GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-30 00:48:08 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HE502IJ rev.1AA01113 465,76GB Running: 0yizkkbl.exe; Driver: C:\Users\CRISS\AppData\Local\Temp\kwddykow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xBD74A990] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0xBD6FB1CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0xBD6FB400] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xBD6FAFC8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xBD74D55C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0xBD70EE90] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0xBD7B4F80] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0xBD74CBD8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xBD74C51E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xBD6EB640] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xBD74AAD2] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0xBD7B5040] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xBD70EEB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xBD74C052] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xBD74D78C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xBD74C67E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0xBD70EEA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryIntervalProfile [0xBD70EEE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xBD74D1C6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xBD6FB2D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xBD74CEE2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xBD6FB0C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xBD74D048] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xBD6EBA5A] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xBD7B5000] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xBD74C25A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xBD74CD82] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xBD7B4FC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xBD74C3C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xBD74C882] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xBD74D894] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xBD74D61E] INT 0x52 ? B27AB558 INT 0x62 ? B0740058 INT 0x72 ? B27ABA58 INT 0x82 ? B07402D8 INT 0x91 ? B27F72D8 INT 0x92 ? B07407D8 INT 0xA2 ? B0740558 INT 0xB1 ? B0740CD8 INT 0xB2 ? B27ABCD8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D E3E43A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E3E7D212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 E3E8446C 4 Bytes [90, A9, 74, BD] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF E3E84494 4 Bytes [CE, B1, 6F, BD] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 E3E844D8 4 Bytes [00, B4, 6F, BD] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 E3E84528 4 Bytes [C8, AF, 6F, BD] {ENTER 0x6faf, 0xbd} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 E3E8458C 4 Bytes [5C, D5, 74, BD] .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0xB7B42089] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1656] kernel32.dll!SetUnhandledExceptionFilter 76F2F5AB 4 Bytes [C2, 04, 00, 00] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1788] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1788] ntdll.dll!NtProtectVirtualMemory 773B5F58 5 Bytes JMP 6FA51ED6 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1788] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1788] USER32.dll!NotifyWinEvent + 5B2 7718D570 4 Bytes [0B, 26, A5, 6F] {OR ESP, [ESI]; MOVSD ; OUTS DX, DWORD [ESI]} .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1788] USER32.dll!NotifyWinEvent + 6AE 7718D66C 4 Bytes [1B, 2F, A5, 6F] {SBB EBP, [EDI]; MOVSD ; OUTS DX, DWORD [ESI]} ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1788] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, B4, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, B7, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, B4, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, B5, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, B6, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, B5, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, B6, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, B4, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, B5, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, B6, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, B7, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, 64, 65, 00] {SUB [EBP+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, 67, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, 64, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, 65, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, 66, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, 65, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, 66, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, 64, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, 65, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, 66, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, 67, 65, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, 44, AA, 00] {SUB [EDX+EBP*4+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, 47, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, 44, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, 45, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, 46, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, 45, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, 46, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, 44, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, 45, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, 46, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, 47, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3120] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtCreateFile + 6 773B560E 2 Bytes [28, 54] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtCreateFile + 9 773B5611 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtCreateFile + 9 773B5611 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 2 Bytes [28, 57] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtMapViewOfSection + 9 773B5C71 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtMapViewOfSection + 9 773B5C71 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenFile + 6 773B5D1E 2 Bytes [68, 54] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenFile + 9 773B5D21 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenFile + 9 773B5D21 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcess + 6 773B5DCE 2 Bytes [A8, 55] {TEST AL, 0x55} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcess + 9 773B5DD1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcess + 9 773B5DD1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcessToken + 9 773B5DE1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcessToken + 9 773B5DE1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 2 Bytes [A8, 56] {TEST AL, 0x56} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcessTokenEx + 9 773B5DF1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenProcessTokenEx + 9 773B5DF1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThread + 6 773B5E4E 2 Bytes [68, 55] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThread + 9 773B5E51 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThread + 9 773B5E51 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 2 Bytes [68, 56] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThreadToken + 9 773B5E61 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThreadToken + 9 773B5E61 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThreadTokenEx + 9 773B5E71 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtOpenThreadTokenEx + 9 773B5E71 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 2 Bytes [A8, 54] {TEST AL, 0x54} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtQueryAttributesFile + 9 773B5F81 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtQueryAttributesFile + 9 773B5F81 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtQueryFullAttributesFile + 9 773B6031 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtQueryFullAttributesFile + 9 773B6031 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtSetInformationFile + 6 773B667E 2 Bytes [28, 55] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtSetInformationFile + 9 773B6681 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtSetInformationFile + 9 773B6681 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtSetInformationThread + 6 773B66DE 2 Bytes [28, 56] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtSetInformationThread + 9 773B66E1 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtSetInformationThread + 9 773B66E1 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 2 Bytes [68, 57] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtUnmapViewOfSection + 9 773B6A01 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4288] ntdll.dll!NtUnmapViewOfSection + 9 773B6A01 3 Bytes [00, FF, E2] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[4316] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[4316] C:\Windows\system32\USER32.dll time/date stamp mismatch; unknown module: CFGMGR32.dllunknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[4316] USER32.dll!NotifyWinEvent + 5B2 7718D570 4 Bytes [0B, 26, A5, 6F] {OR ESP, [ESI]; MOVSD ; OUTS DX, DWORD [ESI]} .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[4316] USER32.dll!NotifyWinEvent + 6AE 7718D66C 4 Bytes [1B, 2F, A5, 6F] {SBB EBP, [EDI]; MOVSD ; OUTS DX, DWORD [ESI]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, 44, 33, 00] {SUB [EBX+ESI+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, 47, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, 44, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, 45, 33, 00] {TEST AL, 0x45; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, 46, 33, 00] {TEST AL, 0x46; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, 45, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, 46, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, 44, 33, 00] {TEST AL, 0x44; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, 45, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, 46, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, 47, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes CALL 5A3A56E6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, EB, D3, 00] {SUB BL, CH; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes CALL 5A3A5DF6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes JMP 5A3A5EA6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes JMP E2FF00D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes JMP 5A3A5F26 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes JMP E2FF00D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes CALL 5A3A6056 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes JMP 5A3A6756 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes JMP E2FF00D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, EB, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, 70, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, 73, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, 70, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, 71, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, 72, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, 71, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, 72, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, 70, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, 71, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, 72, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, 73, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4664] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, 10, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, 13, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, 10, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, 11, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, 12, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, 11, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, 12, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, 10, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, 11, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, 12, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, 13, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Users\CRISS\AppData\Local\GG\Application\ggapp.exe[4960] ntdll.dll!LdrGetProcedureAddress + 26 773D22A9 7 Bytes JMP 51D35641 C:\Users\CRISS\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\CRISS\AppData\Local\GG\Application\ggapp.exe[4960] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76F294E6 7 Bytes JMP 5286E55C C:\Users\CRISS\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\CRISS\AppData\Local\GG\Application\ggapp.exe[4960] kernel32.dll!QueryPerformanceCounter + 13 76F2C4E5 7 Bytes JMP 5286E514 C:\Users\CRISS\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\CRISS\AppData\Local\GG\Application\ggapp.exe[4960] kernel32.dll!LoadAppInitDlls + 355 76F2F5A6 7 Bytes JMP 51D45748 C:\Users\CRISS\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\CRISS\AppData\Local\GG\Application\ggapp.exe[4960] GDI32.dll!GetViewportOrgEx + 26C 7755884B 7 Bytes JMP 5286E583 C:\Users\CRISS\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, 00, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, 01, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, 02, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, 03, 19, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtCreateFile + 6 773B560E 4 Bytes [28, F8, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtCreateFile + B 773B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [28, FB, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenFile + 6 773B5D1E 4 Bytes [68, F8, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenFile + B 773B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcess + 6 773B5DCE 4 Bytes [A8, F9, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcess + B 773B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcessToken + B 773B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcessTokenEx + 6 773B5DEE 4 Bytes [A8, FA, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcessTokenEx + B 773B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThread + 6 773B5E4E 4 Bytes [68, F9, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThread + B 773B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThreadToken + 6 773B5E5E 4 Bytes [68, FA, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThreadToken + B 773B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThreadTokenEx + B 773B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtQueryAttributesFile + 6 773B5F7E 4 Bytes [A8, F8, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtQueryAttributesFile + B 773B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtQueryFullAttributesFile + B 773B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationFile + 6 773B667E 4 Bytes [28, F9, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationFile + B 773B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationThread + 6 773B66DE 4 Bytes [28, FA, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationThread + B 773B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtUnmapViewOfSection + 6 773B69FE 4 Bytes [68, FB, BE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtUnmapViewOfSection + B 773B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtMapViewOfSection + 6 773B5C6E 4 Bytes [18, 10, BF, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6112] ntdll.dll!NtMapViewOfSection + B 773B5C73 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs B077E1E8 AttachedDevice \FileSystem\Ntfs \Ntfs pffilter.sys Device \FileSystem\fastfat \FatCdrom F20B21E8 Device \Driver\usbohci \Device\USBPDO-0 B19BA430 Device \Driver\usbohci \Device\USBPDO-1 B19BA430 Device \Driver\usbehci \Device\USBPDO-2 B1982430 Device \Driver\usbohci \Device\USBPDO-3 B19BA430 Device \Driver\usbohci \Device\USBPDO-4 B19BA430 AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys Device \Driver\usbehci \Device\USBPDO-5 B1982430 Device \Driver\usbohci \Device\USBPDO-6 B19BA430 Device \Driver\cdrom \Device\CdRom0 B07791E8 Device \Driver\atapi \Device\Ide\IdePort0 B07371E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-4 B07371E8 Device \Driver\atapi \Device\Ide\IdePort1 B07371E8 Device \Driver\atapi \Device\Ide\IdePort2 B07371E8 Device \Driver\atapi \Device\Ide\IdePort3 B07371E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 B07371E8 Device \Driver\NetBT \Device\NetBt_Wins_Export B17FD1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{50560DED-71B5-4171-903E-D9F478666781} B17FD1E8 AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys Device \Driver\usbohci \Device\USBFDO-0 B19BA430 Device \Driver\usbohci \Device\USBFDO-1 B19BA430 Device \Driver\usbehci \Device\USBFDO-2 B1982430 Device \Driver\usbohci \Device\USBFDO-3 B19BA430 Device \Driver\usbohci \Device\USBFDO-4 B19BA430 Device \Driver\usbehci \Device\USBFDO-5 B1982430 Device \Driver\usbohci \Device\USBFDO-6 B19BA430 Device \Driver\NetBT \Device\NetBT_Tcpip_{D8752153-0497-4F83-971D-EEA1E818C13F} B17FD1E8 Device \FileSystem\fastfat \Fat F20B21E8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat pffilter.sys Device \FileSystem\cdfs \Cdfs B18691E8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0xb07371e8]<< b07371e8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb15ce030] b15ce030 Trace 3 CLASSPNP.SYS[b7fb359e] -> nt!IofCallDriver -> [0xb148f918] b148f918 Trace 5 ACPI.sys[b7b513d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xb1498030] b1498030 Trace \Driver\atapi[0xb10abbd0] -> IRP_MJ_CREATE -> 0xb07371e8 b07371e8 ---- Threads - GMER 2.1 ---- Thread System [4:3968] B44CCDF0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 26616085 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x4B 0xF1 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x4B 0xF1 0xB2 ... ---- Files - GMER 2.1 ---- File C:\ProgramData\IObit\Protected Folder\config.ini 73 bytes File C:\ProgramData\IObit\Protected Folder\drawposs.db 21 bytes File C:\ProgramData\IObit\Protected Folder\fstile.cds 0 bytes ---- EOF - GMER 2.1 ----