GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-16 19:27:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60F 465,76GB Running: gcxkrwyw.exe; Driver: C:\Users\PAWE~1\AppData\Local\Temp\kwddrkog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000779e5140 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000077a0dd40 5 bytes JMP 0000000000020678 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a0df50 5 bytes JMP 0000000000020018 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a0dfb0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a0e030 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a0e0d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a0e580 5 bytes JMP 0000000000020238 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a0e610 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a0e680 5 bytes JMP 0000000000020348 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a0eb40 5 bytes JMP 0000000000020458 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a0eb90 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077a63350 5 bytes JMP 0000000000020568 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000779e5140 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000077a0dd40 5 bytes JMP 0000000000020678 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a0df50 5 bytes JMP 0000000000020018 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a0dfb0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a0e030 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a0e0d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a0e580 5 bytes JMP 0000000000020238 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a0e610 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a0e680 5 bytes JMP 0000000000020348 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a0eb40 5 bytes JMP 0000000000020458 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a0eb90 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\ctfmon.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077a63350 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 14 bytes {MOV RAX, 0x7feff698d50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a0dc80 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077a0dc88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a0ddf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077a0ddf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a0de10 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077a0de18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077a0de20 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077a0de28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077a0de38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a0de50 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077a0de58 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a0dea0 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077a0dea8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077a0deb0 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077a0deb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a0dee0 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077a0dee8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a0df80 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077a0df88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a0e100 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077a0e108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a0eb70 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077a0eb78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a0ebc0 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077a0ebc8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a0ed10 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077a0ed18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a0dc80 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077a0dc88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a0ddf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077a0ddf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a0de10 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077a0de18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077a0de20 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077a0de28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077a0de38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a0de50 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077a0de58 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a0dea0 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077a0dea8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077a0deb0 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077a0deb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a0dee0 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077a0dee8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a0df80 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077a0df88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a0e100 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077a0e108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a0eb70 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077a0eb78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a0ebc0 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077a0ebc8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a0ed10 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077a0ed18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a0dc80 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077a0dc88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a0ddf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077a0ddf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a0de10 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077a0de18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077a0de20 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077a0de28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077a0de38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a0de50 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077a0de58 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a0dea0 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077a0dea8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077a0deb0 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077a0deb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a0dee0 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077a0dee8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a0df80 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077a0df88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a0e100 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077a0e108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a0eb70 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077a0eb78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a0ebc0 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077a0ebc8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a0ed10 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077a0ed18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a0dc80 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077a0dc88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a0ddf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077a0ddf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a0de10 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077a0de18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077a0de20 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077a0de28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077a0de38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a0de50 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077a0de58 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a0dea0 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077a0dea8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077a0deb0 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077a0deb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a0dee0 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077a0dee8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a0df80 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077a0df88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a0e100 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077a0e108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a0eb70 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077a0eb78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a0ebc0 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077a0ebc8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a0ed10 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077a0ed18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a0dc80 7 bytes [48, B8, 74, 0B, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077a0dc88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a0ddf0 7 bytes {ADD [RAX-0x48], CL; CALL 0x13fd713} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077a0ddf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a0de10 7 bytes [48, B8, 94, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077a0de18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077a0de20 7 bytes [48, B8, 98, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077a0de28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 7 bytes [48, B8, 58, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077a0de38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a0de50 7 bytes [48, B8, C4, 0A, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077a0de58 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a0dea0 7 bytes [48, B8, 58, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077a0dea8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077a0deb0 7 bytes [48, B8, D0, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077a0deb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a0dee0 7 bytes [48, B8, 3C, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077a0dee8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a0df80 7 bytes [48, B8, 70, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077a0df88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a0e100 7 bytes [48, B8, C8, 0C, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077a0e108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a0eb70 7 bytes [48, B8, B8, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077a0eb78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a0ebc0 7 bytes [48, B8, 70, 0F, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077a0ebc8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a0ed10 7 bytes [48, B8, 84, 0D, D7, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077a0ed18 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00000000779e5140 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000077a0dd40 5 bytes JMP 0000000000020678 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a0de30 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a0df50 5 bytes JMP 0000000000020018 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a0dfb0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a0e030 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a0e0d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a0e580 5 bytes JMP 0000000000020238 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a0e610 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a0e680 5 bytes JMP 0000000000020348 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a0eb40 5 bytes JMP 0000000000020458 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a0eb90 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077a63350 5 bytes JMP 0000000000020568 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2107d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2107598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2107cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2107f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2808] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee12c2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2107d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2107598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2107cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2107f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee12c2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2107d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2107598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2107cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2107f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5660] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee12c2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee2107d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee2107598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee2107cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee2107f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee12c2164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [724:5524] 000007fefb694af4 Thread C:\Windows\System32\svchost.exe [1128:5800] 000007fef5a26b8c Thread C:\Windows\System32\svchost.exe [1128:5808] 000007fef5a21d88 Thread C:\Windows\System32\svchost.exe [1128:3616] 000007fefc5b2098 Thread C:\Windows\System32\svchost.exe [1172:1596] 000007fef95f59a0 Thread C:\Windows\System32\svchost.exe [1172:3916] 000007fef01520c0 Thread C:\Windows\System32\svchost.exe [1172:3944] 000007fef01526a8 Thread C:\Windows\System32\svchost.exe [1172:3980] 000007fef01529dc Thread C:\Windows\System32\svchost.exe [1172:4180] 000007feef8b3efc Thread C:\Windows\System32\svchost.exe [1172:4228] 000007feef878a4c Thread C:\Windows\System32\svchost.exe [1172:4500] 000007fef0f644e0 Thread C:\Windows\System32\svchost.exe [1172:3080] 000007fef11f89b8 Thread C:\Windows\system32\svchost.exe [1412:1544] 000007fef9fb8274 Thread C:\Windows\system32\svchost.exe [1412:1944] 000007fef9fb8274 Thread C:\Windows\System32\spoolsv.exe [1768:2020] 000007fef8d410c8 Thread C:\Windows\System32\spoolsv.exe [1768:2024] 000007fef8d06144 Thread C:\Windows\System32\spoolsv.exe [1768:2028] 000007fef8af5fd0 Thread C:\Windows\System32\spoolsv.exe [1768:2032] 000007fef8ae3438 Thread C:\Windows\System32\spoolsv.exe [1768:2036] 000007fef8af63ec Thread C:\Windows\System32\spoolsv.exe [1768:1204] 000007fef8dd5e5c Thread C:\Windows\System32\spoolsv.exe [1768:1344] 000007fef8ea5074 Thread C:\Windows\system32\svchost.exe [1808:2660] 000007fef41735c0 Thread C:\Windows\system32\svchost.exe [1808:2672] 000007fef4175600 Thread C:\Windows\system32\svchost.exe [1808:3932] 000007fef00e2888 Thread C:\Windows\system32\svchost.exe [1808:3940] 000007feeffe2940 Thread C:\Windows\system32\svchost.exe [1808:4720] 000007fef00e2a40 Thread C:\Windows\System32\svchost.exe [2596:2680] 000007fef41f34d0 Thread C:\Windows\System32\svchost.exe [2596:2684] 000007fef41d2ee0 Thread C:\Windows\System32\svchost.exe [2596:2692] 000007fef41a5050 Thread C:\Windows\System32\svchost.exe [2596:2696] 000007fef41cee20 Thread C:\Windows\System32\svchost.exe [2596:2700] 000007fef41a5040 Thread C:\Windows\System32\svchost.exe [2596:2704] 000007fef4244180 Thread C:\Windows\system32\svchost.exe [3604:3624] 000007fefe30a808 Thread C:\Windows\system32\svchost.exe [3604:3708] 000007fef1187130 Thread C:\Windows\system32\svchost.exe [3604:3712] 000007fef117d5c0 Thread C:\Windows\system32\ctfmon.exe [4980:4996] 000007fefd9292c0 Thread C:\Windows\System32\svchost.exe [5720:5916] 000007fee4c89688 ---- EOF - GMER 2.2 ----