GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-12 14:41:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.D005 465,76GB Running: d1v4jznu.exe; Driver: C:\Users\Robak\AppData\Local\Temp\fwddakog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\system32\drivers\USBPORT.SYS!DllUnload fffff880058cedac 12 bytes {MOV RAX, 0xfffffa8006b392a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1468] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe247490 11 bytes JMP 000007fffd410228 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1468] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe25bf00 7 bytes JMP 000007fffd410260 .text C:\windows\system32\Dwm.exe[1728] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1d89f0 8 bytes JMP 000007fffd4101f0 .text C:\windows\system32\Dwm.exe[1728] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff1dbe50 8 bytes JMP 000007fffd4101b8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075371d29 5 bytes JMP 0000000173ee2450 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075371dd7 5 bytes JMP 0000000173ee24b0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075372ab1 5 bytes JMP 0000000173ee2520 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075372d17 5 bytes JMP 0000000173ee2670 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007515e96b 5 bytes JMP 0000000173ee1a00 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007515eba5 5 bytes JMP 0000000173ee1a90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ea5ea5 5 bytes JMP 0000000173ee1ce0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2328] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076ed9d0b 5 bytes JMP 0000000173ee1c70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2860] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2860] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2860] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2860] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2860] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2860] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ea5ea5 5 bytes JMP 0000000173ee1ce0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2860] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076ed9d0b 5 bytes JMP 0000000173ee1c70 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007722f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077259a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000772694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077269630 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000772887e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1d89f0 8 bytes JMP 000007fffd4101f0 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff1dbe50 8 bytes JMP 000007fffd4101b8 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe247490 11 bytes JMP 000007fffd410228 .text C:\Program Files\DellTPad\Apoint.exe[3320] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe25bf00 7 bytes JMP 000007fffd410260 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3544] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3544] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3544] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3544] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3544] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3544] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ea5ea5 5 bytes JMP 0000000173ee1ce0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3544] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076ed9d0b 5 bytes JMP 0000000173ee1c70 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3784] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007722f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3784] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077259a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3784] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000772694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3784] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077269630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3784] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000772887e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075371d29 5 bytes JMP 0000000173ee2450 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075371dd7 5 bytes JMP 0000000173ee24b0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075372ab1 5 bytes JMP 0000000173ee2520 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075372d17 5 bytes JMP 0000000173ee2670 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007515e96b 5 bytes JMP 0000000173ee1a00 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007515eba5 5 bytes JMP 0000000173ee1a90 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ea5ea5 5 bytes JMP 0000000173ee1ce0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3336] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076ed9d0b 5 bytes JMP 0000000173ee1c70 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075371d29 5 bytes JMP 0000000173ee2450 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075371dd7 5 bytes JMP 0000000173ee24b0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075372ab1 5 bytes JMP 0000000173ee2520 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075372d17 5 bytes JMP 0000000173ee2670 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007515e96b 5 bytes JMP 0000000173ee1a00 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007515eba5 5 bytes JMP 0000000173ee1a90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ea5ea5 5 bytes JMP 0000000173ee1ce0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076ed9d0b 5 bytes JMP 0000000173ee1c70 .text C:\Program Files (x86)\Winamp\winampa.exe[4412] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files (x86)\Winamp\winampa.exe[4412] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files (x86)\Winamp\winampa.exe[4412] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files (x86)\Winamp\winampa.exe[4412] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files (x86)\Winamp\winampa.exe[4412] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076428791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075371d29 5 bytes JMP 0000000173ee2450 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075371dd7 5 bytes JMP 0000000173ee24b0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075372ab1 5 bytes JMP 0000000173ee2520 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075372d17 5 bytes JMP 0000000173ee2670 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007515e96b 5 bytes JMP 0000000173ee1a00 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007515eba5 5 bytes JMP 0000000173ee1a90 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ea5ea5 5 bytes JMP 0000000173ee1ce0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4444] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076ed9d0b 5 bytes JMP 0000000173ee1c70 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007722f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077259a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000772694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077269630 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000772887e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1d89f0 8 bytes JMP 000007fffd4101f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5444] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff1dbe50 8 bytes JMP 000007fffd4101b8 .text C:\Program Files\DellTPad\HidFind.exe[5540] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Program Files\DellTPad\HidFind.exe[5540] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Program Files\DellTPad\HidFind.exe[5540] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Program Files\DellTPad\HidFind.exe[5540] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Program Files\DellTPad\HidFind.exe[5540] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1d89f0 8 bytes JMP 000007fffd4101f0 .text C:\Program Files\DellTPad\HidFind.exe[5540] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff1dbe50 8 bytes JMP 000007fffd4101b8 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007722f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077259a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000772694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077269630 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000772887e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1d89f0 8 bytes JMP 000007fffd4101f0 .text C:\Program Files\DellTPad\Apntex.exe[5556] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff1dbe50 8 bytes JMP 000007fffd4101b8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075371d29 5 bytes JMP 0000000173ee2450 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075371dd7 5 bytes JMP 0000000173ee24b0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075372ab1 5 bytes JMP 0000000173ee2520 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075372d17 5 bytes JMP 0000000173ee2670 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007515e96b 5 bytes JMP 0000000173ee1a00 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007515eba5 5 bytes JMP 0000000173ee1a90 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ea5ea5 5 bytes JMP 0000000173ee1ce0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6016] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076ed9d0b 5 bytes JMP 0000000173ee1c70 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 7644b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 7644b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 764c8ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 764248ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 764c87a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 764c8978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 764c8698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 764c8a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 7643fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 764468ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 764c8f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 764c8ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 764c865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 7643fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 7644b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 764c8e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 764c85f1 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1d89f0 8 bytes JMP 000007fffd4101f0 .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff1dbe50 8 bytes JMP 000007fffd4101b8 .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe247490 11 bytes JMP 000007fffd410228 .text C:\windows\system32\Wat\WatUX.exe[4280] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe25bf00 7 bytes JMP 000007fffd410260 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076431409 7 bytes JMP 0000000173ee1e90 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007644b21b 5 bytes JMP 0000000173ee1da0 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764c8e24 7 bytes JMP 0000000173ee1d90 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764c8ea9 5 bytes JMP 0000000173ee1e80 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764c91ff 5 bytes JMP 0000000173ee1e10 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075371d29 5 bytes JMP 0000000173ee2450 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075371dd7 5 bytes JMP 0000000173ee24b0 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075372ab1 5 bytes JMP 0000000173ee2520 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075372d17 5 bytes JMP 0000000173ee2670 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007515e96b 5 bytes JMP 0000000173ee1a00 .text C:\Users\Robak\Downloads\d1v4jznu.exe[3480] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007515eba5 5 bytes JMP 0000000173ee1a90 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010d8650] \SystemRoot\System32\Drivers\spac.sys [unknown section] IAT C:\windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010d85dc] \SystemRoot\System32\Drivers\spac.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a335c] \SystemRoot\System32\Drivers\spac.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a3224] \SystemRoot\System32\Drivers\spac.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a3a24] \SystemRoot\System32\Drivers\spac.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a3ba0] \SystemRoot\System32\Drivers\spac.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\asagjnc9 \Device\Scsi\asagjnc91 fffffa8006f6d2c0 Device \Driver\asagjnc9 \Device\Scsi\asagjnc91Port1Path0Target0Lun0 fffffa8006f6d2c0 Device \FileSystem\Ntfs \Ntfs fffffa80046f82c0 Device \FileSystem\fastfat \Fat fffffa800a7b52c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8006ae52c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F09DE6E1-281E-4B54-956F-C759AA07D219} fffffa8006a192c0 Device \Driver\cdrom \Device\CdRom0 fffffa80068de2c0 Device \Driver\cdrom \Device\CdRom1 fffffa80068de2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{891BD841-807A-460B-AD46-BF7D449A083D} fffffa8006a192c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8006ae52c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{DD045473-DBF3-4BF2-93FE-B2E3F0F7A7B7} fffffa8006a192c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0963D8F2-023E-4DAD-9670-20680E284FC3} fffffa8006a192c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8006ae52c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa800399d2c0 Device \Driver\volmgr \Device\FtControl fffffa800399d2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa800399d2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa800399d2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa800399d2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006a192c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8006ae52c0 Device \Driver\asagjnc9 \Device\ScsiPort1 fffffa8006f6d2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\asagjnc9.SYS fffff88005985000-fffff880059ca000 (282624 bytes) ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\Dwm.exe [1728:1912] 000007fef8cbabf0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5300:5536] 000007fefb372bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5300:5672] 000007fef1c54830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5300:5792] 000007fefaee5124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c80931e2b06 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c80931e2b06@347e391779bb 0xAE 0x5B 0xEF 0xFC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c80931e2b06@ccfa0094869d 0x7A 0xFB 0xD9 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x8D 0x27 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x81 0xA5 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x67 0xF5 0x56 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x74 0x29 0x06 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c80931e2b06 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c80931e2b06@347e391779bb 0xAE 0x5B 0xEF 0xFC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c80931e2b06@ccfa0094869d 0x7A 0xFB 0xD9 0x9C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x8D 0x27 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x81 0xA5 0xF9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x67 0xF5 0x56 0xDF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x74 0x29 0x06 0xD4 ... ---- EOF - GMER 2.1 ----