GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-04 18:08:52 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO 232,89GB Running: u1rbbmow.exe; Driver: C:\Users\Na'athim\AppData\Local\Temp\fxrdqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E749F5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EAE1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 0C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 0F, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 0C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 0D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 0E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 0D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 0E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 0C, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 0D, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 0E, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 0F, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, E4, 73, 00] {SUB AH, AH; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, E7, 73, 00] {SUB BH, AH; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, E4, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, E5, 73, 00] {TEST AL, 0xe5; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, E6, 73, 00] {TEST AL, 0xe6; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, E5, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, E6, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, E4, 73, 00] {TEST AL, 0xe4; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, E5, 73, 00] {SUB CH, AH; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, E6, 73, 00] {SUB DH, AH; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, E7, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 40, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 43, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 40, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 41, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 42, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 41, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 42, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 40, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 41, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 42, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 43, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 2C, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 2F, 8C, 00] {SUB [EDI], CH; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 2C, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 2D, 8C, 00] {TEST AL, 0x2d; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 2E, 8C, 00] {TEST AL, 0x2e; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 2D, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 2E, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 2C, 8C, 00] {TEST AL, 0x2c; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 2D, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 2E, 8C, 00] {SUB [ESI], CH; MOV [EAX], ES} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 2F, 8C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, B0, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, B3, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, B0, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, B1, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, B2, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, B1, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, B2, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, B0, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, B1, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, B2, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, B3, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 3C, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 3F, B6, 00] {SUB [EDI], BH; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 3C, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 3D, B6, 00] {TEST AL, 0x3d; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 3E, B6, 00] {TEST AL, 0x3e; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 3D, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 3E, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 3C, B6, 00] {TEST AL, 0x3c; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 3D, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 3E, B6, 00] {SUB [ESI], BH; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 3F, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\00000071 bthport.sys Device \Driver\BTHUSB \Device\00000073 bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6a7914 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f8b0669 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@LeaseObtainedTime 1375624234 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@T1 1375626034 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@T2 1375627384 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@LeaseTerminatesTime 1375627834 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6a7914 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f8b0669 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003761 28037 bytes File C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003762 0 bytes File C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003763 0 bytes ---- EOF - GMER 2.1 ----