread + 6 76E466DE 4 Bytes [28, 5A, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationThread + B 76E466E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtUnmapViewOfSection + 6 76E469FE 4 Bytes [68, 5B, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtUnmapViewOfSection + B 76E46A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!LdrUnloadDll 76E5C8DE 5 Bytes JMP 002703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!LdrLoadDll 76E622AE 5 Bytes JMP 002701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5836] KERNEL32.dll!GetBinaryTypeW + 70 769A6AAC 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738D249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738B5652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738B5710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738D251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738C857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738C4D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738C50D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738C51AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [738C66DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738C82D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738C8824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738C9085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738CE228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738C4C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8555E1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8555c1f8]<< 8555c1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863bc648] 863bc648 Trace 3 CLASSPNP.SYS[8b77459e] -> nt!IofCallDriver -> [0x862ac918] 862ac918 Trace 5 ACPI.sys[8b1793d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862e5030] 862e5030 Trace \Driver\atapi[0x862dd9e8] -> IRP_MJ_CREATE -> 0x8555c1f8 8555c1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@002345016c44 0xD1 0xFB 0x8F 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@303855556cd1 0x5D 0x16 0x59 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@00180fcf7b7d 0x59 0x30 0xB5 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c8336142e91 0xB0 0xF4 0x91 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x8F 0xED 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@002345016c44 0xD1 0xFB 0x8F 0x7E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@303855556cd1 0x5D 0x16 0x59 0x6A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@00180fcf7b7d 0x59 0x30 0xB5 0x4E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c8336142e91 0xB0 0xF4 0x91 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x8F 0xED 0x7B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{24E0C56C-7FC6-11E1-B7C5-806E6F6E6963} 28191940608 ---- Files - GMER 2.1 ---- File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D3EE.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D48C.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D4DC.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D56A.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D5BA.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D60A.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D66A.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D6BA.tmp 0 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D6BB.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D71A.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D76A.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D7AB.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D839.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D889.tmp 0 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D89A.tmp 0 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D89B.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D929.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\D9A8.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\DA17.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\DA67.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\DAC7.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\DB17.tmp 0 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\DB18.tmp 28134 bytes File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\DB87.tmp 28134 bytes ---- EOF - GMER 2.1 ----