GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-09 22:17:05 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: dzulpjt5.exe; Driver: C:\Users\V-TECG~1\AppData\Local\Temp\pwldakow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestPort + 14A9 83078E65 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2812 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B4CCFEE] ? C:\Windows\System32\Drivers\ajmw8sah.SYS suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtMapViewOfSection + 6 775D5C4E 4 Bytes [18, 20, 3F, 6D] {SBB [EAX], AH; AAS ; INS DWORD [ES:EDI], DX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtMapViewOfSection + B 775D5C53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtCreateFile + 6 775D55EE 4 Bytes [28, A4, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtCreateFile + B 775D55F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + 6 775D5C4E 4 Bytes [28, A7, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + B 775D5C53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenFile + 6 775D5CFE 4 Bytes [68, A4, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenFile + B 775D5D03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcess + 6 775D5DAE 4 Bytes [A8, A5, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcess + B 775D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessToken + B 775D5DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessTokenEx + 6 775D5DCE 4 Bytes [A8, A6, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessTokenEx + B 775D5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThread + 6 775D5E2E 4 Bytes [68, A5, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThread + B 775D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadToken + 6 775D5E3E 4 Bytes [68, A6, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadToken + B 775D5E43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadTokenEx + B 775D5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryAttributesFile + 6 775D5F5E 4 Bytes [A8, A4, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryAttributesFile + B 775D5F63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryFullAttributesFile + B 775D6013 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationFile + 6 775D665E 4 Bytes [28, A5, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationFile + B 775D6663 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationThread + 6 775D66BE 4 Bytes [28, A6, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationThread + B 775D66C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + 6 775D69DE 4 Bytes [68, A7, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + B 775D69E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtCreateFile + 6 775D55EE 4 Bytes [28, C4, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtCreateFile + B 775D55F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtMapViewOfSection + 6 775D5C4E 4 Bytes [28, C7, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtMapViewOfSection + B 775D5C53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenFile + 6 775D5CFE 4 Bytes [68, C4, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenFile + B 775D5D03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcess + 6 775D5DAE 4 Bytes [A8, C5, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcess + B 775D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcessToken + B 775D5DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcessTokenEx + 6 775D5DCE 4 Bytes [A8, C6, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenProcessTokenEx + B 775D5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThread + 6 775D5E2E 4 Bytes [68, C5, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThread + B 775D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThreadToken + 6 775D5E3E 4 Bytes [68, C6, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThreadToken + B 775D5E43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtOpenThreadTokenEx + B 775D5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtQueryAttributesFile + 6 775D5F5E 4 Bytes [A8, C4, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtQueryAttributesFile + B 775D5F63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtQueryFullAttributesFile + B 775D6013 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationFile + 6 775D665E 4 Bytes [28, C5, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationFile + B 775D6663 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationThread + 6 775D66BE 4 Bytes [28, C6, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtSetInformationThread + B 775D66C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtUnmapViewOfSection + 6 775D69DE 4 Bytes [68, C7, 5E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2468] ntdll.dll!NtUnmapViewOfSection + B 775D69E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtCreateFile + 6 775D55EE 4 Bytes [28, 0C, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtCreateFile + B 775D55F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtMapViewOfSection + 6 775D5C4E 4 Bytes [28, 0F, B3, 00] {SUB [EDI], CL; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtMapViewOfSection + B 775D5C53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenFile + 6 775D5CFE 4 Bytes [68, 0C, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenFile + B 775D5D03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcess + 6 775D5DAE 4 Bytes [A8, 0D, B3, 00] {TEST AL, 0xd; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcess + B 775D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessToken + B 775D5DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessTokenEx + 6 775D5DCE 4 Bytes [A8, 0E, B3, 00] {TEST AL, 0xe; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessTokenEx + B 775D5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThread + 6 775D5E2E 4 Bytes [68, 0D, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThread + B 775D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadToken + 6 775D5E3E 4 Bytes [68, 0E, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadToken + B 775D5E43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadTokenEx + B 775D5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryAttributesFile + 6 775D5F5E 4 Bytes [A8, 0C, B3, 00] {TEST AL, 0xc; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryAttributesFile + B 775D5F63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryFullAttributesFile + B 775D6013 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationFile + 6 775D665E 4 Bytes [28, 0D, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationFile + B 775D6663 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationThread + 6 775D66BE 4 Bytes [28, 0E, B3, 00] {SUB [ESI], CL; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationThread + B 775D66C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtUnmapViewOfSection + 6 775D69DE 4 Bytes [68, 0F, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtUnmapViewOfSection + B 775D69E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + 6 775D55EE 4 Bytes [28, B0, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + B 775D55F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 775D5C4E 4 Bytes [28, B3, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + B 775D5C53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + 6 775D5CFE 4 Bytes [68, B0, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + B 775D5D03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + 6 775D5DAE 4 Bytes [A8, B1, B5, 00] {TEST AL, 0xb1; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + B 775D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + B 775D5DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + 6 775D5DCE 4 Bytes [A8, B2, B5, 00] {TEST AL, 0xb2; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + B 775D5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + 6 775D5E2E 4 Bytes [68, B1, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + B 775D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + 6 775D5E3E 4 Bytes [68, B2, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + B 775D5E43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + B 775D5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + 6 775D5F5E 4 Bytes [A8, B0, B5, 00] {TEST AL, 0xb0; MOV CH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + B 775D5F63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + B 775D6013 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + 6 775D665E 4 Bytes [28, B1, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + B 775D6663 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + 6 775D66BE 4 Bytes [28, B2, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + B 775D66C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 775D69DE 4 Bytes [68, B3, B5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + B 775D69E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtCreateFile + 6 775D55EE 4 Bytes [28, 38, D1, 00] {SUB [EAX], BH; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtCreateFile + B 775D55F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtMapViewOfSection + 6 775D5C4E 4 Bytes [28, 3B, D1, 00] {SUB [EBX], BH; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtMapViewOfSection + B 775D5C53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenFile + 6 775D5CFE 4 Bytes [68, 38, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenFile + B 775D5D03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcess + 6 775D5DAE 4 Bytes [A8, 39, D1, 00] {TEST AL, 0x39; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcess + B 775D5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessToken + B 775D5DC3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessTokenEx + 6 775D5DCE 4 Bytes [A8, 3A, D1, 00] {TEST AL, 0x3a; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessTokenEx + B 775D5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThread + 6 775D5E2E 4 Bytes [68, 39, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThread + B 775D5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadToken + 6 775D5E3E 4 Bytes [68, 3A, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadToken + B 775D5E43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadTokenEx + B 775D5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryAttributesFile + 6 775D5F5E 4 Bytes [A8, 38, D1, 00] {TEST AL, 0x38; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryAttributesFile + B 775D5F63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryFullAttributesFile + B 775D6013 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationFile + 6 775D665E 4 Bytes [28, 39, D1, 00] {SUB [ECX], BH; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationFile + B 775D6663 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationThread + 6 775D66BE 4 Bytes [28, 3A, D1, 00] {SUB [EDX], BH; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationThread + B 775D66C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtUnmapViewOfSection + 6 775D69DE 4 Bytes [68, 3B, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtUnmapViewOfSection + B 775D69E3 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 859691F8 Device \Driver\usbuhci \Device\USBPDO-0 859CE440 Device \Driver\PCI_PNP3353 \Device\00000051 sptd.sys Device \Driver\usbuhci \Device\USBPDO-1 859CE440 Device \Driver\usbuhci \Device\USBPDO-2 859CE440 Device \Driver\usbehci \Device\USBPDO-3 862C4440 Device \Driver\usbuhci \Device\USBPDO-4 859CE440 Device \Driver\usbuhci \Device\USBPDO-5 859CE440 Device \Driver\usbuhci \Device\USBPDO-6 859CE440 Device \Driver\usbehci \Device\USBPDO-7 862C4440 Device \Driver\cdrom \Device\CdRom0 869631F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859671F8 Device \Driver\atapi \Device\Ide\IdePort0 859671F8 Device \Driver\atapi \Device\Ide\IdePort1 859671F8 Device \Driver\atapi \Device\Ide\IdePort2 859671F8 Device \Driver\atapi \Device\Ide\IdePort3 859671F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 859671F8 Device \Driver\cdrom \Device\CdRom1 869631F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86A7E1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{21A6C4BA-FD01-4E9C-8F91-17C08C4D5980} 86A7E1F8 Device \Driver\usbuhci \Device\USBFDO-0 859CE440 Device \Driver\usbuhci \Device\USBFDO-1 859CE440 Device \Driver\usbuhci \Device\USBFDO-2 859CE440 Device \Driver\usbehci \Device\USBFDO-3 862C4440 Device \Driver\usbuhci \Device\USBFDO-4 859CE440 Device \Driver\usbuhci \Device\USBFDO-5 859CE440 Device \Driver\usbuhci \Device\USBFDO-6 859CE440 Device \Driver\NetBT \Device\NetBT_Tcpip_{8DB82739-E95B-4FE1-BB63-C61A2A347596} 86A7E1F8 Device \Driver\usbehci \Device\USBFDO-7 862C4440 Device \Driver\ajmw8sah \Device\Scsi\ajmw8sah1 86D001F8 Device \Driver\ajmw8sah \Device\Scsi\ajmw8sah1Port4Path0Target0Lun0 86D001F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x859671f8]<< 859671f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867b8880] 867b8880 Trace 3 CLASSPNP.SYS[8bc8559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859e6610] 859e6610 Trace \Driver\atapi[0x866d4210] -> IRP_MJ_CREATE -> 0x859671f8 859671f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f5d51a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f5d51a@0012f317a03e 0xD9 0x59 0x16 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f5d51a@50b7c3ec2840 0xA4 0x88 0xAE 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x4D 0xFB 0xB6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0xCA 0xD9 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE8 0xE1 0x89 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x00 0x99 0xC8 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2f5d51a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2f5d51a@0012f317a03e 0xD9 0x59 0x16 0x54 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x4D 0xFB 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0xCA 0xD9 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE8 0xE1 0x89 0x4F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x00 0x99 0xC8 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{34C89DAB-52F1-11E4-BD8C-806E6F6E6963} 613548624 ---- EOF - GMER 2.1 ----