GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-06 17:50:56 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225A7A384 rev.ESBOA60W 232,89GB Running: 5wnjqffm.exe; Driver: C:\Users\Argo80\AppData\Local\Temp\fwrdypow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81A8BA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AC5212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 64, DF, 00] {SUB [EDI+EBX*8+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 67, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 64, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 65, DF, 00] {TEST AL, 0x65; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 66, DF, 00] {TEST AL, 0x66; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 65, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 66, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 64, DF, 00] {TEST AL, 0x64; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 65, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 66, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 67, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[688] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [18, 10, 1A, 73] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 40, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 43, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 40, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 41, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 42, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 41, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 42, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 40, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 41, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 42, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 43, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 70, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 73, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 70, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 71, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 72, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 71, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 72, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 70, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 71, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 72, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 73, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, A4, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, A7, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, A4, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, A5, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, A6, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, A5, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, A6, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, A4, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, A5, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, A6, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, A7, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 4C, C7, 00] {SUB [EDI+EAX*8+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 4F, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 4C, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 4D, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 4E, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 4D, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 4E, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 4C, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 4D, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 4E, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 4F, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1856] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 04, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 07, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 04, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 05, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 06, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 05, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 06, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 04, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 05, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 06, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 07, FA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1900] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 98, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 9B, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 98, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 99, 79, 00] {TEST AL, 0x99; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 9A, 79, 00] {TEST AL, 0x9a; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 99, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 9A, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 98, 79, 00] {TEST AL, 0x98; JNS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 99, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 9A, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 9B, 79, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtCreateFile + 6 774C560E 4 Bytes [28, 2C, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtCreateFile + B 774C5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtMapViewOfSection + 6 774C5C6E 4 Bytes [28, 2F, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtMapViewOfSection + B 774C5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenFile + 6 774C5D1E 4 Bytes [68, 2C, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenFile + B 774C5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcess + 6 774C5DCE 4 Bytes [A8, 2D, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcess + B 774C5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcessToken + B 774C5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcessTokenEx + 6 774C5DEE 4 Bytes [A8, 2E, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenProcessTokenEx + B 774C5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThread + 6 774C5E4E 4 Bytes [68, 2D, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThread + B 774C5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThreadToken + 6 774C5E5E 4 Bytes [68, 2E, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThreadToken + B 774C5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtOpenThreadTokenEx + B 774C5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtQueryAttributesFile + 6 774C5F7E 4 Bytes [A8, 2C, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtQueryAttributesFile + B 774C5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtQueryFullAttributesFile + B 774C6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationFile + 6 774C667E 4 Bytes [28, 2D, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationFile + B 774C6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationThread + 6 774C66DE 4 Bytes [28, 2E, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtSetInformationThread + B 774C66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtUnmapViewOfSection + 6 774C69FE 4 Bytes [68, 2F, A1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2008] ntdll.dll!NtUnmapViewOfSection + B 774C6A03 1 Byte [E2] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f6a48bc Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f6a48bc (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----