GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-24 17:00:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST3500418AS rev.CC34 465,76GB Running: ve60el7u.exe; Driver: C:\Users\UserPC\AppData\Local\Temp\ugrdapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2504] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000736117fa 2 bytes CALL 75b711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2504] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073611860 2 bytes CALL 75b711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2504] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073611942 2 bytes JMP 76ab6da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2504] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007361194d 2 bytes JMP 76abe8de C:\Windows\syswow64\WS2_32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1876] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075b78769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 000000000021075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000002103a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739bfb0 14 bytes {MOV RAX, 0x7fef10564e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 000000000032075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000003203a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 000000000026075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000002603a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 00000000002e075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000002e03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007739be00 7 bytes [48, B8, 60, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007739be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007739bf70 7 bytes [48, B8, E0, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007739bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007739bf90 7 bytes [48, B8, D0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007739bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007739bfa0 7 bytes [48, B8, C0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007739bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739bfb0 7 bytes [48, B8, 40, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007739bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007739bfd0 7 bytes [48, B8, B0, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007739bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007739c020 7 bytes [48, B8, 50, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007739c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007739c030 7 bytes [48, B8, 20, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007739c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007739c060 7 bytes [48, B8, 40, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007739c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007739c100 7 bytes [48, B8, 80, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007739c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007739c280 7 bytes [48, B8, C0, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007739c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007739ccf0 7 bytes [48, B8, 00, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007739ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007739cd40 7 bytes [48, B8, A0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007739cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007739ce90 7 bytes [48, B8, A0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007739ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 000000000049075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000004903a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007739be00 7 bytes [48, B8, 60, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007739be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007739bf70 7 bytes [48, B8, E0, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007739bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007739bf90 7 bytes [48, B8, D0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007739bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007739bfa0 7 bytes [48, B8, C0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007739bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739bfb0 7 bytes [48, B8, 40, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007739bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007739bfd0 7 bytes [48, B8, B0, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007739bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007739c020 7 bytes [48, B8, 50, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007739c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007739c030 7 bytes [48, B8, 20, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007739c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007739c060 7 bytes [48, B8, 40, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007739c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007739c100 7 bytes [48, B8, 80, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007739c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007739c280 7 bytes [48, B8, C0, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007739c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007739ccf0 7 bytes [48, B8, 00, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007739ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007739cd40 7 bytes [48, B8, A0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007739cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007739ce90 7 bytes [48, B8, A0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007739ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 000000000019075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000001903a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007739be00 7 bytes [48, B8, 60, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007739be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007739bf70 7 bytes [48, B8, E0, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007739bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007739bf90 7 bytes [48, B8, D0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007739bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007739bfa0 7 bytes [48, B8, C0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007739bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739bfb0 7 bytes [48, B8, 40, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007739bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007739bfd0 7 bytes [48, B8, B0, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007739bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007739c020 7 bytes [48, B8, 50, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007739c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007739c030 7 bytes [48, B8, 20, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007739c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007739c060 7 bytes [48, B8, 40, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007739c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007739c100 7 bytes [48, B8, 80, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007739c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007739c280 7 bytes [48, B8, C0, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007739c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007739ccf0 7 bytes [48, B8, 00, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007739ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007739cd40 7 bytes [48, B8, A0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007739cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007739ce90 7 bytes [48, B8, A0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007739ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 00000000002b075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000002b03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007739be00 7 bytes [48, B8, 60, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007739be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007739bf70 7 bytes [48, B8, E0, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007739bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007739bf90 7 bytes [48, B8, D0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007739bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007739bfa0 7 bytes [48, B8, C0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007739bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739bfb0 7 bytes [48, B8, 40, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007739bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007739bfd0 7 bytes [48, B8, B0, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007739bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007739c020 7 bytes [48, B8, 50, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007739c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007739c030 7 bytes [48, B8, 20, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007739c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007739c060 7 bytes [48, B8, 40, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007739c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007739c100 7 bytes [48, B8, 80, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007739c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007739c280 7 bytes [48, B8, C0, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007739c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007739ccf0 7 bytes [48, B8, 00, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007739ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007739cd40 7 bytes [48, B8, A0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007739cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007739ce90 7 bytes [48, B8, A0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007739ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 000000000042075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000004203a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007739be00 7 bytes [48, B8, 60, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007739be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007739bf70 7 bytes [48, B8, E0, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007739bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007739bf90 7 bytes [48, B8, D0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007739bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007739bfa0 7 bytes [48, B8, C0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007739bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739bfb0 7 bytes [48, B8, 40, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007739bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007739bfd0 7 bytes [48, B8, B0, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007739bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007739c020 7 bytes [48, B8, 50, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007739c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007739c030 7 bytes [48, B8, 20, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007739c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007739c060 7 bytes [48, B8, 40, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007739c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007739c100 7 bytes [48, B8, 80, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007739c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007739c280 7 bytes [48, B8, C0, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007739c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007739ccf0 7 bytes [48, B8, 00, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007739ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007739cd40 7 bytes [48, B8, A0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007739cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007739ce90 7 bytes [48, B8, A0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007739ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077372280 5 bytes JMP 00000000004a075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077376130 5 bytes JMP 00000000004a03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007739be00 7 bytes [48, B8, 60, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007739be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007739bf70 7 bytes [48, B8, E0, 0D, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007739bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007739bf90 7 bytes [48, B8, D0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007739bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007739bfa0 7 bytes [48, B8, C0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007739bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007739bfb0 7 bytes [48, B8, 40, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007739bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007739bfd0 7 bytes [48, B8, B0, 0C, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007739bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007739c020 7 bytes [48, B8, 50, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007739c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007739c030 7 bytes [48, B8, 20, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007739c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007739c060 7 bytes [48, B8, 40, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007739c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007739c100 7 bytes [48, B8, 80, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007739c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007739c280 7 bytes [48, B8, C0, 0E, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007739c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007739ccf0 7 bytes [48, B8, 00, 12, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007739ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007739cd40 7 bytes [48, B8, A0, 11, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007739cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007739ce90 7 bytes [48, B8, A0, 0F, 0F, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007739ce98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedfb49148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedfb489c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedfb49130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedfb49390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec825e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedfb49148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedfb489c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedfb49130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedfb49390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2956] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec825e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedfb49148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedfb489c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedfb49130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedfb49390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1952] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec825e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedfb49148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedfb489c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedfb49130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedfb49390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec825e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll ---- Files - GMER 2.2 ---- File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\E8CB0170F160DFC5FD7766E64D9F65911BA1A308 54343 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\362090D02ED8E3BE5328360B185BF191225A3E73 0 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\2203377E9DCDF464677D9C9FA542DD67A89C16AA 1157 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\5639C79F6CC316A131AF97D35631644EC50063E7 0 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\71900A7B6F85F41B17B72B04BE7BD3825521C4C4 0 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\C2151F7D0C90BAEE531E119DE4B3835B28C0A76D 0 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\1E6BB9FCCD16EBE5925E8C4FFC32C5498414516A 0 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\3201F26D7676B90E2D9C47365BB76565A3B9F51C 0 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\E4A5016714526C3997189183019F33458476FA6C 36083 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\481B4F8AEDA536BD5534172BE00EA55B3CA18CEF 0 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\289E1174CB3F7916CC12EEBAAEEFA7F9456A0E8C 3990 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\57A9E6D1200263F8F5890F0C266AAEDC3E6FC489 7303 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\F4B8C18093E1D7EBC5958FA7F8ED0D895432D19F 82559 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\E79BF3CA2D8393A06B918A3E461A2AF657C5DA03 9804 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\EF67F45D343D682B0D580FD14FBE6CAE263A47C0 4843 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\EF789D081640047DB1F64ACA178432D26B555C23 107140 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\970B2994C99A5C9ECB38649387F29C2224A5886C 47460 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\4C69E5FAA8375FE7E8C6AF05CEDAC3ABBC50B40E 1812 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\D19397CAD02180902164E4E9D22B17515C84E0E7 34687 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\6F27F2AC29DFA28853740B2553A283628E3BA297 4400 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\94F653E27A1EBDB99EBAC13C2D56391A4575EC10 101589 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\1486A0469D05F931F6711313156EE45D45DD22DA 1844 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\14A6C24B21D5BBC37CC04493375897857987DDF3 96728 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\C9C69534195AE6EFA85DB948A6A379275907CA10 15908 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\A6883D356BF69A40D47E4EC569B503B9061A7BDE 1913 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\7F441A8EB3BF6C5BA251BDD91E0122B56968EB12 5790 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\905AE55DA24B741C559A5DA9E3130D0796670373 2206 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\8234AF029155F1D26045B1B858434FD399A03FB4 2510 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\8B062AF7785DA48D139A2B467AA22472D4592BDA 19062 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\44462A589C0E6C1CD631D1FAB55C3D2A58AE7D97 70807 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\C2FEB5165921B45855B2838727C6FDD01AEC5BD4 3535 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\C54DBBA5D5793ED16697D3E32F1B48A4146CAE7E 80205 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\200713A9EF73035537E97D9E803027638BC47601 1910 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\2046174485EE7397D3062BC63BA028523A6B689A 11548 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\D4F75CF4DF0F9FC250FE0B2119D51B420548DBF8 76460 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\1DB835724D58BB1005501BDE986892CDFF2CFDBF 1754 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\761C5A239200E3EB3AE84487FE195C7DC3DF6E76 30474 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\7649AAE2D6B8242FE61C82FCD2A92F9D9EB1A9EE 1091 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\1407391502916C9B0B7C7BC088D998509EF37062 105933 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\DB337C4EA9A82938DA5D148CCC8DB2288C8D2F61 281185 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\BD8F2B9AE3ECA7F63F4FB85D20FAA14876CBCE54 29668 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\E96C63E1A9515905E1E20B3653814A0798DF8D4F 1677 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\DF973E269880896EA50B09A40187D3463D710546 5223 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\4543871BDDC9B3FA0852F8885CFA772161DE4E0B 2532 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\FBFB4D51D4555530EF6FFE3EE99CB4C23803AC72 46084 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\61B776B8304DEAEC78FAB45DCEA6791186791E0D 3970 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\EEE89A467A2169068912225F4A50B99FF92D199B 1567 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\86EA2E5616306DB7896A8DFA5DF93E0F3C482E2E 5871 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\26E3D70A827A50C7ACDE63A5527052F1F4467A50 16369 bytes File C:\Users\UserPC\AppData\Local\Mozilla\Firefox\Profiles\1ns0u50k.default\cache2\entries\CF1557F99D6CB08C7F1F810B4F6E79D692696901 102 bytes ---- EOF - GMER 2.2 ----