GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-01 17:20:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1002FAEX-00Z3A0 rev.05.01D05 931,51GB Running: 0hwq9lcc.exe; Driver: C:\Users\Szymon\AppData\Local\Temp\uxdiqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\services.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[2036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[2036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75] .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[2036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75] .text ... * 2 .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe[1148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\MiuiTab\cmdshell.exe[1468] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[2228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Windows\system32\svchost.exe[2416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Users\Szymon\AppData\Local\Akamai\netsession_win.exe[3168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Users\Szymon\AppData\Local\Akamai\netsession_win.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75] .text C:\Users\Szymon\AppData\Local\Akamai\netsession_win.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75] .text ... * 2 .text C:\Users\Szymon\AppData\Local\Akamai\netsession_win.exe[3204] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Users\Szymon\AppData\Local\Akamai\netsession_win.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75] .text C:\Users\Szymon\AppData\Local\Akamai\netsession_win.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75] .text ... * 2 .text E:\Program Files (x86)\screenSHU\screenSHU.exe[3276] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[3460] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\Genius\X-G510\trayicon.exe[3520] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe[3712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[3824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75] .text C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[3860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!DispatchMessageW 0000000075b57deb 5 bytes JMP 000000016ce3cb30 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000075b58103 5 bytes JMP 000000016ce3cb00 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b58b9a 5 bytes JMP 000000016ce3d510 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075b5a5e6 5 bytes JMP 000000016ce3d3d0 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075b5cdb4 5 bytes JMP 000000016ce3cc90 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075b60112 5 bytes JMP 000000016ce3ce50 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075b60dbe 5 bytes JMP 000000016ce3cb60 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075b60e9a 5 bytes JMP 000000016ce3cf30 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075b60eba 5 bytes JMP 000000016ce3ced0 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000075b61d34 5 bytes JMP 000000016ce3cd90 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000075b61e6e 5 bytes JMP 000000016ce3cc60 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 0000000075b6260a 5 bytes JMP 000000016ce3d350 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!WindowFromPoint 0000000075b62ddb 5 bytes JMP 000000016ce3c430 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075b62ed1 5 bytes JMP 000000016ce3cdd0 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075b64076 5 bytes JMP 000000016ce3c410 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075b67ba7 5 bytes JMP 000000016ce3ceb0 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!AnimateWindow 0000000075b72b8d 5 bytes JMP 000000016ce3cd00 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 0000000075b730a6 5 bytes JMP 000000016ce3d280 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075b7ed58 5 bytes JMP 000000016ce3cdf0 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075da5ea6 5 bytes JMP 000000016ce3c460 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dab895 5 bytes JMP 000000016ce3c6d0 .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75] .text C:\PROGRA~2\Raptr\raptr.exe[2376] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75] .text ... * 2 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[3476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[1488] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75] .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75] .text ... * 2 .text C:\Program Files (x86)\Genius\X-G510\OSD.exe[2352] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 6 bytes {NOP ; JMP 0xffffffff8889cc7c} .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 6 bytes {NOP ; JMP 0xffffffff88898914} .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefdda4ec0 9 bytes JMP 000007fffc4a0148 .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc4f5c54 4 bytes JMP 000007fffc4a00d8 .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW + 5 000007fefc4f5c59 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc4f5c64 9 bytes JMP 000007fffc4a0110 .text C:\Program Files\Internet Explorer\iexplore.exe[5640] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe0917a0 9 bytes JMP 000007fffc4a0180 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 6 bytes {NOP ; JMP 0xffffffff8897cc7c} .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 6 bytes {NOP ; JMP 0xffffffff88978914} .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3d7490 11 bytes JMP 000007fffc4a01b8 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefe5075f0 5 bytes JMP 000007fffc4a0228 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefdd41180 5 bytes JMP 000007fffc4a0308 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefdd41320 7 bytes JMP 000007fffc4a0298 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefdd44450 6 bytes JMP 000007fffc4a0260 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefdd46720 10 bytes JMP 000007fffc4a02d0 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefdda4ec0 9 bytes JMP 000007fffc4a0148 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc4f5c54 4 bytes JMP 000007fffc4a00d8 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW + 5 000007fefc4f5c59 2 bytes [CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc4f5c64 9 bytes JMP 000007fffc4a0110 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\comdlg32.dll!PrintDlgW 000007fefe091164 9 bytes JMP 000007fffc4a01f0 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe0917a0 9 bytes JMP 000007fffc4a0180 .text C:\Program Files\Internet Explorer\iexplore.exe[3640] C:\Windows\System32\jscript.dll!DllGetClassObject + 400 000007fee38c8570 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe[5976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text C:\Windows\explorer.exe[5664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007787eecd 1 byte [62] .text E:\downloads\0hwq9lcc.exe[4184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e9a322 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106de94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800106dc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800106e614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800106ea10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106e86c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAcquireRemoveLockEx] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeQueryActiveProcessors] [fffff88001bb56bc] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeleteSymbolicLink] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExFreePoolWithTag] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoRegisterShutdownNotification] [fffff88001bb56c0] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeleteDevice] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAppendUnicodeToString] [fffff88001bb56c4] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeDpc] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetTimerEx] [fffff88001bb56c8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoUnregisterShutdownNotification] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!InitSafeBootMode] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [fffff88001bb56cc] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeRevertToUserAffinityThread] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoIsWdmVersionAvailable] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExDeleteResourceLite] [fffff88001bb56d0] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoCreateSymbolicLink] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCopyUnicodeString] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetSystemAffinityThread] [fffff88001bb56d4] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExInitializeResourceLite] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeTimerEx] [fffff88001bb56d8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeCancelTimer] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnmapLockedPages] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreeContiguousMemory] [fffff88001bb56dc] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnmapIoSpace] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmMapIoSpace] [fffff88001bb56e0] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreePagesFromMdl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAcquireResourceExclusiveLite] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeLeaveCriticalRegion] [fffff88001bb56e4] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoFreeMdl] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeEnterCriticalRegion] [fffff88001bb56e8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExReleaseResourceLite] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IofCompleteRequest] [fffff88001bb56ec] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnlockPages] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAllocateMdl] [fffff88001bb56f0] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlDeleteElementGenericTableAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInsertElementGenericTableAvl] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsLookupProcessByProcessId] [fffff88001bb56f4] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeUnstackDetachProcess] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlIsGenericTableEmptyAvl] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInitializeGenericTableAvl] [fffff88001bb56f8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlEnumerateGenericTableAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObfDereferenceObject] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLookupElementGenericTableAvl] [fffff88001bb56fc] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeStackAttachProcess] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsGetProcessWin32Process] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoFreeWorkItem] [fffff88001bb5700] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoGetCurrentProcess] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAllocateWorkItem] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmIsAddressValid] [fffff88001bb583c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExUnregisterCallback] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwCreateKey] [fffff88001bb57a8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeResetEvent] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsSetLoadImageNotifyRoutine] [fffff88001bb396c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetPriorityThread] [fffff88001bb5708] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetEvent] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCheckRegistryKey] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsSetCreateProcessNotifyRoutine] [fffff88001bb570c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocatePagesForMdl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreeMappingAddress] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetPhysicalAddress] [fffff88001bb5790] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsCreateSystemThread] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwQueryValueKey] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocateMappingAddress] [fffff88001bb5794] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsTerminateSystemThread] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwClose] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObReferenceObjectByHandle] [fffff88001bb5798] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsRemoveLoadImageNotifyRoutine] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExRegisterCallback] [fffff88001bb579c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsThreadType] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCompareUnicodeString] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeWaitForMultipleObjects] [fffff88001bb57a0] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetPhysicalMemoryRanges] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExCreateCallback] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocateContiguousMemorySpecifyCache] [fffff88001bb57a4] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!DbgPrint] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ProbeForRead] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExGetPreviousMode] [fffff88001bb5840] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoCreateDevice] [fffff88001bb3930] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObOpenObjectByPointer] [fffff88001bb57b8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwSetSecurityObject] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeviceObjectType] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!_snwprintf] [fffff88001bb57bc] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLengthSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!SeCaptureSecurityDescriptor] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCreateSecurityDescriptor] [fffff88001bb57c0] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlSetDaclSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!SeExports] [fffff88001bb57c4] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!wcschr] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!_wcsnicmp] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLengthSid] [fffff88001bb57c8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAddAccessAllowedAce] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetSaclSecurityDescriptor] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetDaclSecurityDescriptor] [fffff88001bb57cc] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetGroupSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetOwnerSecurityDescriptor] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwOpenKey] [fffff88001bb57d0] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwSetValueKey] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlFreeUnicodeString] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeBugCheckEx] [fffff88001bb57d4] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsGetVersion] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwMapViewOfSection] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwUnmapViewOfSection] [fffff88001bb57d8] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwCreateSection] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwOpenFile] [fffff88001bb395c] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!__C_specific_handler] [fffff88001bb57dc] \SystemRoot\System32\Drivers\aswVmm.sys [.text] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortCopyMemory] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] [fce8840fed844566] [unknown section] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortInitializeEx] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] [fffffcca820fd03b] [unknown section] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortGetBusData] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortRequestCallback] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortStallExecution] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] [fffffc92830fca3b] [unknown section] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] [fc80840f00107983] [unknown section] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortNotification] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] [?] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] [fffc59830fc83b08] [unknown section] IAT C:\Windows\System32\Drivers\aqm5fhvl.SYS[NTOSKRNL.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortCopyMemory] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortInitializeEx] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortGetBusData] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortRequestCallback] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortStallExecution] [ffffb0a015ff5024] [unknown section] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] [fffffa60e8cb8b48] [unknown section] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] [fff9c3e8d2330000] [unknown section] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] [fffa47e8cb8b48ff] [unknown section] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortNotification] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] [?] IAT C:\Windows\System32\Drivers\a979w1il.SYS[NTOSKRNL.exe!KeBugCheckEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80066ab2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80066ab2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80066ab2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80066ab2c0 Device \Driver\aqm5fhvl \Device\Scsi\aqm5fhvl1 fffffa8007dbe2c0 Device \Driver\a979w1il \Device\Scsi\a979w1il1 fffffa8007e372c0 Device \Driver\a979w1il \Device\Scsi\a979w1il1Port3Path0Target0Lun0 fffffa8007e372c0 Device \FileSystem\Ntfs \Ntfs fffffa800701c2c0 Device \Driver\aswHwid \Device\AswHWID fffff8800ad40568 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007d722c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007ad72c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007ad72c0 Device \Driver\cdrom \Device\CdRom2 fffffa8007ad72c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007d722c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80078882c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007d722c0 Device \Driver\dtsoftbus01 \Device\00000072 fffffa80078882c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{AE77193F-BC2F-4A71-A62F-841A59AAF7DE} fffffa8007bef2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007bef2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{DE21215F-4E27-4234-9746-2120A86DEC12} fffffa8007bef2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80066ab2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007d722c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80066ab2c0 Device \Driver\aqm5fhvl \Device\ScsiPort2 fffffa8007dbe2c0 Device \Driver\a979w1il \Device\ScsiPort3 fffffa8007e372c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80066ab2c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80066ab2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077df060] fffffa80077df060 Trace 3 CLASSPNP.SYS[fffff88001b6a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800752d680] fffffa800752d680 Trace \Driver\atapi[0xfffffa80071c54b0] -> IRP_MJ_CREATE -> 0xfffffa80066ab2c0 fffffa80066ab2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aqm5fhvl.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation SIGNED)(2010-11-21 03:23:47) fffff88007112000-fffff8800715d000 (307200 bytes) Module \SystemRoot\System32\Drivers\a979w1il.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation SIGNED)(2010-11-21 03:23:47) fffff8800718c000-fffff880071dd000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\explorer.exe [5664:5600] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:5060] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:3100] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:3936] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:4952] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:5992] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:5348] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:5356] 000000000392dfc0 Thread C:\Windows\explorer.exe [5664:5568] 000000000392dfc0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???.do??????????????????????????????????????.???/???????????N???O???????????a???a???????????c???c???????????e???e???????????g???g???????????p???p??????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????T???????????????(???????????????????????????????????????????????????????????\SystemRoot\system32\drivers\elxstor.sys?C????N??.???_?????D????? .??.???s?????.?&??\SystemRoot\system32\drivers\adp94xx.sys?y????X??9???/???&??\SystemRoot\system32\drivers\nvstor.sys?1D??\SystemRoot\system32\drivers\lsi_scsi.sys???? (??.???f?????.?&???????????.???????.??\SystemRoot\system32\drivers\pciide.sys?bf????X??????????/??\SystemRoot\system32\drivers\viaide.sys??e???????.???????e??64???????.???????????????????-?????????????w?????????.?????????????????2???????8?????????????????????.??? ???????.??????????????????????????+??????????????????????0???????.???????????/????ACPI\PNP0501\1???????????????.???8?8????? ???????.?????.???????,??4??????????????????????????.?.?????/? Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xBE 0xF7 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 f:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x21 0xF9 0x64 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x78 0x14 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0xBC 0x5D 0x4D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xBE 0xF7 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 f:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x21 0xF9 0x64 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x78 0x14 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0xBC 0x5D 0x4D ... ---- EOF - GMER 2.1 ----