GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-26 17:00:28 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC45 931,51GB Running: gmer.exe; Driver: C:\Users\Andrzej\AppData\Local\Temp\pxldrpob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!GetSysColor 0000000074c06c3c 1 byte JMP 0000000070d45140 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!GetSysColor + 2 0000000074c06c3e 3 bytes {JMP RSP} .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000074c07004 7 bytes JMP 0000000070d4a270 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c08342 5 bytes JMP 0000000070d4a2b0 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!GetSysColorBrush 0000000074c135b4 5 bytes JMP 0000000070d451a0 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!GetScrollInfo 0000000074c14028 7 bytes JMP 0000000070d42280 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!SetScrollInfo 0000000074c140df 7 bytes JMP 0000000070d42370 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!ShowScrollBar 0000000074c14172 5 bytes JMP 0000000070d42430 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!GetScrollPos 0000000074c14244 5 bytes JMP 0000000070d422c0 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!SetScrollPos 0000000074c187b5 5 bytes JMP 0000000070d423b0 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!EnableScrollBar 0000000074c18d4a 7 bytes JMP 0000000070d42240 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!GetScrollRange 0000000074c190d4 5 bytes JMP 0000000070d42330 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe[1820] C:\Windows\syswow64\USER32.dll!SetScrollRange 0000000074c2d51f 5 bytes JMP 0000000070d423f0 .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 75e8b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 75e8b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 75f090f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 75e648ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 75f089ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 75f08bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 75f088e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 75f08caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 75e7fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 75e86937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 75f091a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 75f08d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 75f088a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 75e7fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 75e8b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 75f0906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 75f08839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007729f11a 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 75e8b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 75e8b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 75f090f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 75e648ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 75f089ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 75f08bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 75f088e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 75f08caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 75e7fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 75e86937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 75f091a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 75f08d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 75f088a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 75e7fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 75e8b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 75f0906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 75f08839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 75e8b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 75e8b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 75f090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 75e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 75f089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 75f08bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 75f088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 75f08caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 75e7fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 75e86937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 75f091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 75f08d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 75f088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 75e7fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 75e8b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 75f0906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 75f08839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 75e8b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 75e8b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 75f090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 75e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 75f089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 75f08bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 75f088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 75f08caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 75e7fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 75e86937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 75f091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 75f08d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 75f088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 75e7fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 75e8b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 75f0906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 75f08839 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001032e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001032c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001033614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001033a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800103386c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 fffffa80040322c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80040322c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80040322c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80040322c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80040322c0 Device \FileSystem\Ntfs \Ntfs fffffa80040362c0 Device \FileSystem\fastfat \Fat fffffa80063c62c0 Device \Driver\usbuhci \Device\USBFDO-3 fffffa8004bfc2c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8004bfc2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80048d92c0 Device \Driver\cdrom \Device\CdRom1 fffffa80048d92c0 Device \Driver\usbehci \Device\USBFDO-4 fffffa8004cdb2c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8004bfc2c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8004bfc2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FCBD3FC4-A990-4707-AD63-41CD0CC03C31} fffffa800498a2c0 Device \Driver\usbuhci \Device\USBPDO-3 fffffa8004bfc2c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8004bfc2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2964E1AC-7405-4475-B01F-597F232C4993} fffffa800498a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1F624317-B214-4941-945A-3A05800A8F60} fffffa800498a2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800498a2c0 Device \Driver\usbehci \Device\USBPDO-4 fffffa8004cdb2c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8004bfc2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80040322c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8004bfc2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80040322c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80040322c0]<< sptd.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80040322c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004660060] fffffa8004660060 Trace 3 CLASSPNP.SYS[fffff880015cc43f] -> nt!IofCallDriver -> [0xfffffa800366ae40] fffffa800366ae40 Trace 5 ACPI.sys[fffff880011597a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004146060] fffffa8004146060 Trace \Driver\atapi[0xfffffa8004140e70] -> IRP_MJ_CREATE -> 0xfffffa80040322c0 fffffa80040322c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0xDD 0x5F 0x33 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\E0DC4F87C546594C8B253159C12C6B86 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\E0DC4F87C546594C8B253159C12C6B86@p0 C:\Program Files (x86)\DAEMON Tools Ultra\ Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCBD3FC4-A990-4707-AD63-41CD0CC03C31}@LeaseObtainedTime 1464274617 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCBD3FC4-A990-4707-AD63-41CD0CC03C31}@T1 1464274647 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCBD3FC4-A990-4707-AD63-41CD0CC03C31}@T2 1464274669 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCBD3FC4-A990-4707-AD63-41CD0CC03C31}@LeaseTerminatesTime 1464274677 Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{fcbd3fc4-a990-4707-ad63-41cd0cc03c31}@Dhcpv6MaxLeaseExpireTime 1464274701 Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{fcbd3fc4-a990-4707-ad63-41cd0cc03c31}@Dhcpv6LeaseObtainedTime 1464274641 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0xDD 0x5F 0x33 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\E0DC4F87C546594C8B253159C12C6B86 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\E0DC4F87C546594C8B253159C12C6B86@p0 C:\Program Files (x86)\DAEMON Tools Ultra\ ---- EOF - GMER 2.2 ----