GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-04 19:14:45 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000068 SAMSUNG_ rev.1AG0 465,76GB Running: dh4t1k7m.exe; Driver: C:\Users\SZYMON~1.USE\AppData\Local\Temp\aftcaaob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xCE63F3D4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xC939CA0A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xCE63FEB2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xCE64C28A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xCE64C2D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xCE64C470] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xCE64C1F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xCE64C31A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xCE64C240] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xCE6403E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0xCE640604] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xCE64C42A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xCE640CA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xCE63F43A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xCE643E32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xC939CAE2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xCE63F026] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xC939CEC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xCE63F4A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xCE644228] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xCE6417E4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xCE64C2B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xCE64C2F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xCE64C494] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xCE64C21E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xCE64372A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xCE64C3A8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xCE64C268] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xCE643B16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xCE64C44E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xC939CC62] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xCE6415FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0xCE64130A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xCE63F506] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xCE63F56C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xCE640B1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xCE63F0C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xCE63F292] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xCE63F220] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xCE640E6A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xCE640FCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xCE63F31A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xCE640958] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xCE640AFA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xC9399CA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xCE63F5D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xCE63FF0E] INT 0x52 ? C3930A58 INT 0x61 ? C2E862D8 INT 0x62 ? C39307D8 INT 0x72 ? C3930558 INT 0x82 ? C2E86558 INT 0x92 ? C2E867D8 INT 0xA2 ? C2E86A58 INT 0xA3 ? C3930CD8 INT 0xB1 ? C2E86CD8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 E3246B55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E3280BB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB E3287FB0 4 Bytes [D4, F3, 63, CE] {AAM 0xf3; ARPL SI, CX} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 E3287FD8 4 Bytes [0A, CA, 39, C9] {OR CL, DL; CMP ECX, ECX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 E3288038 4 Bytes [B2, FE, 63, CE] {MOV DL, 0xfe; ARPL SI, CX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 E328808C 8 Bytes [8A, C2, 64, CE, D6, C2, 64, ...] {MOV AL, DL; INTO ; SALC ; RET 0xce64} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 E3288098 4 Bytes [70, C4, 64, CE] {JO 0xffffffc6; INTO } .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 114 E3445DAB 4 Bytes CALL CE641E73 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 132 E345FC8B 4 Bytes CALL CE641E89 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0xC8AE3774] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xE0E2E300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xE0E71300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1308] kernel32.dll!SetUnhandledExceptionFilter 755EF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.45\deploy\LoLPatcher.exe[2208] kernel32.dll!SetUnhandledExceptionFilter 755EF5FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4840] kernel32.dll!SetUnhandledExceptionFilter 755EF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + 6 77255D16 4 Bytes [18, 20, E5, 67] {SBB [EAX], AH; IN EAX, 0x67} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + B 77255D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!LdrUnloadDll 7726CBCE 5 Bytes JMP 001803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!LdrLoadDll 77272576 5 Bytes JMP 001801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtCreateFile + 6 772556B6 4 Bytes [28, 4C, 22, 00] {SUB [EDX+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtCreateFile + B 772556BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtMapViewOfSection + 6 77255D16 4 Bytes [28, 4F, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtMapViewOfSection + B 77255D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenFile + 6 77255DC6 4 Bytes [68, 4C, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenFile + B 77255DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenProcess + 6 77255E76 4 Bytes [A8, 4D, 22, 00] {TEST AL, 0x4d; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenProcess + B 77255E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenProcessToken + B 77255E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenProcessTokenEx + 6 77255E96 4 Bytes [A8, 4E, 22, 00] {TEST AL, 0x4e; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenProcessTokenEx + B 77255E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenThread + 6 77255EF6 4 Bytes [68, 4D, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenThread + B 77255EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenThreadToken + 6 77255F06 4 Bytes [68, 4E, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenThreadToken + B 77255F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtOpenThreadTokenEx + B 77255F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtQueryAttributesFile + 6 77256026 4 Bytes [A8, 4C, 22, 00] {TEST AL, 0x4c; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtQueryAttributesFile + B 7725602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtQueryFullAttributesFile + B 772560DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtSetInformationFile + 6 77256726 4 Bytes [28, 4D, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtSetInformationFile + B 7725672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtSetInformationThread + 6 77256786 4 Bytes [28, 4E, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtSetInformationThread + B 7725678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtUnmapViewOfSection + 6 77256AA6 4 Bytes [68, 4F, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!NtUnmapViewOfSection + B 77256AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!LdrUnloadDll 7726CBCE 3 Bytes JMP 002703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!LdrUnloadDll + 4 7726CBD2 1 Byte [89] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5148] ntdll.dll!LdrLoadDll 77272576 5 Bytes JMP 002701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + 6 772556B6 4 Bytes [28, 7C, 2D, 00] {SUB [EBP+EBP+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + B 772556BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + 6 77255D16 4 Bytes [28, 7F, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + B 77255D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + 6 77255DC6 4 Bytes [68, 7C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + B 77255DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + 6 77255E76 4 Bytes [A8, 7D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + B 77255E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessToken + B 77255E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + 6 77255E96 4 Bytes [A8, 7E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + B 77255E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + 6 77255EF6 4 Bytes [68, 7D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + B 77255EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + 6 77255F06 4 Bytes [68, 7E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + B 77255F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadTokenEx + B 77255F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + 6 77256026 4 Bytes [A8, 7C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + B 7725602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryFullAttributesFile + B 772560DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + 6 77256726 4 Bytes [28, 7D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + B 7725672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + 6 77256786 4 Bytes [28, 7E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + B 7725678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + 6 77256AA6 4 Bytes [68, 7F, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + B 77256AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!LdrUnloadDll 7726CBCE 5 Bytes JMP 003A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!LdrLoadDll 77272576 5 Bytes JMP 003A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtCreateFile + 6 772556B6 4 Bytes [28, A0, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtCreateFile + B 772556BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtMapViewOfSection + 6 77255D16 4 Bytes [28, A3, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtMapViewOfSection + B 77255D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenFile + 6 77255DC6 4 Bytes [68, A0, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenFile + B 77255DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcess + 6 77255E76 4 Bytes [A8, A1, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcess + B 77255E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessToken + B 77255E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessTokenEx + 6 77255E96 4 Bytes [A8, A2, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessTokenEx + B 77255E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThread + 6 77255EF6 4 Bytes [68, A1, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThread + B 77255EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadToken + 6 77255F06 4 Bytes [68, A2, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadToken + B 77255F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadTokenEx + B 77255F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryAttributesFile + 6 77256026 4 Bytes [A8, A0, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryAttributesFile + B 7725602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryFullAttributesFile + B 772560DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationFile + 6 77256726 4 Bytes [28, A1, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationFile + B 7725672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationThread + 6 77256786 4 Bytes [28, A2, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationThread + B 7725678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtUnmapViewOfSection + 6 77256AA6 4 Bytes [68, A3, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtUnmapViewOfSection + B 77256AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!LdrUnloadDll 7726CBCE 5 Bytes JMP 00B103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!LdrLoadDll 77272576 5 Bytes JMP 00B101F8 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs C256F1F8 Device \FileSystem\fastfat \FatCdrom C3651440 Device \Driver\usbohci \Device\USBPDO-0 C37671F8 Device \Driver\usbehci \Device\USBPDO-1 C37641F8 Device \Driver\cdrom \Device\CdRom0 C363C1F8 Device \Driver\atapi \Device\Ide\IdePort0 C256B1F8 Device \Driver\atapi \Device\Ide\IdePort1 C256B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 C256B1F8 Device \Driver\nvstor32 \Device\00000068 C256D1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{502D841E-A087-488A-BCE7-7A1D34782A48} C370F1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export C370F1F8 Device \Driver\USBSTOR \Device\00000077 C365D1F8 Device \Driver\USBSTOR \Device\00000078 C365D1F8 Device \Driver\USBSTOR \Device\00000079 C365D1F8 Device \Driver\nvstor32 \Device\RaidPort0 C256D1F8 Device \Driver\usbohci \Device\USBFDO-0 C37671F8 Device \Driver\USBSTOR \Device\0000007a C365D1F8 Device \Driver\usbehci \Device\USBFDO-1 C37641F8 Device \Driver\USBSTOR \Device\0000007b C365D1F8 Device \FileSystem\fastfat \Fat C3651440 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0xc256d1f8]<< c256d1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc346c1e8] c346c1e8 Trace 3 CLASSPNP.SYS[c92eb59e] -> nt!IofCallDriver -> [0xc2edf480] c2edf480 Trace 5 ACPI.sys[c8b083d4] -> nt!IofCallDriver -> \Device\00000068[0xc2edf5a8] c2edf5a8 Trace \Driver\nvstor32[0xc25c9788] -> IRP_MJ_CREATE -> 0xc256d1f8 c256d1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7E 0xFB 0x26 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7E 0xFB 0x26 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@DEDD1333 2578 ---- EOF - GMER 2.1 ----