GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-12 21:49:05 Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\00000036 SAMSUNG_ rev.1AG0 465,76GB Running: ipcx2s1z.exe; Driver: C:\Users\rafal\AppData\Local\Temp\pxldapog.sys ---- System - GMER 2.1 ---- INT 0x60 ? 92547B54 INT 0x61 ? 92552894 INT 0x72 ? 925475D4 INT 0x82 ? 92552B54 INT 0x92 ? 925525D4 ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwReplacePartitionUnit + 26B1 81D5AAB5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 66A 81D5F39A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94014000, 0x2BFBF0, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtUnmapViewOfSection + 5 76ED4B99 4 Bytes [BA, 68, D3, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtUnmapViewOfSection + A 76ED4B9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtTerminateProcess 76ED4CC8 5 Bytes JMP 0010EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationThread + 5 76ED4FB1 4 Bytes [BA, 28, D2, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationThread + A 76ED4FB6 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationFile + 5 76ED5029 4 Bytes [BA, 28, D1, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationFile + A 76ED502E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryFullAttributesFile + 5 76ED5841 4 Bytes CALL 75EDD716 C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryFullAttributesFile + A 76ED5846 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryAttributesFile + 5 76ED591D 4 Bytes [BA, A8, D0, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryAttributesFile + A 76ED5922 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadTokenEx + 5 76ED5A85 4 Bytes CALL 75EDD95C C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadTokenEx + A 76ED5A8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadToken + 5 76ED5A99 4 Bytes [BA, 68, D2, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadToken + A 76ED5A9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThread + 5 76ED5AAD 4 Bytes [BA, 68, D1, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThread + A 76ED5AB2 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessTokenEx + 5 76ED5B25 4 Bytes [BA, A8, D2, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessTokenEx + A 76ED5B2A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessToken + 5 76ED5B39 4 Bytes CALL 75EDDA0F C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessToken + A 76ED5B3E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcess + 5 76ED5B4D 4 Bytes [BA, A8, D1, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcess + A 76ED5B52 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenFile + 5 76ED5C29 4 Bytes [BA, 68, D0, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenFile + A 76ED5C2E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtMapViewOfSection + 5 76ED5D05 4 Bytes [BA, 28, D3, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtMapViewOfSection + A 76ED5D0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtCreateFile + 5 76ED65A9 4 Bytes [BA, 28, D0, 7E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtCreateFile + A 76ED65AE 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtUnmapViewOfSection + 5 76ED4B99 4 Bytes [BA, 68, 5F, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtUnmapViewOfSection + A 76ED4B9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtTerminateProcess 76ED4CC8 5 Bytes JMP 0010EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationThread + 5 76ED4FB1 4 Bytes [BA, 28, 5E, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationThread + A 76ED4FB6 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationFile + 5 76ED5029 4 Bytes [BA, 28, 5D, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtSetInformationFile + A 76ED502E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtQueryFullAttributesFile + 5 76ED5841 4 Bytes CALL 75EE0CA2 C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtQueryFullAttributesFile + A 76ED5846 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtQueryAttributesFile + 5 76ED591D 4 Bytes [BA, A8, 5C, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtQueryAttributesFile + A 76ED5922 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThreadTokenEx + 5 76ED5A85 4 Bytes CALL 75EE0EE8 C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThreadTokenEx + A 76ED5A8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThreadToken + 5 76ED5A99 4 Bytes [BA, 68, 5E, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThreadToken + A 76ED5A9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThread + 5 76ED5AAD 4 Bytes [BA, 68, 5D, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenThread + A 76ED5AB2 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcessTokenEx + 5 76ED5B25 4 Bytes [BA, A8, 5E, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcessTokenEx + A 76ED5B2A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcessToken + 5 76ED5B39 4 Bytes CALL 75EE0F9B C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcessToken + A 76ED5B3E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcess + 5 76ED5B4D 4 Bytes [BA, A8, 5D, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenProcess + A 76ED5B52 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenFile + 5 76ED5C29 4 Bytes [BA, 68, 5C, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtOpenFile + A 76ED5C2E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtMapViewOfSection + 5 76ED5D05 4 Bytes [BA, 28, 5F, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtMapViewOfSection + A 76ED5D0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtCreateFile + 5 76ED65A9 4 Bytes [BA, 28, 5C, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4236] ntdll.dll!NtCreateFile + A 76ED65AE 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtUnmapViewOfSection + 5 76ED4B99 4 Bytes [BA, 68, 93, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtUnmapViewOfSection + A 76ED4B9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtTerminateProcess 76ED4CC8 5 Bytes JMP 0010EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationThread + 5 76ED4FB1 4 Bytes [BA, 28, 92, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationThread + A 76ED4FB6 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationFile + 5 76ED5029 4 Bytes [BA, 28, 91, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtSetInformationFile + A 76ED502E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryFullAttributesFile + 5 76ED5841 4 Bytes CALL 75EE55D6 C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryFullAttributesFile + A 76ED5846 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryAttributesFile + 5 76ED591D 4 Bytes [BA, A8, 90, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtQueryAttributesFile + A 76ED5922 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadTokenEx + 5 76ED5A85 4 Bytes CALL 75EE581C C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadTokenEx + A 76ED5A8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadToken + 5 76ED5A99 4 Bytes [BA, 68, 92, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThreadToken + A 76ED5A9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThread + 5 76ED5AAD 4 Bytes [BA, 68, 91, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenThread + A 76ED5AB2 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessTokenEx + 5 76ED5B25 4 Bytes [BA, A8, 92, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessTokenEx + A 76ED5B2A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessToken + 5 76ED5B39 4 Bytes CALL 75EE58CF C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcessToken + A 76ED5B3E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcess + 5 76ED5B4D 4 Bytes [BA, A8, 91, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenProcess + A 76ED5B52 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenFile + 5 76ED5C29 4 Bytes [BA, 68, 90, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtOpenFile + A 76ED5C2E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtMapViewOfSection + 5 76ED5D05 4 Bytes [BA, 28, 93, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtMapViewOfSection + A 76ED5D0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtCreateFile + 5 76ED65A9 4 Bytes [BA, 28, 90, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4320] ntdll.dll!NtCreateFile + A 76ED65AE 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtUnmapViewOfSection + 5 76ED4B99 4 Bytes [BA, 68, 4B, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtUnmapViewOfSection + A 76ED4B9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtTerminateProcess 76ED4CC8 5 Bytes JMP 0010EA9B C:\Program Files\Google\Chrome\Application\chrome.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtSetInformationThread + 5 76ED4FB1 4 Bytes [BA, 28, 4A, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtSetInformationThread + A 76ED4FB6 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtSetInformationFile + 5 76ED5029 4 Bytes [BA, 28, 49, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtSetInformationFile + A 76ED502E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtQueryFullAttributesFile + 5 76ED5841 4 Bytes CALL 75EDBC8E C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtQueryFullAttributesFile + A 76ED5846 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtQueryAttributesFile + 5 76ED591D 4 Bytes [BA, A8, 48, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtQueryAttributesFile + A 76ED5922 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenThreadTokenEx + 5 76ED5A85 4 Bytes CALL 75EDBED4 C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenThreadTokenEx + A 76ED5A8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenThreadToken + 5 76ED5A99 4 Bytes [BA, 68, 4A, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenThreadToken + A 76ED5A9E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenThread + 5 76ED5AAD 4 Bytes [BA, 68, 49, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenThread + A 76ED5AB2 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenProcessTokenEx + 5 76ED5B25 4 Bytes [BA, A8, 4A, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenProcessTokenEx + A 76ED5B2A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenProcessToken + 5 76ED5B39 4 Bytes CALL 75EDBF87 C:\Windows\SYSTEM32\combase.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenProcessToken + A 76ED5B3E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenProcess + 5 76ED5B4D 4 Bytes [BA, A8, 49, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenProcess + A 76ED5B52 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenFile + 5 76ED5C29 4 Bytes [BA, 68, 48, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtOpenFile + A 76ED5C2E 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + 5 76ED5D05 4 Bytes [BA, 28, 4B, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + A 76ED5D0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtCreateFile + 5 76ED65A9 4 Bytes [BA, 28, 48, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtCreateFile + A 76ED65AE 2 Bytes [FF, E2] {JMP EDX} ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 359456707 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 2.1 ----