GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-06 14:46:26 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST1000DL002-9TT153 rev.CC3C 931,51GB Running: ub382my7.exe; Driver: C:\Users\oem\AppData\Local\Temp\uxriqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83685A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836BF212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8CD61774] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9342E000, 0x15061A, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA3A7F000, 0xBB22, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA3A93300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, C0, 31, 00] {SUB AL, AL; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, C3, 31, 00] {SUB BL, AL; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, C0, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, C1, 31, 00] {TEST AL, 0xc1; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, C2, 31, 00] {TEST AL, 0xc2; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, C1, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, C2, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, C0, 31, 00] {TEST AL, 0xc0; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, C1, 31, 00] {SUB CL, AL; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, C2, 31, 00] {SUB DL, AL; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, C3, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4208] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, CC, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, CF, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, CC, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, CD, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, CE, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, CD, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, CE, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, CC, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, CD, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, CE, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, CF, 90, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4372] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, 38, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, 3B, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, 38, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, 39, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, 3A, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, 39, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, 3A, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, 38, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, 39, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, 3A, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, 3B, 4A, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4420] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, 08, B4, 00] {SUB [EAX], CL; MOV AH, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, 0B, B4, 00] {SUB [EBX], CL; MOV AH, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, 08, B4, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, 09, B4, 00] {TEST AL, 0x9; MOV AH, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, 0A, B4, 00] {TEST AL, 0xa; MOV AH, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, 09, B4, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, 0A, B4, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, 08, B4, 00] {TEST AL, 0x8; MOV AH, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, 09, B4, 00] {SUB [ECX], CL; MOV AH, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, 0A, B4, 00] {SUB [EDX], CL; MOV AH, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, 0B, B4, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, 88, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, 8B, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, 88, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, 89, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, 8A, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, 89, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, 8A, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, 88, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, 89, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, 8A, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, 8B, 9C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, E4, 63, 00] {SUB AH, AH; ARPL [EAX], AX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, E7, 63, 00] {SUB BH, AH; ARPL [EAX], AX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, E4, 63, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, E5, 63, 00] {TEST AL, 0xe5; ARPL [EAX], AX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, E6, 63, 00] {TEST AL, 0xe6; ARPL [EAX], AX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, E5, 63, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, E6, 63, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, E4, 63, 00] {TEST AL, 0xe4; ARPL [EAX], AX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, E5, 63, 00] {SUB CH, AH; ARPL [EAX], AX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, E6, 63, 00] {SUB DH, AH; ARPL [EAX], AX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, E7, 63, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, B8, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, BB, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, B8, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, B9, 31, 00] {TEST AL, 0xb9; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, BA, 31, 00] {TEST AL, 0xba; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, B9, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, BA, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, B8, 31, 00] {TEST AL, 0xb8; XOR [EAX], EAX} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, B9, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, BA, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, BB, 31, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[4816] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, D8, 1C, 00] {SUB AL, BL; SBB AL, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, DB, 1C, 00] {SUB BL, BL; SBB AL, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, D8, 1C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, D9, 1C, 00] {TEST AL, 0xd9; SBB AL, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, DA, 1C, 00] {TEST AL, 0xda; SBB AL, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, D9, 1C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, DA, 1C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, D8, 1C, 00] {TEST AL, 0xd8; SBB AL, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, D9, 1C, 00] {SUB CL, BL; SBB AL, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, DA, 1C, 00] {SUB DL, BL; SBB AL, 0x0} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, DB, 1C, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtCreateFile + 6 7746560E 4 Bytes [28, AC, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtCreateFile + B 77465613 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtMapViewOfSection + 6 77465C6E 4 Bytes [28, AF, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtMapViewOfSection + B 77465C73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenFile + 6 77465D1E 4 Bytes [68, AC, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenFile + B 77465D23 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenProcess + 6 77465DCE 4 Bytes [A8, AD, 70, 00] {TEST AL, 0xad; JO 0x4} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenProcess + B 77465DD3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenProcessToken + B 77465DE3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenProcessTokenEx + 6 77465DEE 4 Bytes [A8, AE, 70, 00] {TEST AL, 0xae; JO 0x4} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenProcessTokenEx + B 77465DF3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenThread + 6 77465E4E 4 Bytes [68, AD, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenThread + B 77465E53 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenThreadToken + 6 77465E5E 4 Bytes [68, AE, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenThreadToken + B 77465E63 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtOpenThreadTokenEx + B 77465E73 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtQueryAttributesFile + 6 77465F7E 4 Bytes [A8, AC, 70, 00] {TEST AL, 0xac; JO 0x4} .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtQueryAttributesFile + B 77465F83 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtQueryFullAttributesFile + B 77466033 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtSetInformationFile + 6 7746667E 4 Bytes [28, AD, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtSetInformationFile + B 77466683 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtSetInformationThread + 6 774666DE 4 Bytes [28, AE, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtSetInformationThread + B 774666E3 1 Byte [E2] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtUnmapViewOfSection + 6 774669FE 4 Bytes [68, AF, 70, 00] .text C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe[5356] ntdll.dll!NtUnmapViewOfSection + B 77466A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 860E31F8 Device \Driver\usbehci \Device\USBPDO-0 875AC1F8 Device \Driver\usbehci \Device\USBPDO-1 875AC1F8 Device \Driver\cdrom \Device\CdRom0 875421F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 860DF1F8 Device \Driver\atapi \Device\Ide\IdePort0 860DF1F8 Device \Driver\atapi \Device\Ide\IdePort1 860DF1F8 Device \Driver\atapi \Device\Ide\IdePort2 860DF1F8 Device \Driver\atapi \Device\Ide\IdePort3 860DF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 860DF1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 860E01F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 860E01F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 860E01F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 860E01F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 874BC1F8 Device \Driver\usbehci \Device\USBFDO-0 875AC1F8 Device \Driver\usbehci \Device\USBFDO-1 875AC1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{C9F1E130-6C13-4030-AA75-FF7F2A321151} 874BC1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x860df1f8]<< 860df1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fff880] 86fff880 Trace 3 CLASSPNP.SYS[8d38759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86b1c030] 86b1c030 Trace \Driver\atapi[0x86a9cc90] -> IRP_MJ_CREATE -> 0x860df1f8 860df1f8 ---- Threads - GMER 2.1 ---- Thread System [4:2572] A5E9AF2E ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02B54919-2873-460A-AD4A-94A83B599FE1} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B54919-2873-460A-AD4A-94A83B599FE1} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B54919-2873-460A-AD4A-94A83B599FE1}@Path \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B54919-2873-460A-AD4A-94A83B599FE1}@Hash 0xF1 0x80 0x09 0x8E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B54919-2873-460A-AD4A-94A83B599FE1}@Triggers 0x15 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B54919-2873-460A-AD4A-94A83B599FE1}@DynamicInfo 0x03 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan@Id {02B54919-2873-460A-AD4A-94A83B599FE1} ---- EOF - GMER 2.1 ----