GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-06 17:20:16 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3500418AS rev.CC38 Running: pb046xr8.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 826495C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8266E092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 00, 0C, 00] {SUB [EAX], AL; OR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtMapViewOfSection + 6 77164D16 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 03, 0C, 00] {SUB [EBX], AL; OR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 00, 0C, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 01, 0C, 00] {TEST AL, 0x1; OR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 02, 0C, 00] {TEST AL, 0x2; OR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 01, 0C, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 02, 0C, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 00, 0C, 00] {TEST AL, 0x0; OR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 01, 0C, 00] {SUB [ECX], AL; OR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 02, 0C, 00] {SUB [EDX], AL; OR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 03, 0C, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1240] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 00, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 6 77164D16 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 03, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 00, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 01, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 02, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 01, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 02, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 00, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 01, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 02, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 03, 25, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1264] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 00, 34, 00] {SUB [EAX], AL; XOR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtMapViewOfSection + 6 77164D16 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 03, 34, 00] {SUB [EBX], AL; XOR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 00, 34, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 01, 34, 00] {TEST AL, 0x1; XOR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 02, 34, 00] {TEST AL, 0x2; XOR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 01, 34, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 02, 34, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 00, 34, 00] {TEST AL, 0x0; XOR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 01, 34, 00] {SUB [ECX], AL; XOR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 02, 34, 00] {SUB [EDX], AL; XOR AL, 0x0} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 03, 34, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1332] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 00, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtMapViewOfSection + 6 77164D16 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 03, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 00, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 01, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 02, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 01, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 02, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 00, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 01, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 02, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 03, 4D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 00, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 77164D16 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 03, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 00, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 01, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 02, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 01, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 02, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 00, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 01, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 02, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 03, 2E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 00, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + 6 77164D16 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 03, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 00, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 01, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 02, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 01, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 02, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 00, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 01, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 02, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 03, 1E, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtCreateFile + 6 771646B6 4 Bytes [28, 00, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtCreateFile + B 771646BB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtMapViewOfSection + 6 77164D16 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtMapViewOfSection + 6 77164D16 4 Bytes [28, 03, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtMapViewOfSection + B 77164D1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenFile + 6 77164DC6 4 Bytes [68, 00, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenFile + B 77164DCB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcess + 6 77164E76 4 Bytes [A8, 01, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcess + B 77164E7B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcessToken + B 77164E8B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcessTokenEx + 6 77164E96 4 Bytes [A8, 02, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcessTokenEx + B 77164E9B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThread + 6 77164EF6 4 Bytes [68, 01, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThread + B 77164EFB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThreadToken + 6 77164F06 4 Bytes [68, 02, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThreadToken + B 77164F0B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThreadTokenEx + B 77164F1B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtQueryAttributesFile + 6 77165026 4 Bytes [A8, 00, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtQueryAttributesFile + B 7716502B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtQueryFullAttributesFile + B 771650DB 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationFile + 6 77165726 4 Bytes [28, 01, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationFile + B 7716572B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationThread + 6 77165786 4 Bytes [28, 02, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationThread + B 7716578B 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtUnmapViewOfSection + 6 77165AA6 4 Bytes [68, 03, 1F, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtUnmapViewOfSection + B 77165AAB 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F32494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F15624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F3250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F28573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F24D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F28819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F2907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F2E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F24C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000061 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x45 0x3E 0xB7 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0x89 0x87 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x25 0x81 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x66 0x0D 0xF7 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xEE 0x8A 0xB7 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0x24 0x8B 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0x3E 0x1A 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x3A 0x8F 0x95 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x45 0x3E 0xB7 0x73 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0x89 0x87 0x25 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x25 0x81 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x66 0x0D 0xF7 0x27 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xEE 0x8A 0xB7 0x09 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0x24 0x8B 0x83 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0x3E 0x1A 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x3A 0x8F 0x95 ... ---- EOF - GMER 1.0.15 ----