GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-16 08:18:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD10EZEX-00RKKA0 rev.80.00A80 931,51GB Running: 9mf4wt39.exe; Driver: C:\Users\Blacha\AppData\Local\Temp\kwrdipoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1700] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1700] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\PROGRA~2\Logitech\LWS\WEBCAM~1\LWS.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\PROGRA~2\Logitech\LWS\WEBCAM~1\LWS.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ff2da4 5 bytes JMP 0000000072089ebc .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007700cbf3 5 bytes JMP 00000000721d902e .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007700cfca 5 bytes JMP 0000000071fe1893 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007702cb0c 5 bytes JMP 00000000721d8fc9 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007702ce64 5 bytes JMP 00000000721d9093 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007703fbd1 5 bytes JMP 00000000721d8f50 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007703fc9d 5 bytes JMP 00000000721d8ed7 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007703fcd6 5 bytes JMP 00000000721d8e73 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007703fcfa 5 bytes JMP 00000000721d8e0f .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076c693ec 5 bytes JMP 00000000721d9248 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730e388e 5 bytes JMP 00000000721d90f8 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073187922 5 bytes JMP 00000000721d91a0 .text C:\PROGRA~2\INTERN~1\iexplore.exe[548] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000765d2694 5 bytes JMP 00000000721d9440 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779c25fd 6 bytes JMP 00000000720a8042 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000779d2a63 6 bytes JMP 000000007204980d .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000767034a5 5 bytes JMP 00000000720475e3 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076fe8a29 5 bytes JMP 00000000720b03cf .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076fed22e 5 bytes JMP 0000000072053643 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ff2da4 5 bytes JMP 0000000072089ebc .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076ff6285 5 bytes JMP 00000000720a7fdf .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ff7603 5 bytes JMP 00000000720825b4 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007700cbf3 5 bytes JMP 00000000721d902e .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007700cfca 5 bytes JMP 0000000071fe1893 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007700f52b 5 bytes JMP 00000000720ced00 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007702cb0c 5 bytes JMP 00000000721d8fc9 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007702ce64 5 bytes JMP 00000000721d9093 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007703fbd1 5 bytes JMP 00000000721d8f50 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007703fc9d 5 bytes JMP 00000000721d8ed7 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007703fcd6 5 bytes JMP 00000000721d8e73 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007703fcfa 5 bytes JMP 00000000721d8e0f .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000769a6143 5 bytes JMP 00000000721d97fc .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076c03e59 5 bytes JMP 00000000721d98f4 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076c03eae 5 bytes JMP 00000000721d9972 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076c04731 5 bytes JMP 00000000721d9866 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076c05dee 5 bytes JMP 00000000721d9912 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076c693ec 5 bytes JMP 00000000721d9248 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730e388e 5 bytes JMP 00000000721d90f8 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073187922 5 bytes JMP 00000000721d91a0 .text C:\PROGRA~2\INTERN~1\iexplore.exe[2716] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000765d2694 5 bytes JMP 00000000721d9440 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779c25fd 6 bytes JMP 00000000720a8042 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000779d2a63 6 bytes JMP 000000007204980d .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000767034a5 5 bytes JMP 00000000720475e3 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076fe8a29 5 bytes JMP 00000000720b03cf .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076fed22e 5 bytes JMP 0000000072053643 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ff2da4 5 bytes JMP 0000000072089ebc .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076ff6285 5 bytes JMP 00000000720a7fdf .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ff7603 5 bytes JMP 00000000720825b4 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007700cbf3 5 bytes JMP 00000000721d902e .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007700cfca 5 bytes JMP 0000000071fe1893 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007700f52b 5 bytes JMP 00000000720ced00 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007702cb0c 5 bytes JMP 00000000721d8fc9 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007702ce64 5 bytes JMP 00000000721d9093 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007703fbd1 5 bytes JMP 00000000721d8f50 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007703fc9d 5 bytes JMP 00000000721d8ed7 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007703fcd6 5 bytes JMP 00000000721d8e73 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007703fcfa 5 bytes JMP 00000000721d8e0f .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000769a6143 5 bytes JMP 00000000721d97fc .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076c03e59 5 bytes JMP 00000000721d98f4 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076c03eae 5 bytes JMP 00000000721d9972 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076c04731 5 bytes JMP 00000000721d9866 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076c05dee 5 bytes JMP 00000000721d9912 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076c693ec 5 bytes JMP 00000000721d9248 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730e388e 5 bytes JMP 00000000721d90f8 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073187922 5 bytes JMP 00000000721d91a0 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3552] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000765d2694 5 bytes JMP 00000000721d9440 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779c25fd 6 bytes JMP 00000000720a8042 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000779d2a63 6 bytes JMP 000000007204980d .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000767034a5 5 bytes JMP 00000000720475e3 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076fe8a29 5 bytes JMP 00000000720b03cf .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076fed22e 5 bytes JMP 0000000072053643 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ff2da4 5 bytes JMP 0000000072089ebc .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076ff6285 5 bytes JMP 00000000720a7fdf .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ff7603 5 bytes JMP 00000000720825b4 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007700cbf3 5 bytes JMP 00000000721d902e .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007700cfca 5 bytes JMP 0000000071fe1893 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007700f52b 5 bytes JMP 00000000720ced00 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007702cb0c 5 bytes JMP 00000000721d8fc9 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007702ce64 5 bytes JMP 00000000721d9093 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007703fbd1 5 bytes JMP 00000000721d8f50 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007703fc9d 5 bytes JMP 00000000721d8ed7 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007703fcd6 5 bytes JMP 00000000721d8e73 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007703fcfa 5 bytes JMP 00000000721d8e0f .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000769a6143 5 bytes JMP 00000000721d97fc .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076c03e59 5 bytes JMP 00000000721d98f4 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076c03eae 5 bytes JMP 00000000721d9972 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076c04731 5 bytes JMP 00000000721d9866 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076c05dee 5 bytes JMP 00000000721d9912 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076c693ec 5 bytes JMP 00000000721d9248 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730e388e 5 bytes JMP 00000000721d90f8 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073187922 5 bytes JMP 00000000721d91a0 .text C:\PROGRA~2\INTERN~1\iexplore.exe[3700] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000765d2694 5 bytes JMP 00000000721d9440 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001005e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001005c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001006614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001006a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800100686c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-9 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80039ab2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039ab2c0 Device \Driver\azzrmdic \Device\Scsi\azzrmdic1 fffffa8004f842c0 Device \Driver\azzrmdic \Device\Scsi\azzrmdic1Port6Path0Target0Lun0 fffffa8004f842c0 Device \FileSystem\Ntfs \Ntfs fffffa80039af2c0 Device \Driver\usbohci \Device\USBPDO-5 fffffa8004e8d2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8004eb02c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004eb02c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004d2b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{EF5FC0BE-8354-437F-A907-9874B4394736} fffffa8004d292c0 Device \Driver\cdrom \Device\CdRom1 fffffa8004d2b2c0 Device \Driver\usbehci \Device\USBPDO-6 fffffa8004eb02c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8004e8d2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004e8d2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa8004e8d2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8004fdf2c0 Device \Driver\usbohci \Device\USBFDO-5 fffffa8004e8d2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8004eb02c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004eb02c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004d292c0 Device \Driver\usbehci \Device\USBFDO-6 fffffa8004eb02c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8004e8d2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039ab2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa8004e8d2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004e8d2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80039ab2c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80039ab2c0 Device \Driver\azzrmdic \Device\ScsiPort6 fffffa8004f842c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039ab2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039ab2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a45790] fffffa8004a45790 Trace 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8003aa8e40] fffffa8003aa8e40 Trace 5 ACPI.sys[fffff8800112c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80049cf060] fffffa80049cf060 Trace \Driver\atapi[0xfffffa8003aacc50] -> IRP_MJ_CREATE -> 0xfffffa80039ab2c0 fffffa80039ab2c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\azzrmdic.SYS fffff88004b1a000-fffff88004b67000 (315392 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8C 0xA2 0xF2 0x94 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x24 0x36 0x17 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xFB 0xA0 0x41 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8C 0xA2 0xF2 0x94 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x24 0x36 0x17 0xE7 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xFB 0xA0 0x41 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Blacha\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1 ---- EOF - GMER 2.2 ----