GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-05 22:16:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5003AZEX-00K1GA0 rev.80.00A80 465,76GB Running: k0d44q3w.exe; Driver: C:\Users\Aveo\AppData\Local\Temp\ufddrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000755b1401 2 bytes JMP 750bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000755b1419 2 bytes JMP 750bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000755b1431 2 bytes JMP 75138ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000755b144a 2 bytes CALL 750948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000755b14dd 2 bytes JMP 751387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000755b14f5 2 bytes JMP 75138978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000755b150d 2 bytes JMP 75138698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000755b1525 2 bytes JMP 75138a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000755b153d 2 bytes JMP 750afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000755b1555 2 bytes JMP 750b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000755b156d 2 bytes JMP 75138f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000755b1585 2 bytes JMP 75138ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000755b159d 2 bytes JMP 7513865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000755b15b5 2 bytes JMP 750afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000755b15cd 2 bytes JMP 750bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000755b16b2 2 bytes JMP 75138e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000755b16bd 2 bytes JMP 751385f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\SysWOW64\ntdll.dll!RtlFreeActivationContextStack + 271 0000000076f88017 7 bytes JMP 0000000100519d68 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\kernel32.dll!FreeLibrary + 8 0000000075093490 7 bytes JMP 0000000100519bac .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19 0000000075095389 7 bytes JMP 00000001004bd04c .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074a59d0b 5 bytes JMP 000000011000a4d0 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074a59d4e 5 bytes JMP 000000011000a630 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\GDI32.dll!CreatePen 00000000751aba4f 5 bytes JMP 0000000100708004 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\USER32.dll!GetSysColor 00000000768a6c3c 5 bytes JMP 00000001007081b0 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\USER32.dll!GetSysColorBrush 00000000768b35a4 5 bytes JMP 00000001007082e4 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755b1401 2 bytes JMP 750bb21b C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755b1419 2 bytes JMP 750bb346 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755b1431 2 bytes JMP 75138ea9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755b144a 2 bytes CALL 750948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755b14dd 2 bytes JMP 751387a2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755b14f5 2 bytes JMP 75138978 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755b150d 2 bytes JMP 75138698 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755b1525 2 bytes JMP 75138a62 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755b153d 2 bytes JMP 750afca8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755b1555 2 bytes JMP 750b68ef C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755b156d 2 bytes JMP 75138f61 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755b1585 2 bytes JMP 75138ac2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755b159d 2 bytes JMP 7513865c C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755b15b5 2 bytes JMP 750afd41 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755b15cd 2 bytes JMP 750bb2dc C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755b16b2 2 bytes JMP 75138e24 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755b16bd 2 bytes JMP 751385f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071817e3d 5 bytes JMP 000000011000a690 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007184de69 5 bytes JMP 000000011000a770 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007185d2c5 5 bytes JMP 000000011000a8a0 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007185d371 5 bytes JMP 000000011000a990 .text D:\Program Files\My Lockbox\mylbx.exe[1960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007185d429 5 bytes JMP 000000011000aa80 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074a59d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074a59d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000738c451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000738c4b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000738c4bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000738c4f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000738c4f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000738c9054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000738cadf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000738e52e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000738e535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000738e59cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000738e5a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000738e5ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000738e5b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000738e5bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000738e5bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000738e5c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000738e5c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071817e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007184de69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007185d2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007185d371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2092] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007185d429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef94336ac 5 bytes JMP 000007fefe9001f0 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef9433770 5 bytes JMP 000007fefe900298 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef94338d0 5 bytes JMP 000007fefe9001b8 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef9433ca4 5 bytes JMP 000007fefe900260 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef9433d40 5 bytes JMP 000007fefe900228 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef9437fe0 7 bytes JMP 000007fefe900378 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef943a38c 5 bytes JMP 000007fefe9002d0 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef94549f0 5 bytes JMP 000007fefe900308 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef9454ab0 5 bytes JMP 000007fefe900340 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInClose 000007fef94552e0 5 bytes JMP 000007fefe9003b0 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef94553c0 5 bytes JMP 000007fefe900490 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef9455454 5 bytes JMP 000007fefe9004c8 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef9455514 5 bytes JMP 000007fefe900500 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInStart 000007fef94555a4 6 bytes JMP 000007fefe9003e8 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInStop 000007fef94555e4 6 bytes JMP 000007fefe900420 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInReset 000007fef9455624 5 bytes JMP 000007fefe900458 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef945567c 5 bytes JMP 000007fefe900538 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef4d06944 7 bytes JMP 000007fefe900180 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef4d25a84 7 bytes JMP 000007fefe900148 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef4d25b90 7 bytes JMP 000007fefe900570 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef4d25c94 7 bytes JMP 000007fefe9005a8 .text C:\Windows\system\HsMgr64.exe[2100] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef4d25da8 5 bytes JMP 000007fefe9005e0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074a59d0b 5 bytes JMP 000000011000a4d0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074a59d4e 5 bytes JMP 000000011000a630 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755b1401 2 bytes JMP 750bb21b C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755b1419 2 bytes JMP 750bb346 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755b1431 2 bytes JMP 75138ea9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755b144a 2 bytes CALL 750948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755b14dd 2 bytes JMP 751387a2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755b14f5 2 bytes JMP 75138978 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755b150d 2 bytes JMP 75138698 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755b1525 2 bytes JMP 75138a62 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755b153d 2 bytes JMP 750afca8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755b1555 2 bytes JMP 750b68ef C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755b156d 2 bytes JMP 75138f61 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755b1585 2 bytes JMP 75138ac2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755b159d 2 bytes JMP 7513865c C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755b15b5 2 bytes JMP 750afd41 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755b15cd 2 bytes JMP 750bb2dc C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755b16b2 2 bytes JMP 75138e24 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755b16bd 2 bytes JMP 751385f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000738c451e 5 bytes JMP 000000011000ab40 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000738c4b6d 5 bytes JMP 000000011000abb0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000738c4bf2 5 bytes JMP 000000011000ac90 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000738c4f0f 5 bytes JMP 000000011000ac50 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000738c4f7b 5 bytes JMP 000000011000ac10 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000738c9054 5 bytes JMP 000000011000ad10 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000738cadf9 5 bytes JMP 000000011000abe0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000738e52e8 5 bytes JMP 000000011000acd0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000738e535f 5 bytes JMP 000000011000acf0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000738e59cc 5 bytes JMP 000000011000ae40 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000738e5a6a 5 bytes JMP 000000011000aec0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000738e5ad7 5 bytes JMP 000000011000af00 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000738e5b5b 5 bytes JMP 000000011000af40 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000738e5bba 5 bytes JMP 000000011000af80 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000738e5bee 5 bytes JMP 000000011000b000 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000738e5c22 5 bytes JMP 000000011000b060 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000738e5c67 5 bytes JMP 000000011000b0d0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071817e3d 5 bytes JMP 000000011000a690 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007184de69 5 bytes JMP 000000011000a770 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007185d2c5 5 bytes JMP 000000011000a8a0 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007185d371 5 bytes JMP 000000011000a990 .text D:\Program Files\RocketDock\RocketDock.exe[2116] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007185d429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2388] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074a59d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2388] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074a59d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074a59d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074a59d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000738c451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000738c4b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000738c4bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000738c4f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000738c4f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000738c9054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000738cadf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000738e52e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000738e535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000738e59cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000738e5a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000738e5ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000738e5b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000738e5bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000738e5bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000738e5c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000738e5c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071817e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007184de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007185d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007185d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007185d429 5 bytes JMP 000000011000aa80 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755b1401 2 bytes JMP 750bb21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755b1419 2 bytes JMP 750bb346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755b1431 2 bytes JMP 75138ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755b144a 2 bytes CALL 750948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755b14dd 2 bytes JMP 751387a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755b14f5 2 bytes JMP 75138978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755b150d 2 bytes JMP 75138698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755b1525 2 bytes JMP 75138a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755b153d 2 bytes JMP 750afca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755b1555 2 bytes JMP 750b68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755b156d 2 bytes JMP 75138f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755b1585 2 bytes JMP 75138ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755b159d 2 bytes JMP 7513865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755b15b5 2 bytes JMP 750afd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755b15cd 2 bytes JMP 750bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755b16b2 2 bytes JMP 75138e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755b16bd 2 bytes JMP 751385f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000738c451e 5 bytes JMP 000000010029ab40 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000738c4b6d 5 bytes JMP 000000010029abb0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000738c4bf2 5 bytes JMP 000000010029ac90 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000738c4f0f 5 bytes JMP 000000010029ac50 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000738c4f7b 5 bytes JMP 000000010029ac10 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000738c9054 5 bytes JMP 000000010029ad10 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000738cadf9 5 bytes JMP 000000010029abe0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000738e52e8 5 bytes JMP 000000010029acd0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000738e535f 5 bytes JMP 000000010029acf0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000738e59cc 5 bytes JMP 000000010029ae40 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000738e5a6a 5 bytes JMP 000000010029aec0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000738e5ad7 5 bytes JMP 000000010029af00 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000738e5b5b 5 bytes JMP 000000010029af40 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000738e5bba 5 bytes JMP 000000010029af80 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000738e5bee 5 bytes JMP 000000010029b000 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000738e5c22 5 bytes JMP 000000010029b060 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000738e5c67 5 bytes JMP 000000010029b0d0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071817e3d 5 bytes JMP 000000010029a690 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007184de69 5 bytes JMP 000000010029a770 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007185d2c5 5 bytes JMP 000000010029a8a0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007185d371 5 bytes JMP 000000010029a990 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007185d429 5 bytes JMP 000000010029aa80 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074a59d0b 5 bytes JMP 000000010029a4d0 .text C:\Users\Aveo\Desktop\k0d44q3w.exe[5192] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074a59d4e 5 bytes JMP 000000010029a630 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@44d4e076d17f 0x6C 0x2B 0xBA 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@40b0fa3e03be 0x56 0x05 0xCD 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x0C 0x36 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x11 0x3D 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@d0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x73 0x56 0x2F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@44d4e076d17f 0x6C 0x2B 0xBA 0x8A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@40b0fa3e03be 0x56 0x05 0xCD 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x0C 0x36 0x3C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x11 0x3D 0x16 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@d0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x73 0x56 0x2F ... ---- EOF - GMER 2.1 ----