GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-14 12:02:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4C 931,51GB Running: kpmuqvxb.exe; Driver: C:\Users\Saszka\AppData\Local\Temp\uwddypow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff8800422930c 12 bytes {MOV RAX, 0xfffffa800514d2a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1896] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ChomikBox\chomikbox.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3832] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\LaserController.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lighter\6.2\laserengine.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767a1401 2 bytes JMP 76a2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767a1419 2 bytes JMP 76a2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767a1431 2 bytes JMP 76aa9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767a144a 2 bytes CALL 76a04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767a14dd 2 bytes JMP 76aa8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767a14f5 2 bytes JMP 76aa8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767a150d 2 bytes JMP 76aa8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767a1525 2 bytes JMP 76aa8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767a153d 2 bytes JMP 76a1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767a1555 2 bytes JMP 76a26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767a156d 2 bytes JMP 76aa9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767a1585 2 bytes JMP 76aa8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767a159d 2 bytes JMP 76aa88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767a15b5 2 bytes JMP 76a1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767a15cd 2 bytes JMP 76a2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767a16b2 2 bytes JMP 76aa90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767a16bd 2 bytes JMP 76aa8891 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88000eabf1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88000eabcc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88000eac69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88000eaca98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88000eac8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80040622c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80040622c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80040622c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80040622c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80040622c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80040622c0 Device \Driver\a2mt7ru3 \Device\Scsi\a2mt7ru31 fffffa80052222c0 Device \Driver\a2mt7ru3 \Device\Scsi\a2mt7ru31Port4Path0Target0Lun0 fffffa80052222c0 Device \FileSystem\Ntfs \Ntfs fffffa80040662c0 Device \Driver\usbohci \Device\USBPDO-5 fffffa800514f2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80051aa2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3FD9081E-9701-4AF3-868B-882F9C3DC5DD} fffffa800467a2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80051aa2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F10E8ACE-FD45-4B6C-9DCC-FA82C3D748BC} fffffa800467a2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80046b12c0 Device \Driver\cdrom \Device\CdRom1 fffffa80046b12c0 Device \Driver\usbehci \Device\USBPDO-6 fffffa80051aa2c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa800514f2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa800514f2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa800514f2c0 Device \Driver\usbohci \Device\USBFDO-5 fffffa800514f2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80051aa2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80051aa2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1B506835-7FB6-426D-8DBA-4DF141CE017B} fffffa800467a2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800467a2c0 Device \Driver\usbehci \Device\USBFDO-6 fffffa80051aa2c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa800514f2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80040622c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa800514f2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa800514f2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80040622c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80040622c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80040622c0 Device \Driver\a2mt7ru3 \Device\ScsiPort4 fffffa80052222c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80040622c0]<< sptd.sys ataport.SYS pciide.sys fffffa80040622c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043e9060] fffffa80043e9060 Trace 3 CLASSPNP.SYS[fffff8800122543f] -> nt!IofCallDriver -> [0xfffffa8004183520] fffffa8004183520 Trace 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800417f680] fffffa800417f680 Trace \Driver\atapi[0xfffffa800416ebf0] -> IRP_MJ_CREATE -> 0xfffffa80040622c0 fffffa80040622c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\a2mt7ru3.SYS fffff88004503000-fffff88004554000 (331776 bytes) ---- Threads - GMER 2.2 ---- Thread C:\Windows\SysWOW64\svchost.exe [2656:1640] 0000000000452acf Thread C:\Windows\SysWOW64\svchost.exe [2656:3536] 0000000000452acf Thread C:\Windows\SysWOW64\svchost.exe [2656:2132] 0000000000452acf Thread C:\Windows\SysWOW64\svchost.exe [2656:3036] 0000000000452acf Thread C:\Windows\SysWOW64\svchost.exe [2656:736] 0000000000452acf Thread C:\Windows\system32\CompatTelRunner.exe [3808:2240] 000007fef482b660 Thread C:\Windows\system32\svchost.exe [3268:3548] 000007fef909e8c4 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\Daemon Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x12 0xD8 0x4A 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0xCA 0x19 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x78 0x5A 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\Daemon Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x12 0xD8 0x4A 0x5B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0xCA 0x19 0x01 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x78 0x5A 0xC4 ... ---- EOF - GMER 2.2 ----