GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-16 10:06:02 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: wgpp2cnt.exe; Driver: C:\Users\Max\AppData\Local\Temp\fxtdypow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83C87A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83CC1212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92805000, 0x2BFBF0, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtCreateFile + 6 77A2560E 4 Bytes [28, 70, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtCreateFile + B 77A25613 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtMapViewOfSection + 6 77A25C6E 4 Bytes [28, 73, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtMapViewOfSection + B 77A25C73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenFile + 6 77A25D1E 4 Bytes [68, 70, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenFile + B 77A25D23 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenProcess + 6 77A25DCE 4 Bytes [A8, 71, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenProcess + B 77A25DD3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenProcessToken + 6 77A25DDE 4 Bytes CALL 76A2A754 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenProcessToken + B 77A25DE3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenProcessTokenEx + 6 77A25DEE 4 Bytes [A8, 72, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenProcessTokenEx + B 77A25DF3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenThread + 6 77A25E4E 4 Bytes [68, 71, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenThread + B 77A25E53 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenThreadToken + 6 77A25E5E 4 Bytes [68, 72, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenThreadToken + B 77A25E63 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenThreadTokenEx + 6 77A25E6E 4 Bytes CALL 76A2A7E5 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtOpenThreadTokenEx + B 77A25E73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtQueryAttributesFile + 6 77A25F7E 4 Bytes [A8, 70, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtQueryAttributesFile + B 77A25F83 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtQueryFullAttributesFile + 6 77A2602E 4 Bytes CALL 76A2A9A3 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtQueryFullAttributesFile + B 77A26033 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtSetInformationFile + 6 77A2667E 4 Bytes [28, 71, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtSetInformationFile + B 77A26683 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtSetInformationThread + 6 77A266DE 4 Bytes [28, 72, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtSetInformationThread + B 77A266E3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtUnmapViewOfSection + 6 77A269FE 4 Bytes [68, 73, 49, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[436] ntdll.dll!NtUnmapViewOfSection + B 77A26A03 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + 6 77A2560E 4 Bytes [28, A4, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + B 77A25613 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + 6 77A25C6E 4 Bytes [28, A7, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + B 77A25C73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + 6 77A25D1E 4 Bytes [68, A4, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + B 77A25D23 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + 6 77A25DCE 4 Bytes [A8, A5, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + B 77A25DD3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + 6 77A25DDE 4 Bytes CALL 76A2F988 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + B 77A25DE3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + 6 77A25DEE 4 Bytes [A8, A6, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + B 77A25DF3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + 6 77A25E4E 4 Bytes [68, A5, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + B 77A25E53 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + 6 77A25E5E 4 Bytes [68, A6, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + B 77A25E63 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + 6 77A25E6E 4 Bytes CALL 76A2FA19 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + B 77A25E73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + 6 77A25F7E 4 Bytes [A8, A4, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + B 77A25F83 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + 6 77A2602E 4 Bytes CALL 76A2FBD7 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + B 77A26033 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + 6 77A2667E 4 Bytes [28, A5, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + B 77A26683 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + 6 77A266DE 4 Bytes [28, A6, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + B 77A266E3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + 6 77A269FE 4 Bytes [68, A7, 9B, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + B 77A26A03 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtCreateFile + 6 77A2560E 4 Bytes [28, B0, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtCreateFile + B 77A25613 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtMapViewOfSection + 6 77A25C6E 4 Bytes [28, B3, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtMapViewOfSection + B 77A25C73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenFile + 6 77A25D1E 4 Bytes [68, B0, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenFile + B 77A25D23 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcess + 6 77A25DCE 4 Bytes [A8, B1, 7F, 00] {TEST AL, 0xb1; JG 0x4} .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcess + B 77A25DD3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessToken + 6 77A25DDE 4 Bytes CALL 76A2DD94 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessToken + B 77A25DE3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessTokenEx + 6 77A25DEE 4 Bytes [A8, B2, 7F, 00] {TEST AL, 0xb2; JG 0x4} .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenProcessTokenEx + B 77A25DF3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThread + 6 77A25E4E 4 Bytes [68, B1, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThread + B 77A25E53 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadToken + 6 77A25E5E 4 Bytes [68, B2, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadToken + B 77A25E63 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadTokenEx + 6 77A25E6E 4 Bytes CALL 76A2DE25 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtOpenThreadTokenEx + B 77A25E73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryAttributesFile + 6 77A25F7E 4 Bytes [A8, B0, 7F, 00] {TEST AL, 0xb0; JG 0x4} .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryAttributesFile + B 77A25F83 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryFullAttributesFile + 6 77A2602E 4 Bytes CALL 76A2DFE3 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtQueryFullAttributesFile + B 77A26033 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationFile + 6 77A2667E 4 Bytes [28, B1, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationFile + B 77A26683 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationThread + 6 77A266DE 4 Bytes [28, B2, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtSetInformationThread + B 77A266E3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtUnmapViewOfSection + 6 77A269FE 4 Bytes [68, B3, 7F, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1468] ntdll.dll!NtUnmapViewOfSection + B 77A26A03 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtCreateFile + 6 77A2560E 4 Bytes [28, 1C, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtCreateFile + B 77A25613 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtMapViewOfSection + 6 77A25C6E 4 Bytes [28, 1F, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtMapViewOfSection + B 77A25C73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenFile + 6 77A25D1E 4 Bytes [68, 1C, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenFile + B 77A25D23 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcess + 6 77A25DCE 4 Bytes [A8, 1D, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcess + B 77A25DD3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessToken + 6 77A25DDE 4 Bytes CALL 76A2A600 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessToken + B 77A25DE3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessTokenEx + 6 77A25DEE 4 Bytes [A8, 1E, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenProcessTokenEx + B 77A25DF3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThread + 6 77A25E4E 4 Bytes [68, 1D, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThread + B 77A25E53 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadToken + 6 77A25E5E 4 Bytes [68, 1E, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadToken + B 77A25E63 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadTokenEx + 6 77A25E6E 4 Bytes CALL 76A2A691 C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtOpenThreadTokenEx + B 77A25E73 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryAttributesFile + 6 77A25F7E 4 Bytes [A8, 1C, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryAttributesFile + B 77A25F83 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryFullAttributesFile + 6 77A2602E 4 Bytes CALL 76A2A84F C:\Windows\system32\SHELL32.dll .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtQueryFullAttributesFile + B 77A26033 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationFile + 6 77A2667E 4 Bytes [28, 1D, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationFile + B 77A26683 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationThread + 6 77A266DE 4 Bytes [28, 1E, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtSetInformationThread + B 77A266E3 1 Byte [E2] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtUnmapViewOfSection + 6 77A269FE 4 Bytes [68, 1F, 48, 00] .text C:\Users\Max\AppData\Local\Google\Chrome\Application\chrome.exe[1500] ntdll.dll!NtUnmapViewOfSection + B 77A26A03 1 Byte [E2] .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1884] kernel32.dll!SetUnhandledExceptionFilter 7775F4EB 4 Bytes [C2, 04, 00, 00] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746324CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7461562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746156EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74632546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746285AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74624D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74625105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746251DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74626707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74628301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74628850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746290B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7462E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74624C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Threads - GMER 2.1 ---- Thread System [4:832] 8B29E540 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\002185eab8f0 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C9476819-E4AB-4E50-9C63-6091EBD9B05A}\Connection@Name isatap.{3919B07F-E449-45B1-9752-496D2DA258F9} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{EA163C00-0478-45CC-891A-32973DFD3F3A}?\Device\{8BD52480-2F4D-4AA3-A350-47A5AC5A8A28}?\Device\{FD8A9B93-599B-4793-8119-99DAAE6597C0}?\Device\{C9476819-E4AB-4E50-9C63-6091EBD9B05A}?\Device\{E4B3C594-2E5A-4A95-944E-037E8B4F5FAD}?\Device\{BAFEF62D-F9CF-4F1B-BF2E-1BCC0032CB70}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{EA163C00-0478-45CC-891A-32973DFD3F3A}"?"{8BD52480-2F4D-4AA3-A350-47A5AC5A8A28}"?"{FD8A9B93-599B-4793-8119-99DAAE6597C0}"?"{C9476819-E4AB-4E50-9C63-6091EBD9B05A}"?"{E4B3C594-2E5A-4A95-944E-037E8B4F5FAD}"?"{BAFEF62D-F9CF-4F1B-BF2E-1BCC0032CB70}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{EA163C00-0478-45CC-891A-32973DFD3F3A}?\Device\TCPIP6TUNNEL_{8BD52480-2F4D-4AA3-A350-47A5AC5A8A28}?\Device\TCPIP6TUNNEL_{FD8A9B93-599B-4793-8119-99DAAE6597C0}?\Device\TCPIP6TUNNEL_{C9476819-E4AB-4E50-9C63-6091EBD9B05A}?\Device\TCPIP6TUNNEL_{E4B3C594-2E5A-4A95-944E-037E8B4F5FAD}?\Device\TCPIP6TUNNEL_{BAFEF62D-F9CF-4F1B-BF2E-1BCC0032CB70}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002185eab8f0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C9476819-E4AB-4E50-9C63-6091EBD9B05A}@InterfaceName isatap.{3919B07F-E449-45B1-9752-496D2DA258F9} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C9476819-E4AB-4E50-9C63-6091EBD9B05A}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\9c-d3-6d-cb-84-47@ClientLocalPort 59097 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\9c-d3-6d-cb-84-47@TeredoAddress 2001:0:9d38:6abd:820:1926:add3:d8c8 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 13868 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 8544 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xA3 0xB2 0xC9 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\002185eab8f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xA3 0xB2 0xC9 ... ---- EOF - GMER 2.1 ----