GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-08 17:40:05 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00UU3A0 rev.01.03B01 465,76GB Running: 62c1o1p2.exe; Driver: C:\Users\Dom\AppData\Local\Temp\uwldapow.sys ---- System - GMER 2.1 ---- SSDT 8D653F16 ZwCreateSection SSDT 8D653EEE ZwCreateSymbolicLinkObject SSDT 8D653EF3 ZwLoadDriver SSDT 8D653EE9 ZwOpenSection SSDT 8D653F20 ZwRequestWaitReplyPort SSDT 8D653F1B ZwSetContextThread SSDT 8D653F25 ZwSetSecurityObject SSDT 8D653EF8 ZwSetSystemInformation SSDT 8D653F2A ZwSystemDebugControl SSDT 8D653EB7 ZwTerminateProcess SSDT 8D653EB2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83060599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83085092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 340 8308C990 4 Bytes [16, 3F, 65, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 348 8308C998 4 Bytes [EE, 3E, 65, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 45C 8308CAAC 4 Bytes [F3, 3E, 65, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 4F8 8308CB48 4 Bytes [E9, 3E, 65, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 69C 8308CCEC 4 Bytes [20, 3F, 65, 8D] .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x88CF9B2E] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x97224000, 0x17E53A, 0xE8000020] ? C:\Windows\System32\Drivers\af4wctax.SYS suspicious PE modification .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9A193300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtCreateFile + 6 773F46B6 4 Bytes [28, 04, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtCreateFile + B 773F46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtMapViewOfSection + 6 773F4D16 4 Bytes [28, 07, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtMapViewOfSection + B 773F4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenFile + 6 773F4DC6 4 Bytes [68, 04, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenFile + B 773F4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenProcess + 6 773F4E76 4 Bytes [A8, 05, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenProcess + B 773F4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenProcessToken + B 773F4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenProcessTokenEx + 6 773F4E96 4 Bytes [A8, 06, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenProcessTokenEx + B 773F4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenThread + 6 773F4EF6 4 Bytes [68, 05, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenThread + B 773F4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenThreadToken + 6 773F4F06 4 Bytes [68, 06, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenThreadToken + B 773F4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtOpenThreadTokenEx + B 773F4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtQueryAttributesFile + 6 773F5026 4 Bytes [A8, 04, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtQueryAttributesFile + B 773F502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtQueryFullAttributesFile + B 773F50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtSetInformationFile + 6 773F5726 4 Bytes [28, 05, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtSetInformationFile + B 773F572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtSetInformationThread + 6 773F5786 4 Bytes [28, 06, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtSetInformationThread + B 773F578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtUnmapViewOfSection + 6 773F5AA6 4 Bytes [68, 07, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1092] ntdll.dll!NtUnmapViewOfSection + B 773F5AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtCreateFile + 6 773F46B6 4 Bytes [28, CC, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtCreateFile + B 773F46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtMapViewOfSection + 6 773F4D16 4 Bytes [28, CF, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtMapViewOfSection + B 773F4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenFile + 6 773F4DC6 4 Bytes [68, CC, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenFile + B 773F4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenProcess + 6 773F4E76 4 Bytes [A8, CD, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenProcess + B 773F4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenProcessToken + B 773F4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenProcessTokenEx + 6 773F4E96 4 Bytes [A8, CE, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenProcessTokenEx + B 773F4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenThread + 6 773F4EF6 4 Bytes [68, CD, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenThread + B 773F4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenThreadToken + 6 773F4F06 4 Bytes [68, CE, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenThreadToken + B 773F4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtOpenThreadTokenEx + B 773F4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtQueryAttributesFile + 6 773F5026 4 Bytes [A8, CC, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtQueryAttributesFile + B 773F502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtQueryFullAttributesFile + B 773F50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtSetInformationFile + 6 773F5726 4 Bytes [28, CD, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtSetInformationFile + B 773F572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtSetInformationThread + 6 773F5786 4 Bytes [28, CE, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtSetInformationThread + B 773F578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtUnmapViewOfSection + 6 773F5AA6 4 Bytes [68, CF, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1456] ntdll.dll!NtUnmapViewOfSection + B 773F5AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + 6 773F46B6 4 Bytes [28, 90, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + B 773F46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + 6 773F4D16 4 Bytes [28, 93, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + B 773F4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + 6 773F4DC6 4 Bytes [68, 90, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + B 773F4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + 6 773F4E76 4 Bytes [A8, 91, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + B 773F4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessToken + B 773F4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + 6 773F4E96 4 Bytes [A8, 92, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + B 773F4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + 6 773F4EF6 4 Bytes [68, 91, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + B 773F4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + 6 773F4F06 4 Bytes [68, 92, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + B 773F4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadTokenEx + B 773F4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + 6 773F5026 4 Bytes [A8, 90, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + B 773F502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryFullAttributesFile + B 773F50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + 6 773F5726 4 Bytes [28, 91, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + B 773F572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + 6 773F5786 4 Bytes [28, 92, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + B 773F578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 773F5AA6 4 Bytes [68, 93, A9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + B 773F5AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + 6 773F4D16 4 Bytes [18, 20, B4, 73] {SBB [EAX], AH; MOV AH, 0x73} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + B 773F4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtCreateFile + 6 773F46B6 4 Bytes [28, 48, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtCreateFile + B 773F46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtMapViewOfSection + 6 773F4D16 4 Bytes [28, 4B, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtMapViewOfSection + B 773F4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenFile + 6 773F4DC6 4 Bytes [68, 48, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenFile + B 773F4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcess + 6 773F4E76 4 Bytes [A8, 49, C5, 00] {TEST AL, 0x49; LDS EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcess + B 773F4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessToken + 6 773F4E86 4 Bytes CALL 764013D4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessToken + B 773F4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessTokenEx + 6 773F4E96 4 Bytes [A8, 4A, C5, 00] {TEST AL, 0x4a; LDS EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessTokenEx + B 773F4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThread + 6 773F4EF6 4 Bytes [68, 49, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThread + B 773F4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadToken + 6 773F4F06 4 Bytes [68, 4A, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadToken + B 773F4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadTokenEx + 6 773F4F16 4 Bytes CALL 76401465 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadTokenEx + B 773F4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryAttributesFile + 6 773F5026 4 Bytes [A8, 48, C5, 00] {TEST AL, 0x48; LDS EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryAttributesFile + B 773F502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryFullAttributesFile + 6 773F50D6 4 Bytes CALL 76401623 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryFullAttributesFile + B 773F50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationFile + 6 773F5726 4 Bytes [28, 49, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationFile + B 773F572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationThread + 6 773F5786 4 Bytes [28, 4A, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationThread + B 773F578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtUnmapViewOfSection + 6 773F5AA6 4 Bytes [68, 4B, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtUnmapViewOfSection + B 773F5AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + 6 773F46B6 4 Bytes [28, B4, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + B 773F46BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + 6 773F4D16 4 Bytes [28, B7, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + B 773F4D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + 6 773F4DC6 4 Bytes [68, B4, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + B 773F4DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + 6 773F4E76 4 Bytes [A8, B5, 29, 00] {TEST AL, 0xb5; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + B 773F4E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessToken + B 773F4E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + 6 773F4E96 4 Bytes [A8, B6, 29, 00] {TEST AL, 0xb6; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + B 773F4E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + 6 773F4EF6 4 Bytes [68, B5, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + B 773F4EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + 6 773F4F06 4 Bytes [68, B6, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + B 773F4F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadTokenEx + B 773F4F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + 6 773F5026 4 Bytes [A8, B4, 29, 00] {TEST AL, 0xb4; SUB [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + B 773F502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryFullAttributesFile + B 773F50DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + 6 773F5726 4 Bytes [28, B5, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + B 773F572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + 6 773F5786 4 Bytes [28, B6, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + B 773F578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + 6 773F5AA6 4 Bytes [68, B7, 29, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + B 773F5AAB 1 Byte [E2] .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!NtCreateFile 773F46B0 5 Bytes JMP 0F39858B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!NtFlushBuffersFile 773F4A40 5 Bytes JMP 0F3982CB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!NtQueryFullAttributesFile 773F50D0 5 Bytes JMP 0F398403 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!NtReadFile 773F53A0 5 Bytes JMP 0F398305 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!NtReadFileScatter 773F53B0 5 Bytes JMP 0F98D167 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!NtWriteFile 773F5B50 5 Bytes JMP 0F39872F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!NtWriteFileGather 773F5B60 5 Bytes JMP 0F98D1B7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] ntdll.dll!LdrLoadDll 7740F425 5 Bytes JMP 51C48F8C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 771CC057 7 Bytes JMP 0F974A22 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] kernel32.dll!CloseHandle + 38 771D058F 7 Bytes JMP 0F975B9E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] kernel32.dll!GetExitCodeProcess + 2C 771D30DD 7 Bytes JMP 0F6FC75E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] USER32.dll!GetWindowInfo 75AB6A82 5 Bytes JMP 103FCEEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5784] GDI32.dll!GetViewportOrgEx + 21C 770085EB 7 Bytes JMP 0F9741B3 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 851E31E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{400E3454-71C5-4399-8059-7919A5B1006B} 863D51E8 Device \Driver\PCI_PNP6323 \Device\00000051 sptd.sys Device \Driver\usbehci \Device\USBPDO-0 860E0430 Device \Driver\usbehci \Device\USBPDO-1 860E0430 Device \Driver\dtsoftbus01 \Device\00000061 862371E8 Device \Driver\cdrom \Device\CdRom0 863591E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851E11E8 Device \Driver\atapi \Device\Ide\IdePort0 851E11E8 Device \Driver\atapi \Device\Ide\IdePort1 851E11E8 Device \Driver\atapi \Device\Ide\IdePort2 851E11E8 Device \Driver\atapi \Device\Ide\IdePort3 851E11E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 851E11E8 Device \Driver\cdrom \Device\CdRom1 863591E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 863D51E8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 862371E8 Device \Driver\usbehci \Device\USBFDO-0 860E0430 Device \Driver\usbehci \Device\USBFDO-1 860E0430 Device \Driver\af4wctax \Device\Scsi\af4wctax1 864D01E8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x851e11e8]<< 851e11e8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86064030] 86064030 Trace 3 CLASSPNP.SYS[8950759e] -> nt!IofCallDriver -> [0x85f1e918] 85f1e918 Trace 5 ACPI.sys[88d263b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8522e908] 8522e908 Trace \Driver\atapi[0x85f05f38] -> IRP_MJ_CREATE -> 0x851e11e8 851e11e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC9 0x3A 0xFE 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x28 0x27 0x56 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0x78 0xF3 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0xCE 0xE2 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC9 0x3A 0xFE 0x49 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x28 0x27 0x56 0x30 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0x78 0xF3 0x52 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0xCE 0xE2 0x79 ... ---- EOF - GMER 2.1 ----