GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-23 19:02:59 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO 232,89GB Running: gxkj2gl7.exe; Driver: C:\Users\Samsung\AppData\Local\Temp\pxrirfoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82081A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820BB212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .sptd1 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x88366FEE] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + 6 777F5C6E 4 Bytes [18, 20, E9, 73] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + B 777F5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtCreateFile + 6 777F560E 4 Bytes [28, 14, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtCreateFile + B 777F5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtMapViewOfSection + 6 777F5C6E 4 Bytes [28, 17, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtMapViewOfSection + B 777F5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenFile + 6 777F5D1E 4 Bytes [68, 14, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenFile + B 777F5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcess + 6 777F5DCE 4 Bytes [A8, 15, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcess + B 777F5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessToken + B 777F5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessTokenEx + 6 777F5DEE 4 Bytes [A8, 16, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessTokenEx + B 777F5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThread + 6 777F5E4E 4 Bytes [68, 15, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThread + B 777F5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadToken + 6 777F5E5E 4 Bytes [68, 16, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadToken + B 777F5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadTokenEx + B 777F5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryAttributesFile + 6 777F5F7E 4 Bytes [A8, 14, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryAttributesFile + B 777F5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryFullAttributesFile + B 777F6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationFile + 6 777F667E 4 Bytes [28, 15, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationFile + B 777F6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationThread + 6 777F66DE 4 Bytes [28, 16, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationThread + B 777F66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtUnmapViewOfSection + 6 777F69FE 4 Bytes [68, 17, 95, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtUnmapViewOfSection + B 777F6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + 6 777F560E 4 Bytes [28, 44, 3B, 00] {SUB [EBX+EDI+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + B 777F5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + 6 777F5C6E 4 Bytes [28, 47, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + B 777F5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + 6 777F5D1E 4 Bytes [68, 44, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + B 777F5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + 6 777F5DCE 4 Bytes [A8, 45, 3B, 00] {TEST AL, 0x45; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + B 777F5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + B 777F5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + 6 777F5DEE 4 Bytes [A8, 46, 3B, 00] {TEST AL, 0x46; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + B 777F5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + 6 777F5E4E 4 Bytes [68, 45, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + B 777F5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + 6 777F5E5E 4 Bytes [68, 46, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + B 777F5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + B 777F5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + 6 777F5F7E 4 Bytes [A8, 44, 3B, 00] {TEST AL, 0x44; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + B 777F5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + B 777F6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + 6 777F667E 4 Bytes [28, 45, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + B 777F6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + 6 777F66DE 4 Bytes [28, 46, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + B 777F66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + 6 777F69FE 4 Bytes [68, 47, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + B 777F6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtCreateFile + 6 777F560E 4 Bytes [28, F4, E2, 00] {SUB AH, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtCreateFile + B 777F5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtMapViewOfSection + 6 777F5C6E 4 Bytes [28, F7, E2, 00] {SUB BH, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtMapViewOfSection + B 777F5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenFile + 6 777F5D1E 4 Bytes [68, F4, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenFile + B 777F5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcess + 6 777F5DCE 4 Bytes [A8, F5, E2, 00] {TEST AL, 0xf5; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcess + B 777F5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcessToken + 6 777F5DDE 4 Bytes CALL 768040D8 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcessToken + B 777F5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcessTokenEx + 6 777F5DEE 4 Bytes [A8, F6, E2, 00] {TEST AL, 0xf6; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenProcessTokenEx + B 777F5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThread + 6 777F5E4E 4 Bytes [68, F5, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThread + B 777F5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThreadToken + 6 777F5E5E 4 Bytes [68, F6, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThreadToken + B 777F5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThreadTokenEx + 6 777F5E6E 4 Bytes CALL 76804169 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtOpenThreadTokenEx + B 777F5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtQueryAttributesFile + 6 777F5F7E 4 Bytes [A8, F4, E2, 00] {TEST AL, 0xf4; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtQueryAttributesFile + B 777F5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtQueryFullAttributesFile + 6 777F602E 4 Bytes CALL 76804327 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtQueryFullAttributesFile + B 777F6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationFile + 6 777F667E 4 Bytes [28, F5, E2, 00] {SUB CH, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationFile + B 777F6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationThread + 6 777F66DE 4 Bytes [28, F6, E2, 00] {SUB DH, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtSetInformationThread + B 777F66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtUnmapViewOfSection + 6 777F69FE 4 Bytes [68, F7, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5376] ntdll.dll!NtUnmapViewOfSection + B 777F6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtCreateFile + 6 777F560E 4 Bytes [28, 7C, 03, 01] {SUB [EBX+EAX+0x1], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtCreateFile + B 777F5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtMapViewOfSection + 6 777F5C6E 4 Bytes [28, 7F, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtMapViewOfSection + B 777F5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenFile + 6 777F5D1E 4 Bytes [68, 7C, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenFile + B 777F5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcess + 6 777F5DCE 4 Bytes [A8, 7D, 03, 01] {TEST AL, 0x7d; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcess + B 777F5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessToken + 6 777F5DDE 4 Bytes CALL 76806160 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessToken + B 777F5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessTokenEx + 6 777F5DEE 4 Bytes [A8, 7E, 03, 01] {TEST AL, 0x7e; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenProcessTokenEx + B 777F5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThread + 6 777F5E4E 4 Bytes [68, 7D, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThread + B 777F5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadToken + 6 777F5E5E 4 Bytes [68, 7E, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadToken + B 777F5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadTokenEx + 6 777F5E6E 4 Bytes CALL 768061F1 C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtOpenThreadTokenEx + B 777F5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryAttributesFile + 6 777F5F7E 4 Bytes [A8, 7C, 03, 01] {TEST AL, 0x7c; ADD EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryAttributesFile + B 777F5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryFullAttributesFile + 6 777F602E 4 Bytes CALL 768063AF C:\windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtQueryFullAttributesFile + B 777F6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationFile + 6 777F667E 4 Bytes [28, 7D, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationFile + B 777F6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationThread + 6 777F66DE 4 Bytes [28, 7E, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtSetInformationThread + B 777F66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtUnmapViewOfSection + 6 777F69FE 4 Bytes [68, 7F, 03, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5540] ntdll.dll!NtUnmapViewOfSection + B 777F6A03 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743624CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7434562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743456EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [74362546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743585AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74354D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74355105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743551DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74356707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74358301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74358850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743590B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7435E254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\windows\Explorer.EXE[484] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74354C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 84F0A1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{DE4FED0B-E3E8-4531-AF2A-BD21A6429658} 867D1440 AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ba51d3 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de1cd6a6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de1cd6a6@38ece46d521d 0x67 0x42 0x23 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbdb8f7c Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ba51d3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de1cd6a6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de1cd6a6@38ece46d521d 0x67 0x42 0x23 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbdb8f7c (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.lic 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.prf 2 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet F4500 series@ChangeID 1097030 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----