GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-14 18:15:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 KINGSTON_SH103S3120G rev.0953 111,79GB Running: 8mw6vq41.exe; Driver: C:\Users\tomicher\AppData\Local\Temp\pfrdrkod.sys ---- User code sections - GMER 2.1 ---- .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077791401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077791419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077791431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007779144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777914dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777914f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007779150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077791525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007779153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077791555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007779156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077791585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007779159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777915b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777915cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777916b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\TSv\TSvr.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777916bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077791401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077791419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077791431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007779144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777914dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777914f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007779150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077791525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007779153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077791555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007779156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077791585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007779159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777915b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777915cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777916b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777916bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077791401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077791419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077791431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007779144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777914dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777914f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007779150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077791525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007779153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077791555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007779156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077791585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007779159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777915b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777915cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777916b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777916bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077791401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077791419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077791431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007779144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000777914dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000777914f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007779150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077791525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007779153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077791555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007779156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077791585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007779159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000777915b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000777915cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000777916b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3352] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000777916bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077791401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077791419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077791431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007779144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777914dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777914f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007779150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077791525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007779153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077791555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007779156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077791585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007779159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777915b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777915cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777916b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777916bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077791401 2 bytes JMP 7762b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077791419 2 bytes JMP 7762b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077791431 2 bytes JMP 776a8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007779144a 2 bytes CALL 7760489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777914dd 2 bytes JMP 776a88c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777914f5 2 bytes JMP 776a8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007779150d 2 bytes JMP 776a87ba C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077791525 2 bytes JMP 776a8b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007779153d 2 bytes JMP 7761fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077791555 2 bytes JMP 776268ef C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007779156d 2 bytes JMP 776a9089 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077791585 2 bytes JMP 776a8bea C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007779159d 2 bytes JMP 776a877e C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777915b5 2 bytes JMP 7761fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777915cd 2 bytes JMP 7762b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777916b2 2 bytes JMP 776a8f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\tomicher\AppData\Roaming\Spotify\Spotify.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777916bd 2 bytes JMP 776a8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe[4564] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077dd000c 1 byte [C3] .text C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe[4564] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077e5fbaa 5 bytes JMP 0000000177e19c63 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001060e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001060c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001061654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001061a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010618ac] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoStartTimer] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeSetEvent] [f80348078bc87218] [unknown section] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoCancelIrp] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoStopTimer] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!_vsnwprintf] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IofCompleteRequest] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoInitializeTimer] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!MmUnlockPages] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!EtwRegister] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\au3gxv2b.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdePort4 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-9 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa80060d82c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80060d82c0 Device \Driver\au3gxv2b \Device\Scsi\au3gxv2b1 fffffa8006f282c0 Device \Driver\au3gxv2b \Device\Scsi\au3gxv2b1Port6Path0Target0Lun0 fffffa8006f282c0 Device \FileSystem\Ntfs \Ntfs fffffa80063752c0 Device \FileSystem\fastfat \Fat fffffa800823b2c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa8006e8a2c0 Device \Driver\USBSTOR \Device\00000078 fffffa80076a32c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8006e6a2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8006e8a2c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8006e6a2c0 Device \Driver\USBSTOR \Device\00000074 fffffa80076a32c0 Device \Driver\cdrom \Device\CdRom0 fffffa8006c742c0 Device \Driver\cdrom \Device\CdRom1 fffffa8006c742c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8BF5A442-65E9-479E-B892-498050F6F8AE} fffffa8006c7e2c0 Device \Driver\cdrom \Device\CdRom2 fffffa8006c742c0 Device \Driver\dtsoftbus01 \Device\00000065 fffffa8006c132c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8006e6a2c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8006e6a2c0 Device \Driver\USBSTOR \Device\00000075 fffffa80076a32c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8006e6a2c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8006e6a2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8006c132c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D8E02A64-5BAF-4807-80C1-DC532C0CE626} fffffa8006c7e2c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa8006e8a2c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8006e6a2c0 Device \Driver\USBSTOR \Device\00000076 fffffa80076a32c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8006e8a2c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8006e6a2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006c7e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2AC81CD2-9270-4917-91FB-2F50E186AB5B} fffffa8006c7e2c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8006e6a2c0 Device \Driver\USBSTOR \Device\00000077 fffffa80076a32c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8006e6a2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80060d82c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8006e6a2c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8006e6a2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80060d82c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80060d82c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80060d82c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80060d82c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80060d82c0 Device \Driver\au3gxv2b \Device\ScsiPort6 fffffa8006f282c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\au3gxv2b.SYS (USB Mass Storage Class Driver/Microsoft Corporation)(2015-06-16 09:12:36) fffff88006f9a000-fffff88006feb000 (331776 bytes) ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0CE1934-9424-4478-ACC7-C653000C9405}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [832] 000007fefba90000 Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0CE1934-9424-4478-ACC7-C653000C9405}\offreg.832.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [832] 000007fef1660000 Process C:\ProgramData\iWdMi\WdMan.exe (*** suspicious ***) @ C:\ProgramData\iWdMi\WdMan.exe [2760] (TFuns/TFuns LIMITED)(2015-12-10 03:01:38) 0000000001330000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001986000a4b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001986000a4b@001f5bf9d50d 0x7F 0x5F 0xA1 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001986000a4b@78ca39f760f3 0x7F 0xBA 0xB5 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD7 0x43 0x98 0x66 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x17 0xBB 0x3D 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x74 0x65 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB1 0x25 0xC7 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001986000a4b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001986000a4b@001f5bf9d50d 0x7F 0x5F 0xA1 0xD2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001986000a4b@78ca39f760f3 0x7F 0xBA 0xB5 0x53 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD7 0x43 0x98 0x66 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x17 0xBB 0x3D 0x93 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x74 0x65 0x96 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB1 0x25 0xC7 0xB6 ... ---- EOF - GMER 2.1 ----