GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-25 22:26:21 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM251JI rev.2SS00_06 232,89GB Running: hhjcgjr2.exe; Driver: C:\Users\Dom\AppData\Local\Temp\pwldapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90F44AA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90F4557E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90F515C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90F51614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90F517AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90F51536] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x940126D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90F5157E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x90F45AB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90F51768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90F4636C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90F44B06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90F49B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x90F446F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x940127B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90F44B6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90F49F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90F46E54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90F515F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90F51636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90F517D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90F5155C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90F4943A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90F516E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90F515A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90F49822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90F5178C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x94012556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90F46CC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x90F4681E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90F44BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90F44C38] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x940128AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90F4478C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90F4495E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90F448EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90F46536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90F46698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90F449E6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x94012624] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90F461C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90F44C9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x90F455DA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x90F45CD0] INT 0x06 \??\C:\Windows\system32\drivers\Haspnt.sys B9EBC16D INT 0x0E \??\C:\Windows\system32\drivers\Haspnt.sys B9EBBFC2 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 836B56D0 4 Bytes [A0, 4A, F4, 90] .text ntkrnlpa.exe!KeSetEvent + 191 836B5754 4 Bytes [7E, 55, F4, 90] {JLE 0x57; HLT ; NOP } .text ntkrnlpa.exe!KeSetEvent + 1D1 836B5794 8 Bytes [C8, 15, F5, 90, 14, 16, F5, ...] {ENTER 0xf515, 0x90; ADC AL, 0x16; CMC ; NOP } .text ntkrnlpa.exe!KeSetEvent + 1DD 836B57A0 4 Bytes [AE, 17, F5, 90] {SCASB ; POP SS; CMC ; NOP } .text ntkrnlpa.exe!KeSetEvent + 1F5 836B57B8 4 Bytes [36, 15, F5, 90] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83843091 4 Bytes CALL 90F47517 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83846D05 4 Bytes CALL 90F4752D \SystemRoot\system32\drivers\aswSnx.sys .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xB9EF4400, 0x82482, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB9F94420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB9F94420] .protect˙˙˙˙hardlockunknown last code section [0xB9F94200, 0x5105, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xB9F94200, 0x5105, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\taskeng.exe[200] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[236] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\Dwm.exe[280] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\Explorer.EXE[344] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\taskeng.exe[492] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text ... .text C:\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7662A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!LdrLoadDll 774B9318 3 Bytes JMP 004C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!LdrLoadDll + 4 774B931C 1 Byte [89] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!LdrUnloadDll 774CB600 5 Bytes JMP 004C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtCreateFile + 6 774F40D6 4 Bytes [28, 74, 46, 00] {SUB [ESI+EAX*2+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtCreateFile + B 774F40DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtMapViewOfSection + 6 774F4826 4 Bytes [28, 77, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtMapViewOfSection + B 774F482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenFile + 6 774F48B6 4 Bytes [68, 74, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenFile + B 774F48BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenProcess + 6 774F4936 4 Bytes [A8, 75, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenProcess + B 774F493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenProcessToken + B 774F494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenProcessTokenEx + 6 774F4956 4 Bytes [A8, 76, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenProcessTokenEx + B 774F495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenThread + 6 774F49A6 4 Bytes [68, 75, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenThread + B 774F49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenThreadToken + 6 774F49B6 4 Bytes [68, 76, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenThreadToken + B 774F49BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtOpenThreadTokenEx + B 774F49CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtQueryAttributesFile + 6 774F4A56 4 Bytes [A8, 74, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtQueryAttributesFile + B 774F4A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtQueryFullAttributesFile + B 774F4B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtSetInformationFile + 6 774F4FE6 4 Bytes [28, 75, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtSetInformationFile + B 774F4FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtSetInformationThread + 6 774F5036 4 Bytes [28, 76, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtSetInformationThread + B 774F503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtUnmapViewOfSection + 6 774F52D6 4 Bytes [68, 77, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] ntdll.dll!NtUnmapViewOfSection + B 774F52DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1800] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1972] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ba820248\aestsrv.exe[2008] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!LdrLoadDll 774B9318 5 Bytes JMP 00DD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!LdrUnloadDll 774CB600 5 Bytes JMP 00DD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtCreateFile + 6 774F40D6 4 Bytes [28, 70, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtCreateFile + B 774F40DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + 6 774F4826 4 Bytes [28, 73, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + B 774F482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenFile + 6 774F48B6 4 Bytes [68, 70, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenFile + B 774F48BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcess + 6 774F4936 4 Bytes [A8, 71, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcess + B 774F493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessToken + 6 774F4946 4 Bytes CALL 765020BC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessToken + B 774F494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + 6 774F4956 4 Bytes [A8, 72, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + B 774F495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThread + 6 774F49A6 4 Bytes [68, 71, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThread + B 774F49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + 6 774F49B6 4 Bytes [68, 72, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + B 774F49BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadTokenEx + 6 774F49C6 4 Bytes CALL 7650213D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadTokenEx + B 774F49CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + 6 774F4A56 4 Bytes [A8, 70, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + B 774F4A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryFullAttributesFile + 6 774F4B06 4 Bytes CALL 7650227B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryFullAttributesFile + B 774F4B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationFile + 6 774F4FE6 4 Bytes [28, 71, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationFile + B 774F4FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationThread + 6 774F5036 4 Bytes [28, 72, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationThread + B 774F503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + 6 774F52D6 4 Bytes [68, 73, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + B 774F52DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\System32\WLTRAY.EXE[3156] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3228] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrLoadDll 774B9318 5 Bytes JMP 00D601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrUnloadDll 774CB600 5 Bytes JMP 00D603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + 6 774F40D6 4 Bytes [28, 58, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + B 774F40DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + 6 774F4826 4 Bytes [28, 5B, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + B 774F482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + 6 774F48B6 4 Bytes [68, 58, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + B 774F48BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + 6 774F4936 4 Bytes [A8, 59, D1, 00] {TEST AL, 0x59; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + B 774F493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + 6 774F4946 4 Bytes CALL 76501AA4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + B 774F494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6 774F4956 4 Bytes [A8, 5A, D1, 00] {TEST AL, 0x5a; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B 774F495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + 6 774F49A6 4 Bytes [68, 59, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + B 774F49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + 6 774F49B6 4 Bytes [68, 5A, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + B 774F49BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6 774F49C6 4 Bytes CALL 76501B25 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B 774F49CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + 6 774F4A56 4 Bytes [A8, 58, D1, 00] {TEST AL, 0x58; ROL DWORD [EAX], 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + B 774F4A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + 6 774F4B06 4 Bytes CALL 76501C63 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B 774F4B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + 6 774F4FE6 4 Bytes [28, 59, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + B 774F4FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + 6 774F5036 4 Bytes [28, 5A, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + B 774F503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + 6 774F52D6 4 Bytes [68, 5B, D1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + B 774F52DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[3480] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[3488] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3524] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\IDT\WDM\sttray.exe[3616] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\AVAST Software\Avast\avastui.exe[3624] kernel32.dll!SetUnhandledExceptionFilter 7662A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\AVAST Software\Avast\avastui.exe[3624] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\USB Vibration\7906\USB Gamepad.exe[3636] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3664] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quickset.exe[3692] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!LdrLoadDll 774B9318 5 Bytes JMP 000601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!LdrUnloadDll 774CB600 5 Bytes JMP 000603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtMapViewOfSection + 6 774F4826 4 Bytes [18, 20, B8, 6E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] ntdll.dll!NtMapViewOfSection + B 774F482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3776] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3804] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3852] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!LdrLoadDll 774B9318 5 Bytes JMP 007E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!LdrUnloadDll 774CB600 5 Bytes JMP 007E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtCreateFile + 6 774F40D6 4 Bytes [28, 58, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtCreateFile + B 774F40DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtMapViewOfSection + 6 774F4826 4 Bytes [28, 5B, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtMapViewOfSection + B 774F482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenFile + 6 774F48B6 4 Bytes [68, 58, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenFile + B 774F48BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcess + 6 774F4936 4 Bytes [A8, 59, 74, 00] {TEST AL, 0x59; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcess + B 774F493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcessToken + B 774F494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcessTokenEx + 6 774F4956 4 Bytes [A8, 5A, 74, 00] {TEST AL, 0x5a; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenProcessTokenEx + B 774F495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThread + 6 774F49A6 4 Bytes [68, 59, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThread + B 774F49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThreadToken + 6 774F49B6 4 Bytes [68, 5A, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThreadToken + B 774F49BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtOpenThreadTokenEx + B 774F49CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtQueryAttributesFile + 6 774F4A56 4 Bytes [A8, 58, 74, 00] {TEST AL, 0x58; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtQueryAttributesFile + B 774F4A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtQueryFullAttributesFile + B 774F4B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationFile + 6 774F4FE6 4 Bytes [28, 59, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationFile + B 774F4FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationThread + 6 774F5036 4 Bytes [28, 5A, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtSetInformationThread + B 774F503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtUnmapViewOfSection + 6 774F52D6 4 Bytes [68, 5B, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] ntdll.dll!NtUnmapViewOfSection + B 774F52DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4264] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!LdrLoadDll 774B9318 5 Bytes JMP 007C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!LdrUnloadDll 774CB600 5 Bytes JMP 007C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtCreateFile + 6 774F40D6 4 Bytes [28, 74, 66, 00] {SUB [ESI+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtCreateFile + B 774F40DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtMapViewOfSection + 6 774F4826 4 Bytes [28, 77, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtMapViewOfSection + B 774F482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenFile + 6 774F48B6 4 Bytes [68, 74, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenFile + B 774F48BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcess + 6 774F4936 4 Bytes [A8, 75, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcess + B 774F493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcessToken + B 774F494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcessTokenEx + 6 774F4956 4 Bytes [A8, 76, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcessTokenEx + B 774F495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThread + 6 774F49A6 4 Bytes [68, 75, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThread + B 774F49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThreadToken + 6 774F49B6 4 Bytes [68, 76, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThreadToken + B 774F49BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThreadTokenEx + B 774F49CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtQueryAttributesFile + 6 774F4A56 4 Bytes [A8, 74, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtQueryAttributesFile + B 774F4A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtQueryFullAttributesFile + B 774F4B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationFile + 6 774F4FE6 4 Bytes [28, 75, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationFile + B 774F4FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationThread + 6 774F5036 4 Bytes [28, 76, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationThread + B 774F503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtUnmapViewOfSection + 6 774F52D6 4 Bytes [68, 77, 66, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtUnmapViewOfSection + B 774F52DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4296] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\conime.exe[4368] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Users\Dom\Desktop\hhjcgjr2.exe[4864] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!LdrLoadDll 774B9318 5 Bytes JMP 007D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!LdrUnloadDll 774CB600 5 Bytes JMP 007D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtCreateFile + 6 774F40D6 4 Bytes [28, 5C, 77, 00] {SUB [EDI+ESI*2+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtCreateFile + B 774F40DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtMapViewOfSection + 6 774F4826 4 Bytes [28, 5F, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtMapViewOfSection + B 774F482B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenFile + 6 774F48B6 4 Bytes [68, 5C, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenFile + B 774F48BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcess + 6 774F4936 4 Bytes [A8, 5D, 77, 00] {TEST AL, 0x5d; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcess + B 774F493B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessToken + B 774F494B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessTokenEx + 6 774F4956 4 Bytes [A8, 5E, 77, 00] {TEST AL, 0x5e; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenProcessTokenEx + B 774F495B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThread + 6 774F49A6 4 Bytes [68, 5D, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThread + B 774F49AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadToken + 6 774F49B6 4 Bytes [68, 5E, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadToken + B 774F49BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtOpenThreadTokenEx + B 774F49CB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryAttributesFile + 6 774F4A56 4 Bytes [A8, 5C, 77, 00] {TEST AL, 0x5c; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryAttributesFile + B 774F4A5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtQueryFullAttributesFile + B 774F4B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationFile + 6 774F4FE6 4 Bytes [28, 5D, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationFile + B 774F4FEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationThread + 6 774F5036 4 Bytes [28, 5E, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtSetInformationThread + B 774F503B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtUnmapViewOfSection + 6 774F52D6 4 Bytes [68, 5F, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] ntdll.dll!NtUnmapViewOfSection + B 774F52DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4908] KERNEL32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Update\Install\{E105683D-E928-4312-AFBE-0B4273E4AABA}\44.0.2403.157_43.0.2357.130_chrome_updater.exe[5112] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Windows\system32\UI0Detect.exe[5224] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[5944] kernel32.dll!GetBinaryTypeW + 70 7665252F 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74535B69] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74548F4D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7457CB6A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7451C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\Explorer.EXE[344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19372_none_9e57fb6eca11109f\gdiplus.dll IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002 IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613@3cc243ceadc1 0xFA 0x38 0xC7 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613@244b81dd60d3 0x34 0x05 0xB8 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f4ec613@b85a73737a3c 0x4F 0x28 0xFD 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 256896 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613@0022fc33fc66 0x78 0x01 0x04 0xC7 ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613@64995d4551cf 0x7D 0xF4 0xF3 0x48 ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613@d0c1b100e26b 0x87 0x90 0x7F 0xD4 ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613@bcc6dbd3de3a 0xEE 0x17 0x4D 0x9B ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613@3cc243ceadc1 0xFA 0x38 0xC7 0x4A ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613@244b81dd60d3 0x34 0x05 0xB8 0x59 ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00225f4ec613@b85a73737a3c 0x4F 0x28 0xFD 0x90 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0xE5 0xC9 0x58 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xB4 0x56 0xE3 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xA8 0xAB 0x22 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x9E 0x38 0x8B ... ---- EOF - GMER 2.1 ----