GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-12 15:21:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60ZAT1 rev.02.01A02 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\Mati\AppData\Local\Temp\aftciaoc.sys ---- Kernel code sections - GMER 2.1 ---- PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff88001a1c4a0 12 bytes {MOV RAX, 0xfffffa80036b92a0; JMP RAX} .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88003f8fd8c 12 bytes {MOV RAX, 0xfffffa8004f7e2a0; JMP RAX} .text C:\Windows\System32\win32k.sys!EngCreatePalette + 256 fffff960000580d0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 788 fffff9600006ff60 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 900 fffff9600006ffd0 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000124900 7 bytes [00, 99, F3, FF, 41, AC, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000124908 3 bytes [00, 07, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes JMP 760cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes JMP 760cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes JMP 76148ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes CALL 760a48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes JMP 761487a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes JMP 76148978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes JMP 76148698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes JMP 76148a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes JMP 760bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes JMP 760c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes JMP 76148f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes JMP 76148ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes JMP 7614865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes JMP 760bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes JMP 760cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes JMP 76148e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes JMP 761485f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 00000000715a1825 2 bytes JMP 76206125 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 00000000715a1830 2 bytes JMP 76206145 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 00000000715a183b 2 bytes JMP 76206165 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 00000000715a1846 2 bytes JMP 76205a05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 00000000715a1851 2 bytes JMP 76206185 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 00000000715a185c 2 bytes JMP 76206265 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 00000000715a1867 2 bytes JMP 76206285 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 00000000715a1872 2 bytes JMP 762062a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 00000000715a187d 2 bytes JMP 762062c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 00000000715a1888 2 bytes JMP 76205a25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 00000000715a1893 2 bytes JMP 762062e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 00000000715a189e 2 bytes JMP 76205aa5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 00000000715a18a9 2 bytes JMP 76206305 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 00000000715a18b4 2 bytes JMP 76206325 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 00000000715a18bf 2 bytes JMP 761d1fcb C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 00000000715a18ca 2 bytes JMP 76206365 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 00000000715a18d5 2 bytes JMP 76205ac5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 00000000715a18e0 2 bytes JMP 76205b45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 00000000715a18eb 2 bytes JMP 76205b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 00000000715a18f6 2 bytes JMP 762068c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 00000000715a1901 2 bytes JMP 76205a85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 00000000715a190c 2 bytes JMP 762068e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 00000000715a1917 2 bytes JMP 76206925 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 00000000715a1922 2 bytes JMP 76205ae5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 00000000715a192d 2 bytes JMP 76206945 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 00000000715a1938 2 bytes JMP 76206965 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 00000000715a1943 2 bytes JMP 76206985 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 00000000715a194e 2 bytes JMP 762069a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 00000000715a1959 2 bytes JMP 762069c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 00000000715a1964 2 bytes JMP 762069e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 00000000715a196f 2 bytes JMP 76206a05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 00000000715a197a 2 bytes JMP 76206a25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 00000000715a1985 2 bytes JMP 76206a45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 00000000715a1990 2 bytes JMP 76206a65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 00000000715a199b 2 bytes JMP 76206a85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 00000000715a19a6 2 bytes JMP 76206aa5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 00000000715a19b1 2 bytes JMP 76206ac5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 00000000715a19bc 2 bytes JMP 76206ae5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 00000000715a19c7 2 bytes JMP 76206b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 00000000715a19d2 2 bytes JMP 76206b25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 00000000715a19dd 2 bytes JMP 76205b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 00000000715a19e8 2 bytes JMP 76206b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 00000000715a19f3 2 bytes JMP 76206b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 00000000715a19fe 2 bytes JMP 76206bc3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 00000000715a1a09 2 bytes JMP 76206be3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 00000000715a1a14 2 bytes JMP 76206c03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 00000000715a1a1f 2 bytes JMP 76205b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 00000000715a1a2a 2 bytes JMP 76206c23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 00000000715a1a35 2 bytes JMP 76206c43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 00000000715a1a40 2 bytes JMP 76206c63 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 00000000715a1a4b 2 bytes JMP 76206c83 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 00000000715a1a56 2 bytes JMP 76206ca3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 00000000715a1a61 2 bytes JMP 76206cc3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 00000000715a1a6c 2 bytes JMP 76205ba5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 00000000715a1a77 2 bytes JMP 76206ce3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 00000000715a1a82 2 bytes JMP 76206d03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[2268] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 00000000715a1ab2 2 bytes JMP 7516dc75 C:\Windows\syswow64\msvcrt.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010d85b0] \SystemRoot\System32\Drivers\spkv.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010d853c] \SystemRoot\System32\Drivers\spkv.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800109d35c] \SystemRoot\System32\Drivers\spkv.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800109d224] \SystemRoot\System32\Drivers\spkv.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800109da24] \SystemRoot\System32\Drivers\spkv.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800109dba0] \SystemRoot\System32\Drivers\spkv.sys [unknown section] IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88002b4dec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80043c72c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80043c72c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80043c72c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80043c72c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80043c72c0 Device \Driver\azoet58m \Device\Scsi\azoet58m1 fffffa80050192c0 Device \Driver\azoet58m \Device\Scsi\azoet58m1Port3Path0Target0Lun0 fffffa80050192c0 Device \FileSystem\Ntfs \Ntfs fffffa80043fd2c0 Device \FileSystem\fastfat \Fat fffffa8004f382c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8004f802c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa8004f822c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8004f802c0 Device \Driver\cdrom \Device\CdRom0 fffffa80053642c0 Device \Driver\cdrom \Device\CdRom1 fffffa80053642c0 Device \Driver\USBSTOR \Device\000000b4 fffffa80038732c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8004f802c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004f802c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa8004f822c0 Device \Driver\USBSTOR \Device\000000b5 fffffa80038732c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa8004f822c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8004f802c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8004f802c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80036bd2c0 Device \Driver\volmgr \Device\FtControl fffffa80036bd2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa80036bd2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80036bd2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80036bd2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1BD9C021-8D4B-4A0E-8772-9D1CADB22517} fffffa8004c892c0 Device \Driver\volmgr \Device\HarddiskVolume4 fffffa80036bd2c0 Device \Driver\volmgr \Device\HarddiskVolume5 fffffa80036bd2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004c892c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa8004f822c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80043c72c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8004f802c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FFF96950-9F42-4BB5-A5CE-C350B140F140} fffffa8004c892c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80043c72c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004f802c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1386942E-EF34-408A-9AA9-C7CA95B2F2A2} fffffa8004c892c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{433EA64C-17FC-4DC0-AC3B-4823E5C72B01} fffffa8004c892c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80043c72c0 Device \Driver\azoet58m \Device\ScsiPort3 fffffa80050192c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80043c72c0]<< spkv.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80043c72c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004784660] fffffa8004784660 Trace 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa8004783950] fffffa8004783950 Trace 5 hpdskflt.sys[fffff88002457289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046fc060] fffffa80046fc060 Trace \Driver\atapi[0xfffffa800445ce70] -> IRP_MJ_CREATE -> 0xfffffa80043c72c0 fffffa80043c72c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\azoet58m.SYS fffff880054bd000-fffff88005501000 (278528 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271342d5fe Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x56 0xA6 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0xE0 0xC2 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC4 0x33 0x07 0x9E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271342d5fe (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x56 0xA6 0x4C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0xE0 0xC2 0xDA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC4 0x33 0x07 0x9E ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----