GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-02 09:59:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101U4 465,76GB Running: zxz8dmib.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\kfryqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88003e28d8c 12 bytes {MOV RAX, 0xfffffa8004bc92a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007784de30 16 bytes [50, 48, B8, 38, 33, 9D, FA, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007784dc80 16 bytes [50, 48, B8, 80, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007784ddf0 16 bytes [50, 48, B8, D8, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007784de10 48 bytes [50, 48, B8, 54, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007784de50 16 bytes [50, 48, B8, A4, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007784dea0 32 bytes [50, 48, B8, FC, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007784dee0 16 bytes [50, 48, B8, E4, 18, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007784df80 16 bytes [50, 48, B8, 2C, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007784e100 16 bytes [50, 48, B8, A8, 17, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007784eb70 16 bytes [50, 48, B8, 78, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007784ebc0 16 bytes [50, 48, B8, B4, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007784ed10 16 bytes [50, 48, B8, 40, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007784dc80 16 bytes [50, 48, B8, 80, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007784ddf0 16 bytes [50, 48, B8, D8, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007784de10 48 bytes [50, 48, B8, 54, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007784de50 16 bytes [50, 48, B8, A4, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007784dea0 32 bytes [50, 48, B8, FC, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007784dee0 16 bytes [50, 48, B8, E4, 18, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007784df80 16 bytes [50, 48, B8, 2C, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007784e100 16 bytes [50, 48, B8, A8, 17, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007784eb70 16 bytes [50, 48, B8, 78, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007784ebc0 16 bytes [50, 48, B8, B4, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007784ed10 16 bytes [50, 48, B8, 40, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007784dc80 16 bytes [50, 48, B8, 80, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007784ddf0 16 bytes [50, 48, B8, D8, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007784de10 48 bytes [50, 48, B8, 54, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007784de50 16 bytes [50, 48, B8, A4, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007784dea0 32 bytes [50, 48, B8, FC, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007784dee0 16 bytes [50, 48, B8, E4, 18, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007784df80 16 bytes [50, 48, B8, 2C, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007784e100 16 bytes [50, 48, B8, A8, 17, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007784eb70 16 bytes [50, 48, B8, 78, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007784ebc0 16 bytes [50, 48, B8, B4, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007784ed10 16 bytes [50, 48, B8, 40, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007784dc80 16 bytes [50, 48, B8, 80, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007784ddf0 16 bytes [50, 48, B8, D8, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007784de10 48 bytes [50, 48, B8, 54, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007784de50 16 bytes [50, 48, B8, A4, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007784dea0 32 bytes [50, 48, B8, FC, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007784dee0 16 bytes [50, 48, B8, E4, 18, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007784df80 16 bytes [50, 48, B8, 2C, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007784e100 16 bytes [50, 48, B8, A8, 17, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007784eb70 16 bytes [50, 48, B8, 78, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007784ebc0 16 bytes [50, 48, B8, B4, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007784ed10 16 bytes [50, 48, B8, 40, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007784dc80 16 bytes [50, 48, B8, 80, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007784ddf0 16 bytes [50, 48, B8, D8, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007784de10 48 bytes [50, 48, B8, 54, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007784de50 16 bytes [50, 48, B8, A4, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007784dea0 32 bytes [50, 48, B8, FC, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007784dee0 16 bytes [50, 48, B8, E4, 18, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007784df80 16 bytes [50, 48, B8, 2C, 1A, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007784e100 16 bytes [50, 48, B8, A8, 17, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007784eb70 16 bytes [50, 48, B8, 78, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007784ebc0 16 bytes [50, 48, B8, B4, 19, 51, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007784ed10 16 bytes [50, 48, B8, 40, 1A, 51, 3F, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff8800109d650] \SystemRoot\System32\Drivers\spie.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff8800109d5dc] \SystemRoot\System32\Drivers\spie.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106835c] \SystemRoot\System32\Drivers\spie.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001068224] \SystemRoot\System32\Drivers\spie.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001068a24] \SystemRoot\System32\Drivers\spie.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88001068ba0] \SystemRoot\System32\Drivers\spie.sys [unknown section] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feeab6b5d0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeab6ac3c] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeab6b5b8] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feeab6ba08] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feeab6b5b0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feeab6b5d0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeab6ac3c] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeab6b5b8] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feeab6ba08] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4260] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feeab6b5b0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feeab6b5d0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeab6ac3c] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeab6b5b8] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feeab6ba08] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4624] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feeab6b5b0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7feeab6b5d0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feeab6ac3c] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feeab6b5b8] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7feeab6ba08] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7feeab6b5b0] C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome_child.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80042fa2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80042fa2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80042fa2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80042fa2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80042fa2c0 Device \Driver\amyi07h6 \Device\Scsi\amyi07h61Port3Path0Target0Lun0 fffffa8004c402c0 Device \Driver\amyi07h6 \Device\Scsi\amyi07h61 fffffa8004c402c0 Device \FileSystem\Ntfs \Ntfs fffffa80043002c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8CC19F3C-0507-4B51-8675-E38E29266874} fffffa8004a412c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004b4d2c0 Device \Driver\USBSTOR \Device\00000084 fffffa8003bef2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80047f22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FD4EDCDD-2FCB-4C00-A7E6-C18F0BF921C5} fffffa8004a412c0 Device \Driver\cdrom \Device\CdRom1 fffffa80047f22c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8004b4d2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004b4d2c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80042f62c0 Device \Driver\volmgr \Device\FtControl fffffa80042f62c0 Device \Driver\volmgr \Device\VolMgrControl fffffa80042f62c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80042f62c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80042f62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D4C3E24C-A48D-418D-A77D-68B9AF41B1BB} fffffa8004a412c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004a412c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3E0FA52F-2095-4B8F-896F-548878EDCA60} fffffa8004a412c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80042fa2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8004b4d2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80042fa2c0 Device \Driver\USBSTOR \Device\00000083 fffffa8003bef2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80042fa2c0 Device \Driver\amyi07h6 \Device\ScsiPort3 fffffa8004c402c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80042fa2c0]<< spie.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80042fa2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800472f060] fffffa800472f060 Trace 3 CLASSPNP.SYS[fffff880013d143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800444e680] fffffa800444e680 Trace \Driver\atapi[0xfffffa80043f3570] -> IRP_MJ_CREATE -> 0xfffffa80042fa2c0 fffffa80042fa2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\amyi07h6.SYS fffff880044ff000-fffff88004544000 (282624 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38ee74b7 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x45 0xAE 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0xFE 0x0B 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0xD5 0xB7 0x77 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38ee74b7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x45 0xAE 0x52 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0xFE 0x0B 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0xD5 0xB7 0x77 ... ---- EOF - GMER 2.1 ----