GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-29 19:18:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5 SAMSUNG_HD322IJ rev.1AC01113 298,09GB Running: khi2g2o8.exe; Driver: C:\Users\nostra\AppData\Local\Temp\uwrdqpob.sys ---- User code sections - GMER 2.2 ---- .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\awna\awna.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[592] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076908791 4 bytes [C2, 04, 00, 00] .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\RocketDock\RocketDock.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\nostra\AppData\Local\Innkeeper\app-0.3.0\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765b1401 2 bytes JMP 7692b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765b1419 2 bytes JMP 7692b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765b1431 2 bytes JMP 769a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765b144a 2 bytes CALL 769048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765b14dd 2 bytes JMP 769a89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765b14f5 2 bytes JMP 769a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765b150d 2 bytes JMP 769a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765b1525 2 bytes JMP 769a8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765b153d 2 bytes JMP 7691fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765b1555 2 bytes JMP 76926937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765b156d 2 bytes JMP 769a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765b1585 2 bytes JMP 769a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765b159d 2 bytes JMP 769a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765b15b5 2 bytes JMP 7691fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765b15cd 2 bytes JMP 7692b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765b16b2 2 bytes JMP 769a906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765b16bd 2 bytes JMP 769a8839 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001017e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001017c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001018654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001018a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010188ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039ab2c0 Device \FileSystem\Ntfs \Ntfs fffffa80043162c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa800517d2c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa800501a2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa800517d2c0 Device \Driver\USBSTOR \Device\00000078 fffffa8005d922c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa800501a2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004d7a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D7428111-7E0A-412A-A6F7-A697A0C3D58F} fffffa8004e8b2c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa800501a2c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa800501a2c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa800501a2c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa800501a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{A79FD7BC-578B-41BD-BBCA-A028A18EB9EC} fffffa8004e8b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{08FFCAEA-C339-4DD0-A49C-085D613C0AF4} fffffa8004e8b2c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa800517d2c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa800501a2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa800517d2c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa800501a2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004e8b2c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa800501a2c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa800501a2c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa800501a2c0 Device \Driver\USBSTOR \Device\00000077 fffffa8005d922c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039ab2c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa800501a2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80039ab2c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039ab2c0]<< sptd.sys ataport.SYS pciide.sys fffffa80039ab2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004972060] fffffa8004972060 Trace 3 CLASSPNP.SYS[fffff880014a543f] -> nt!IofCallDriver -> [0xfffffa800441ce40] fffffa800441ce40 Trace 5 ACPI.sys[fffff8800113c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa8004456680] fffffa8004456680 Trace \Driver\atapi[0xfffffa800440be70] -> IRP_MJ_CREATE -> 0xfffffa80039ab2c0 fffffa80039ab2c0 ---- EOF - GMER 2.2 ----