GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-07 19:09:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000075 Hitachi_ rev.PC4O 465,76GB Running: jziff1p2.exe; Driver: C:\Users\mariusz\AppData\Local\Temp\pwriykod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80004dc1000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80004dc102e 17 bytes [44, 00, 00, 00, 00, 00, 00, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000d4400 7 bytes [00, 99, F3, FF, 41, AC, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000d4408 3 bytes [00, 07, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 75d0b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 75d0b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75d88ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75ce48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75d887a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75d88978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75d88698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75d88a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 75cffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75d068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 75d88f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75d88ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75d8865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 75cffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 75d0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75d88e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75d885f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072d617fa 2 bytes CALL 75ce11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072d61860 2 bytes CALL 75ce11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072d61942 2 bytes JMP 75e67089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072d6194d 2 bytes JMP 75e6cba6 C:\Windows\syswow64\WS2_32.dll ? C:\Windows\system32\mssprxy.dll [3368] entry point in ".rdata" section 00000000713271e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 75d0b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 75d0b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75d88ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75ce48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75d887a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75d88978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75d88698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75d88a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 75cffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75d068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 75d88f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75d88ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75d8865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 75cffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 75d0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75d88e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75d885f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 75d0b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 75d0b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75d88ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75ce48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75d887a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75d88978 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75d88698 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75d88a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 75cffca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75d068ef C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 75d88f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75d88ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75d8865c C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 75cffd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 75d0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75d88e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\mariusz\AppData\Local\Akamai\netsession_win.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75d885f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 75d0b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 75d0b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75d88ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75ce48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75d887a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 75d88978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75d88698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 75d88a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 75cffca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 75d068ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 75d88f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75d88ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75d8865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 75cffd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 75d0b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75d88e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75d885f1 C:\Windows\syswow64\KERNEL32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800107ee94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800107ec38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800107f614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800107fa10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800107f86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\abl9b939 \Device\Scsi\abl9b9391Port2Path0Target0Lun0 fffffa80084ca2c0 Device \Driver\VClone \Device\Scsi\VClone1 fffffa80085122c0 Device \Driver\VClone \Device\Scsi\VClone1Port1Path0Target0Lun0 fffffa80085122c0 Device \Driver\abl9b939 \Device\Scsi\abl9b9391 fffffa80084ca2c0 Device \FileSystem\Ntfs \Ntfs fffffa8004c132c0 Device \FileSystem\fastfat \Fat fffffa80084242c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764} fffffa8007cb52c0 Device \Driver\dtsoftbus01 \Device\0000008a fffffa8007ab82c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007fad2c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa8004c0f2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007cb12c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007cb12c0 Device \Driver\cdrom \Device\CdRom2 fffffa8007cb12c0 Device \Driver\cdrom \Device\CdRom3 fffffa8007cb12c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8} fffffa8007cb52c0 Device \Driver\iaStorA \Device\00000075 fffffa8004c0f2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007fad2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8007ab82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788} fffffa8007cb52c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76} fffffa8007cb52c0 Device \Driver\iaStorA \Device\00000076 fffffa8004c0f2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007fad2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007cb52c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F} fffffa8007cb52c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa8004c0f2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007fad2c0 Device \Driver\VClone \Device\ScsiPort1 fffffa80085122c0 Device \Driver\abl9b939 \Device\ScsiPort2 fffffa80084ca2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStorF.sys >>UNKNOWN [0xfffffa8004c0f2c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa8004c0f2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005380060] fffffa8005380060 Trace 3 CLASSPNP.SYS[fffff88001e6243f] -> nt!IofCallDriver -> [0xfffffa8005243b10] fffffa8005243b10 Trace 5 hpdskflt.sys[fffff88001802189] -> nt!IofCallDriver -> [0xfffffa8005240ab0] fffffa8005240ab0 Trace 7 iaStorF.sys[fffff88001be5f84] -> nt!IofCallDriver -> \Device\00000075[0xfffffa80052e59c0] fffffa80052e59c0 Trace \Driver\iaStorA[0xfffffa800506f2f0] -> IRP_MJ_CREATE -> 0xfffffa8004c0f2c0 fffffa8004c0f2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\abl9b939.SYS fffff88008365000-fffff880083b0000 (307200 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5672:5808] 000007fefeac0168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5672:5852] 000007fefb702bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5672:5872] 000007feedb3cf60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5672:5884] 000007feedb3cf60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5672:4504] 000007fef5bb5124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\bc7737de3e64 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\bc7737de3e64@38ece4b124f7 0xFA 0x50 0x92 0xB2 ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\bc7737de3e64@181456a47c0e 0x25 0xEE 0x59 0x62 ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\bc7737de3e64@8c64225383d5 0x7C 0x00 0x8F 0x1E ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\bc7737de3e64@a826d9f8bdaf 0x4F 0xC2 0xBD 0x72 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6A 0x56 0xD1 0xB4 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x96 0x80 0x7E 0xA9 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x1C 0xAD 0x24 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\bc7737de3e64 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\bc7737de3e64@38ece4b124f7 0xFA 0x50 0x92 0xB2 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\bc7737de3e64@181456a47c0e 0x25 0xEE 0x59 0x62 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\bc7737de3e64@8c64225383d5 0x7C 0x00 0x8F 0x1E ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\bc7737de3e64@a826d9f8bdaf 0x4F 0xC2 0xBD 0x72 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6A 0x56 0xD1 0xB4 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x96 0x80 0x7E 0xA9 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x1C 0xAD 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Karta Microsoft ISATAP 1?2?3?6?8? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4B577F12-5D1B-4A35-899C-386F4E87AADD}"?"{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\TCPIP6TUNNEL_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737de3e64 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737de3e64@38ece4b124f7 0xFA 0x50 0x92 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737de3e64@181456a47c0e 0x25 0xEE 0x59 0x62 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737de3e64@8c64225383d5 0x7C 0x00 0x8F 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737de3e64@a826d9f8bdaf 0x4F 0xC2 0xBD 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind \Device\Smb_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Smb_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Smb_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Smb_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Smb_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\Smb_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\Smb_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\Smb_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\Smb_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Smb_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Smb_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\Smb_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Smb_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Smb_Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Smb_Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\Smb_Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Smb_Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Smb_Tcpip6_{0632654E-3D01-4670-A213-A50 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route "Smb" "Tcpip" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Smb" "Tcpip" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Smb" "Tcpip" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Smb" "Tcpip" "{0632654E-3D01-4670-A213-A503B656B004}"?"Smb" "Tcpip" "{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"Smb" "Tcpip" "{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"Smb" "Tcpip" "{79448934-6A09-4E96-AFB9-E7330E0D8CE8}"?"Smb" "Tcpip" "{C4870252-3671-484F-95A5-E5EC7A9885B7}"?"Smb" "Tcpip" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Smb" "Tcpip" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Smb" "Tcpip6" "{4B577F12-5D1B-4A35-899C-386F4E87AADD}"?"Smb" "Tcpip6" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Smb" "Tcpip6" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Smb" "Tcpip6" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Smb" "Tcpip6" "{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}"?"Smb" "Tcpip6" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Smb" "Tcpip6" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Smb" "Tcpip6" "{0632654E-3D01-4670-A213-A503B656B004}"?"Smb" "Tcpip6" "{FCF3DAE1 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export \Device\LanmanServer_Smb_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\LanmanServer_Smb_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\LanmanServer_Smb_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\LanmanServer_Smb_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\LanmanServer_Smb_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\LanmanServer_Smb_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\LanmanServer_Smb_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\LanmanServer_Smb_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\LanmanServer_Smb_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\LanmanServer_Smb_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\LanmanServer_Smb_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\LanmanServer_Smb_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\LanmanServer_Smb_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\LanmanServer_Smb_Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\LanmanServer_Smb_Tcpip6_{D2F2BF Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind \Device\Smb_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Smb_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Smb_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Smb_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Smb_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\Smb_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\Smb_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\Smb_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\Smb_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Smb_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Smb_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\Smb_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Smb_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Smb_Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Smb_Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\Smb_Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Smb_Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Smb_Tcpip6_{0632654E-3D01-4670-A213-A50 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route "Smb" "Tcpip" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Smb" "Tcpip" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Smb" "Tcpip" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Smb" "Tcpip" "{0632654E-3D01-4670-A213-A503B656B004}"?"Smb" "Tcpip" "{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"Smb" "Tcpip" "{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"Smb" "Tcpip" "{79448934-6A09-4E96-AFB9-E7330E0D8CE8}"?"Smb" "Tcpip" "{C4870252-3671-484F-95A5-E5EC7A9885B7}"?"Smb" "Tcpip" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Smb" "Tcpip" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Smb" "Tcpip6" "{4B577F12-5D1B-4A35-899C-386F4E87AADD}"?"Smb" "Tcpip6" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Smb" "Tcpip6" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Smb" "Tcpip6" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Smb" "Tcpip6" "{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}"?"Smb" "Tcpip6" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Smb" "Tcpip6" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Smb" "Tcpip6" "{0632654E-3D01-4670-A213-A503B656B004}"?"Smb" "Tcpip6" "{FCF3DAE1 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_Smb_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\LanmanWorkstation_Smb_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\LanmanWorkstation_Smb_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\LanmanWorkstation_Smb_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\LanmanWorkstation_Smb_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\LanmanWorkstation_Smb_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\LanmanWorkstation_Smb_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\LanmanWorkstation_Smb_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\LanmanWorkstation_Smb_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\LanmanWorkstation_Smb_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\LanmanWorkstation_Smb_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\LanmanWorkstation_Smb_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\LanmanWorkstation_Smb_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\LanmanWorkstation_Smb_Tcpip6_{0606FBA Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\NetBT_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\NetBT_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\NetBT_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\NetBT_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\NetBT_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\NetBT_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\NetBT_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\NetBT_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\NetBT_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\NetBT_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\NetBT_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\NetBT_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\NetBT_Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\NetBT_Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\NetBT_Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\NetBT_Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\NetBT Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"NetBT" "Tcpip" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"NetBT" "Tcpip" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"NetBT" "Tcpip" "{0632654E-3D01-4670-A213-A503B656B004}"?"NetBT" "Tcpip" "{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"NetBT" "Tcpip" "{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"NetBT" "Tcpip" "{79448934-6A09-4E96-AFB9-E7330E0D8CE8}"?"NetBT" "Tcpip" "{C4870252-3671-484F-95A5-E5EC7A9885B7}"?"NetBT" "Tcpip" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"NetBT" "Tcpip" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"NetBT" "Tcpip6" "{4B577F12-5D1B-4A35-899C-386F4E87AADD}"?"NetBT" "Tcpip6" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"NetBT" "Tcpip6" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"NetBT" "Tcpip6" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"NetBT" "Tcpip6" "{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}"?"NetBT" "Tcpip6" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"NetBT" "Tcpip6" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"NetBT" "Tcpip6" "{0632654E-3D01-4670-A213-A503 Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\NetBIOS_NetBT_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\NetBIOS_NetBT_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\NetBIOS_NetBT_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\NetBIOS_NetBT_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\NetBIOS_NetBT_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\NetBIOS_NetBT_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\NetBIOS_NetBT_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\NetBIOS_NetBT_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\NetBIOS_NetBT_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\NetBIOS_NetBT_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\NetBIOS_NetBT_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\NetBIOS_NetBT_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\NetBIOS_NetBT_Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\NetBIOS_NetBT_Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\NetBI Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind \Device\Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Tcpip6_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Tcpip6_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route "Tcpip" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Tcpip" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Tcpip" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Tcpip" "{0632654E-3D01-4670-A213-A503B656B004}"?"Tcpip" "{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"Tcpip" "{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"Tcpip" "{79448934-6A09-4E96-AFB9-E7330E0D8CE8}"?"Tcpip" "{C4870252-3671-484F-95A5-E5EC7A9885B7}"?"Tcpip" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Tcpip" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Tcpip6" "{4B577F12-5D1B-4A35-899C-386F4E87AADD}"?"Tcpip6" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Tcpip6" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Tcpip6" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Tcpip6" "{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}"?"Tcpip6" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Tcpip6" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Tcpip6" "{0632654E-3D01-4670-A213-A503B656B004}"?"Tcpip6" "{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"Tcpip6" "{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"Tcpip6" "{73F77702-C465-44B9-A18 Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\NetBT_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\NetBT_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\NetBT_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\NetBT_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\NetBT_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\NetBT_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\NetBT_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\NetBT_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\NetBT_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\NetBT_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\NetBT_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\NetBT_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\NetBT_Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\NetBT_Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\NetBT_Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\NetBT_Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\NetBT Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 140462 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 30937 Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind \Device\Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Tcpip6_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Tcpip6_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route "Tcpip" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Tcpip" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Tcpip" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Tcpip" "{0632654E-3D01-4670-A213-A503B656B004}"?"Tcpip" "{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"Tcpip" "{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"Tcpip" "{79448934-6A09-4E96-AFB9-E7330E0D8CE8}"?"Tcpip" "{C4870252-3671-484F-95A5-E5EC7A9885B7}"?"Tcpip" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Tcpip" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Tcpip6" "{4B577F12-5D1B-4A35-899C-386F4E87AADD}"?"Tcpip6" "{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"Tcpip6" "{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"Tcpip6" "{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"Tcpip6" "{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}"?"Tcpip6" "{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"Tcpip6" "{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"Tcpip6" "{0632654E-3D01-4670-A213-A503B656B004}"?"Tcpip6" "{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"Tcpip6" "{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"Tcpip6" "{73F77702-C465-44B9-A18 Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export \Device\Smb_Tcpip_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Smb_Tcpip_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Smb_Tcpip_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Smb_Tcpip_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Smb_Tcpip_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\Smb_Tcpip_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\Smb_Tcpip_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\Smb_Tcpip_{C4870252-3671-484F-95A5-E5EC7A9885B7}?\Device\Smb_Tcpip_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Smb_Tcpip_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Smb_Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\Smb_Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Smb_Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Smb_Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Smb_Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\Smb_Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Smb_Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Smb_Tcpip6_{0632654E-3D01-4670-A213-A50 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6A 0x56 0xD1 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x96 0x80 0x7E 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x1C 0xAD 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind \Device\{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\{0632654E-3D01-4670-A213-A503B656B004}?\Device\{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\{73F77702-C465-44B9-A18A-A5DE2B3C959D}?\Device\{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\{C4870252-3671-484F-95A5-E5EC7A9885B7}? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route "{4B577F12-5D1B-4A35-899C-386F4E87AADD}"?"{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}"?"{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}"?"{0606FBA3-3A51-4A28-88CC-946CCEC0D764}"?"{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}"?"{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}"?"{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}"?"{0632654E-3D01-4670-A213-A503B656B004}"?"{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}"?"{AC07A675-E324-4E5D-BC45-D285AC05189F}"?"{73F77702-C465-44B9-A18A-A5DE2B3C959D}"?"{79448934-6A09-4E96-AFB9-E7330E0D8CE8}"?"{C4870252-3671-484F-95A5-E5EC7A9885B7}"? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export \Device\Tcpip6_{4B577F12-5D1B-4A35-899C-386F4E87AADD}?\Device\Tcpip6_{2EC30181-5E81-4D4D-8D0A-A82C04E4BB3F}?\Device\Tcpip6_{87DED004-8F72-4CEB-BD8E-4EC0ABF95D76}?\Device\Tcpip6_{0606FBA3-3A51-4A28-88CC-946CCEC0D764}?\Device\Tcpip6_{D2F2BFEE-837E-406D-BD7B-8FBEA80BB7BC}?\Device\Tcpip6_{34D2ADD7-ED27-47C8-A5B2-16D2331AB13C}?\Device\Tcpip6_{00CE36E1-F0B1-4BC4-8D3F-C2D850031788}?\Device\Tcpip6_{0632654E-3D01-4670-A213-A503B656B004}?\Device\Tcpip6_{FCF3DAE1-6D56-418B-80CF-07A17C6979C6}?\Device\Tcpip6_{AC07A675-E324-4E5D-BC45-D285AC05189F}?\Device\Tcpip6_{73F77702-C465-44B9-A18A-A5DE2B3C959D}?\Device\Tcpip6_{79448934-6A09-4E96-AFB9-E7330E0D8CE8}?\Device\Tcpip6_{C4870252-3671-484F-95A5-E5EC7A9885B7}? ---- EOF - GMER 2.1 ----