GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-01 11:03:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: p1g7sup2.exe; Driver: C:\Users\Sebash\AppData\Local\Temp\fwldipow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800045ed000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800045ed02f 17 bytes [00, 01, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3c8ef0 6 bytes JMP 000007fffd3b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3daf60 5 bytes JMP 000007fffd3b0110 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[3052] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[3052] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[3052] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3c8ef0 6 bytes JMP 000007fffd3b0148 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[3052] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3daf60 5 bytes JMP 000007fffd3b0110 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[3052] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdb689e0 8 bytes JMP 000007fffd3b01f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[3052] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdb6be40 8 bytes JMP 000007fffd3b01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007712a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077133f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\kernel32.dll!RegDeleteValueW 000000007714ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007715f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077189a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000771994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000771b87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3c8ef0 6 bytes JMP 000007fffd3b0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1028] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3daf60 5 bytes JMP 000007fffd3b0110 .text C:\Windows\System32\igfxpers.exe[1468] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180 .text C:\Windows\System32\igfxpers.exe[1468] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8 .text C:\Windows\System32\igfxpers.exe[1468] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3c8ef0 6 bytes JMP 000007fffd3b0148 .text C:\Windows\System32\igfxpers.exe[1468] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3daf60 5 bytes JMP 000007fffd3b0110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e61f0e 7 bytes JMP 0000000171c43df0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e65bad 7 bytes JMP 0000000171c44100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e71409 7 bytes JMP 0000000171c43f30 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e7ea45 7 bytes JMP 0000000171c43de0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f08e24 7 bytes JMP 0000000171c43b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f08ea9 5 bytes JMP 0000000171c43c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f091ff 5 bytes JMP 0000000171c43b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fb1d29 5 bytes JMP 0000000171c43ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fb1dd7 5 bytes JMP 0000000171c43a90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fb2ab1 5 bytes JMP 0000000171c43c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fb2d17 5 bytes JMP 0000000171c43870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 0000000171c43350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 0000000171c437f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 0000000171c43860 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752c07d7 5 bytes JMP 0000000171c43280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 0000000171c437e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074f6e96b 5 bytes JMP 0000000171c433c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074f6eba5 5 bytes JMP 0000000171c433d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ad5ea5 5 bytes JMP 0000000171c43300 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 5 bytes JMP 0000000171c43290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1596] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1596] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1596] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3c8ef0 6 bytes JMP 000007fffd3b0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1596] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3daf60 5 bytes JMP 000007fffd3b0110 .text C:\windows\system32\PING.EXE[1976] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180 .text C:\windows\system32\PING.EXE[1976] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8 .text C:\windows\system32\PING.EXE[1976] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3c8ef0 6 bytes JMP 000007fffd3b0148 .text C:\windows\system32\PING.EXE[1976] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3daf60 5 bytes JMP 000007fffd3b0110 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e61f0e 7 bytes JMP 0000000171c43df0 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e65bad 7 bytes JMP 0000000171c44100 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e71409 7 bytes JMP 0000000171c43f30 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e7ea45 7 bytes JMP 0000000171c43de0 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f08e24 7 bytes JMP 0000000171c43b50 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f08ea9 5 bytes JMP 0000000171c43c00 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f091ff 5 bytes JMP 0000000171c43b60 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fb1d29 5 bytes JMP 0000000171c43ae0 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fb1dd7 5 bytes JMP 0000000171c43a90 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fb2ab1 5 bytes JMP 0000000171c43c10 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fb2d17 5 bytes JMP 0000000171c43870 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\user32.DLL!CreateWindowExW 0000000075278a29 5 bytes JMP 0000000171c43350 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 0000000171c437f0 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 0000000171c43860 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\user32.DLL!ChangeDisplaySettingsExW 00000000752c07d7 5 bytes JMP 0000000171c43280 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 0000000171c437e0 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074f6e96b 5 bytes JMP 0000000171c433c0 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074f6eba5 5 bytes JMP 0000000171c433d0 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000074e91401 2 bytes JMP 000000010579a47a .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000074e91419 2 bytes JMP 000000010579a492 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000074e91431 2 bytes JMP 000000010579a4aa .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000074e9144a 2 bytes JMP 0000000074f5fcc3 .text ... * 9 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000074e914dd 2 bytes JMP 000000010579a556 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000074e914f5 2 bytes JMP 000000010579a56e .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000074e9150d 2 bytes JMP 000000010579a586 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000074e91525 2 bytes JMP 000000010579a59e .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000074e9153d 2 bytes JMP 000000010579a5b6 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000074e91555 2 bytes JMP 000000010579a5ce .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000074e9156d 2 bytes JMP 000000010579a5e6 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000074e91585 2 bytes JMP 000000010579a5fe .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000074e9159d 2 bytes JMP 000000010579a616 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000074e915b5 2 bytes JMP 000000010579a62e .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000074e915cd 2 bytes JMP 000000015b37ce46 .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000074e916b2 2 bytes JMP 000000010579a72b .text C:\Users\Sebash\Downloads\OTL.exe[4688] C:\windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000074e916bd 2 bytes JMP 000000010579a736 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e61f0e 7 bytes JMP 0000000171c43df0 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e65bad 7 bytes JMP 0000000171c44100 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e71409 7 bytes JMP 0000000171c43f30 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e7ea45 7 bytes JMP 0000000171c43de0 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f08e24 7 bytes JMP 0000000171c43b50 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f08ea9 5 bytes JMP 0000000171c43c00 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f091ff 5 bytes JMP 0000000171c43b60 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fb1d29 5 bytes JMP 0000000171c43ae0 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fb1dd7 5 bytes JMP 0000000171c43a90 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fb2ab1 5 bytes JMP 0000000171c43c10 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fb2d17 5 bytes JMP 0000000171c43870 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074f6e96b 5 bytes JMP 0000000171c433c0 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074f6eba5 5 bytes JMP 0000000171c433d0 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 0000000171c43350 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 0000000171c437f0 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 0000000171c43860 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752c07d7 5 bytes JMP 0000000171c43280 .text C:\Users\Sebash\Downloads\p1g7sup2.exe[4980] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 0000000171c437e0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010cde94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010cdc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010ce614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010cea10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010ce86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\winlogon.exe[788] @ C:\windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefb422960] c:\windows\system32\uxtuneup.dll IAT C:\windows\system32\winlogon.exe[788] @ C:\windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefb422840] c:\windows\system32\uxtuneup.dll IAT C:\windows\system32\winlogon.exe[788] @ C:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefb422960] c:\windows\system32\uxtuneup.dll IAT C:\windows\system32\winlogon.exe[788] @ C:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefb422840] c:\windows\system32\uxtuneup.dll IAT C:\windows\system32\svchost.exe[1056] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefb422960] c:\windows\system32\uxtuneup.dll IAT C:\windows\system32\svchost.exe[1056] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefb422840] c:\windows\system32\uxtuneup.dll IAT C:\windows\system32\svchost.exe[1056] @ C:\windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefb422960] c:\windows\system32\uxtuneup.dll IAT C:\windows\system32\svchost.exe[1056] @ C:\windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefb422840] c:\windows\system32\uxtuneup.dll ---- Devices - GMER 2.1 ---- Device \Driver\a4oquhr6 \Device\Scsi\a4oquhr61 fffffa80070792c0 Device \FileSystem\Ntfs \Ntfs fffffa80039a82c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800704c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80065112c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F6F1CC74-2965-4938-8C3C-C4537A758148} fffffa80046202c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{A7ED0A60-4DEE-4273-96EC-41B0462A71E6} fffffa80046202c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800704c2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa800650c2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800704c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3E14689F-3F75-4019-8CC6-AB803C3D5865} fffffa80046202c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80046202c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800704c2c0 Device \Driver\a4oquhr6 \Device\ScsiPort5 fffffa80070792c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a4oquhr6.SYS fffff8800f200000-fffff8800f251000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xC9 0x7B 0xBA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x60 0x67 0x30 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0x64 0x99 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xC9 0x7B 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEE 0x42 0x1C 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0x64 0x99 0x59 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xC9 0x7B 0xBA ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x60 0x67 0x30 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0x64 0x99 0x59 ... ---- EOF - GMER 2.1 ----