GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-26 19:44:09 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9SA00 rev.FBEOC43C 232,89GB Running: 6z1pq4qg.exe; Driver: C:\Users\SLIMOS~1\AppData\Local\Temp\uwtiiuob.sys ---- System - GMER 2.1 ---- SSDT 8B36A54E ZwCreateSection SSDT 8B36A558 ZwRequestWaitReplyPort SSDT 8B36A553 ZwSetContextThread SSDT 8B36A55D ZwSetSecurityObject SSDT 8B36A562 ZwSystemDebugControl SSDT 8B36A4EF ZwTerminateProcess INT 0x51 ? 863E9CC8 INT 0x62 ? 863E9CC8 INT 0x82 ? 863E9CC8 INT 0x92 ? 84770CC8 INT 0x92 ? 84770CC8 INT 0x92 ? 84770CC8 INT 0x92 ? 84770CC8 INT 0x92 ? 863E9CC8 INT 0x92 ? 863E9CC8 INT 0x92 ? 863E9CC8 INT 0x92 ? 84770CC8 INT 0xA2 ? 863E9CC8 INT 0xB2 ? 86538CC8 INT 0xB2 ? 86538CC8 INT 0xB2 ? 86538CC8 INT 0xB2 ? 86538CC8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 215 81EEF860 4 Bytes [4E, A5, 36, 8B] .text ntkrnlpa.exe!KeSetEvent + 539 81EEFB84 4 Bytes [58, A5, 36, 8B] .text ntkrnlpa.exe!KeSetEvent + 56D 81EEFBB8 4 Bytes [53, A5, 36, 8B] .text ntkrnlpa.exe!KeSetEvent + 5D1 81EEFC1C 4 Bytes [5D, A5, 36, 8B] .text ntkrnlpa.exe!KeSetEvent + 619 81EEFC64 4 Bytes [62, A5, 36, 8B] .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x80794346] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DE04000, 0x213FE7, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + 6 772E426A 4 Bytes [28, B8, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + B 772E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + 6 772E49BA 4 Bytes [28, BB, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + B 772E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + 6 772E4A4A 4 Bytes [68, B8, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + B 772E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + 6 772E4ACA 4 Bytes [A8, B9, 31, 00] {TEST AL, 0xb9; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + B 772E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessToken + B 772E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + 6 772E4AEA 4 Bytes [A8, BA, 31, 00] {TEST AL, 0xba; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + B 772E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + 6 772E4B3A 4 Bytes [68, B9, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + B 772E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + 6 772E4B4A 4 Bytes [68, BA, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + B 772E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadTokenEx + B 772E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + 6 772E4BEA 4 Bytes [A8, B8, 31, 00] {TEST AL, 0xb8; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + B 772E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryFullAttributesFile + B 772E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + 6 772E517A 4 Bytes [28, B9, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + B 772E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + 6 772E51CA 4 Bytes [28, BA, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + B 772E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + 6 772E546A 4 Bytes [68, BB, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + B 772E546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + 6 772E426A 4 Bytes [28, EC, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + B 772E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + 6 772E49BA 4 Bytes [28, EF, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + B 772E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + 6 772E4A4A 4 Bytes [68, EC, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + B 772E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + 6 772E4ACA 4 Bytes [A8, ED, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + B 772E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + B 772E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + 6 772E4AEA 4 Bytes [A8, EE, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + B 772E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + 6 772E4B3A 4 Bytes [68, ED, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + B 772E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + 6 772E4B4A 4 Bytes [68, EE, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + B 772E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + B 772E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + 6 772E4BEA 4 Bytes [A8, EC, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + B 772E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + B 772E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + 6 772E517A 4 Bytes [28, ED, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + B 772E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + 6 772E51CA 4 Bytes [28, EE, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + B 772E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 772E546A 4 Bytes [68, EF, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + B 772E546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + 6 772E426A 4 Bytes [28, 8C, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + B 772E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 772E49BA 4 Bytes [28, 8F, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + B 772E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + 6 772E4A4A 4 Bytes [68, 8C, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + B 772E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + 6 772E4ACA 4 Bytes [A8, 8D, B7, 00] {TEST AL, 0x8d; MOV BH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + B 772E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessToken + B 772E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + 6 772E4AEA 4 Bytes [A8, 8E, B7, 00] {TEST AL, 0x8e; MOV BH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + B 772E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + 6 772E4B3A 4 Bytes [68, 8D, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + B 772E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + 6 772E4B4A 4 Bytes [68, 8E, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + B 772E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadTokenEx + B 772E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + 6 772E4BEA 4 Bytes [A8, 8C, B7, 00] {TEST AL, 0x8c; MOV BH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + B 772E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryFullAttributesFile + B 772E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + 6 772E517A 4 Bytes [28, 8D, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + B 772E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + 6 772E51CA 4 Bytes [28, 8E, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + B 772E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 772E546A 4 Bytes [68, 8F, B7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + B 772E546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtCreateFile + 6 772E426A 4 Bytes [28, 48, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtCreateFile + B 772E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + 6 772E49BA 4 Bytes [28, 4B, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + B 772E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenFile + 6 772E4A4A 4 Bytes [68, 48, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenFile + B 772E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcess + 6 772E4ACA 4 Bytes [A8, 49, 31, 00] {TEST AL, 0x49; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcess + B 772E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcessToken + B 772E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcessTokenEx + 6 772E4AEA 4 Bytes [A8, 4A, 31, 00] {TEST AL, 0x4a; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcessTokenEx + B 772E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThread + 6 772E4B3A 4 Bytes [68, 49, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThread + B 772E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThreadToken + 6 772E4B4A 4 Bytes [68, 4A, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThreadToken + B 772E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThreadTokenEx + B 772E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtQueryAttributesFile + 6 772E4BEA 4 Bytes [A8, 48, 31, 00] {TEST AL, 0x48; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtQueryAttributesFile + B 772E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtQueryFullAttributesFile + B 772E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationFile + 6 772E517A 4 Bytes [28, 49, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationFile + B 772E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationThread + 6 772E51CA 4 Bytes [28, 4A, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationThread + B 772E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + 6 772E546A 4 Bytes [68, 4B, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + B 772E546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtCreateFile + 6 772E426A 4 Bytes [28, 74, D9, 00] {SUB [ECX+EBX*8+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtCreateFile + B 772E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtMapViewOfSection + 6 772E49BA 4 Bytes [28, 77, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtMapViewOfSection + B 772E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenFile + 6 772E4A4A 4 Bytes [68, 74, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenFile + B 772E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcess + 6 772E4ACA 4 Bytes [A8, 75, D9, 00] {TEST AL, 0x75; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcess + B 772E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcessToken + B 772E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcessTokenEx + 6 772E4AEA 4 Bytes [A8, 76, D9, 00] {TEST AL, 0x76; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcessTokenEx + B 772E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThread + 6 772E4B3A 4 Bytes [68, 75, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThread + B 772E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThreadToken + 6 772E4B4A 4 Bytes [68, 76, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThreadToken + B 772E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThreadTokenEx + B 772E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtQueryAttributesFile + 6 772E4BEA 4 Bytes [A8, 74, D9, 00] {TEST AL, 0x74; FLD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtQueryAttributesFile + B 772E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtQueryFullAttributesFile + B 772E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationFile + 6 772E517A 4 Bytes [28, 75, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationFile + B 772E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationThread + 6 772E51CA 4 Bytes [28, 76, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationThread + B 772E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtUnmapViewOfSection + 6 772E546A 4 Bytes [68, 77, D9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtUnmapViewOfSection + B 772E546F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtCreateFile + 6 772E426A 4 Bytes [28, E4, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtCreateFile + B 772E426F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtMapViewOfSection + 6 772E49BA 4 Bytes [28, E7, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtMapViewOfSection + B 772E49BF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenFile + 6 772E4A4A 4 Bytes [68, E4, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenFile + B 772E4A4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcess + 6 772E4ACA 4 Bytes [A8, E5, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcess + B 772E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcessToken + B 772E4ADF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcessTokenEx + 6 772E4AEA 4 Bytes [A8, E6, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcessTokenEx + B 772E4AEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThread + 6 772E4B3A 4 Bytes [68, E5, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThread + B 772E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThreadToken + 6 772E4B4A 4 Bytes [68, E6, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThreadToken + B 772E4B4F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThreadTokenEx + B 772E4B5F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtQueryAttributesFile + 6 772E4BEA 4 Bytes [A8, E4, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtQueryAttributesFile + B 772E4BEF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtQueryFullAttributesFile + B 772E4C9F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationFile + 6 772E517A 4 Bytes [28, E5, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationFile + B 772E517F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationThread + 6 772E51CA 4 Bytes [28, E6, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationThread + B 772E51CF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtUnmapViewOfSection + 6 772E546A 4 Bytes [68, E7, A7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtUnmapViewOfSection + B 772E546F 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 847781F8 Device \FileSystem\fastfat \FatCdrom 87F711F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbuhci \Device\USBPDO-0 863E31F8 Device \Driver\usbuhci \Device\USBPDO-1 863E31F8 Device \Driver\usbuhci \Device\USBPDO-2 863E31F8 Device \Driver\netbt \Device\NetBT_Tcpip_{917E0E1C-EE6B-4CED-B2EE-3331CB9C2DAD} 87B02430 Device \Driver\usbehci \Device\USBPDO-3 8641C1F8 Device \Driver\usbuhci \Device\USBPDO-4 863E31F8 Device \Driver\usbuhci \Device\USBPDO-5 863E31F8 Device \Driver\usbuhci \Device\USBPDO-6 863E31F8 Device \Driver\usbehci \Device\USBPDO-7 8641C1F8 Device \Driver\cdrom \Device\CdRom0 8654B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 847751F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 847751F8 Device \Driver\atapi \Device\Ide\IdePort0 847751F8 Device \Driver\atapi \Device\Ide\IdePort1 847751F8 Device \Driver\atapi \Device\Ide\IdePort2 847751F8 Device \Driver\atapi \Device\Ide\IdePort3 847751F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 847751F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 847761F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 847761F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 847761F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 847761F8 Device \Driver\netbt \Device\NetBt_Wins_Export 87B02430 Device \Driver\Smb \Device\NetbiosSmb 87DAF1F8 Device \Driver\iScsiPrt \Device\RaidPort0 865271F8 Device \Driver\usbuhci \Device\USBFDO-0 863E31F8 Device \Driver\usbuhci \Device\USBFDO-1 863E31F8 Device \Driver\usbuhci \Device\USBFDO-2 863E31F8 Device \Driver\usbehci \Device\USBFDO-3 8641C1F8 Device \Driver\usbuhci \Device\USBFDO-4 863E31F8 Device \Driver\usbuhci \Device\USBFDO-5 863E31F8 Device \Driver\usbuhci \Device\USBFDO-6 863E31F8 Device \Driver\usbehci \Device\USBFDO-7 8641C1F8 Device \Driver\JMCR \Device\Scsi\JMCR1Port4Path0TargetffLun0 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR2Port5Path0TargetffLun0 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR1 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR2 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR3 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR4 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR1Port4Path0Target0Lun0 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR3Port6Path0TargetffLun0 865371F8 Device \Driver\JMCR \Device\Scsi\JMCR4Port7Path0TargetffLun0 865371F8 Device \FileSystem\fastfat \Fat 87F711F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys Device \FileSystem\cdfs \Cdfs 84EE81F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x847751f8]<< 847751f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8574b4b8] 8574b4b8 Trace 3 CLASSPNP.SYS[8a5ab8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85521b98] 85521b98 Trace \Driver\atapi[0x8551f6b8] -> IRP_MJ_CREATE -> 0x847751f8 847751f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0x09 0xDA 0xDA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0x09 0xDA 0xDA ... ---- Files - GMER 2.1 ---- File C:\Users\slimosolo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0054fc 19662 bytes File C:\Users\slimosolo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0054fd 17637 bytes File C:\Users\slimosolo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0054fe 50670 bytes File C:\Users\slimosolo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0054ff 22439 bytes ---- EOF - GMER 2.1 ----