GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-27 00:13:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d ST932032 rev.0002 298,09GB Running: fcw0rklp.exe; Driver: C:\Users\Wioleta\AppData\Local\Temp\fxldrpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077031401 2 bytes JMP 7511b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077031419 2 bytes JMP 7511b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077031431 2 bytes JMP 75198fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007703144a 2 bytes CALL 750f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770314dd 2 bytes JMP 751988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770314f5 2 bytes JMP 75198aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007703150d 2 bytes JMP 751987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077031525 2 bytes JMP 75198b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007703153d 2 bytes JMP 7510fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077031555 2 bytes JMP 751168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007703156d 2 bytes JMP 75199089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077031585 2 bytes JMP 75198bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007703159d 2 bytes JMP 7519877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770315b5 2 bytes JMP 7510fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770315cd 2 bytes JMP 7511b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770316b2 2 bytes JMP 75198f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770316bd 2 bytes JMP 75198713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 00000000772e0830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3668] C:\Windows\system32\KERNEL32.dll!SetFileCompletionNotificationModes 00000000772e0830 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077031401 2 bytes JMP 7511b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077031419 2 bytes JMP 7511b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077031431 2 bytes JMP 75198fd1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007703144a 2 bytes CALL 750f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770314dd 2 bytes JMP 751988c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770314f5 2 bytes JMP 75198aa0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007703150d 2 bytes JMP 751987ba C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077031525 2 bytes JMP 75198b8a C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007703153d 2 bytes JMP 7510fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077031555 2 bytes JMP 751168ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007703156d 2 bytes JMP 75199089 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077031585 2 bytes JMP 75198bea C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007703159d 2 bytes JMP 7519877e C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770315b5 2 bytes JMP 7510fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770315cd 2 bytes JMP 7511b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770316b2 2 bytes JMP 75198f4c C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770316bd 2 bytes JMP 75198713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4264] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000750f8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4264] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007516b396 5 bytes JMP 00000001100078e0 .text C:\Users\Wioleta\Downloads\fcw0rklp.exe[5672] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007516b396 5 bytes JMP 00000001100078e0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001062e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001062c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001063654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001063a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010638ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!FileTimeToLocalFileTime] [20438348000a00c7] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!DosDateTimeToFileTime] [433b4820438b4802] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!WriteFile] [a9e8cb8b48087228] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!TlsSetValue] [664e74ff8500000a] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!ReplaceFileW] [1ef8340750a3e83] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!RemoveDirectoryW] [8b4837eb02c68348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetSystemInfo] [48000d00c7662043] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetModuleHandleA] [20438b4802204383] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!DebugBreak] [4807eb000a00c766] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetSystemDirectoryW] [834808896620438b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SetEndOfFile] [4820438b48022043] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!TlsGetValue] [cb8b48087228433b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!FlushFileBuffers] [fff8500000a5fe8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetFileSizeEx] [8b8b48fffffefc85] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CloseHandle] [c35f20c483483824] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!WaitForSingleObject] [cccccccccccccccc] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!OpenMutexW] [74894808245c8948] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CreateMutexW] [4820ec8348571024] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!ReleaseMutex] [4100000010c0b983] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetModuleFileNameW] [d98b48f28b48f88b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetVersionExW] [d233000000eb840f] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!DeleteFileW] [dfe90000022be8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetLastError] [1ef830eb70f0000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CopyFileExW] [f3ef98302c68348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetTempFileNameW] [af983000000ae8f] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetFileAttributesW] [f9830000008c840f] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetTempPathW] [2a7426f98346740d] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SetFileAttributesW] [3ef98316743cf983] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CreateDirectoryW] [8d440000008d850f] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetShortPathNameW] [f03497158d48c641] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetLongPathNameW] [4b8411cebff] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetFullPathNameW] [fff03478158d4800] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SetLastError] [5b8410deb] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetFileType] [48fff03459158d48] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CreateFileW] [eb00000c35e8cb8b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CreateFileA] [c76620438b4878] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GlobalFree] [480220438348000d] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GlobalAlloc] [a00c76620438b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetCurrentProcess] [438b480220438348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetCurrentThread] [48087228433b4820] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetSystemDefaultLCID] [8500000955e8cb8b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetUserDefaultLCID] [750a3e83664e74ff] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!IsDBCSLeadByte] [2c6834801ef8340] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!LockResource] [c76620438b4837eb] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!LoadResource] [220438348000d00] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!FindResourceA] [a00c76620438b48] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CompareStringA] [6620438b4807eb00] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!IsValidLocale] [4802204383480889] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetStringTypeExW] [7228433b4820438b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetACP] [90be8cb8b4808] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!RaiseException] [ffff19850fff8500] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!MultiByteToWideChar] [10c08b8b48ff] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!IsValidCodePage] [20438b1774c98548] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!FileTimeToSystemTime] [4830432b02c18348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SystemTimeToFileTime] [d148000010c08b89] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetSystemTime] [245c8b48018966f8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!WideCharToMultiByte] [83483824748b4830] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CompareStringW] [ccccccccc35f20c4] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!MulDiv] [245c8948cccccccc] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!EnumUILanguagesW] [4857102474894808] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!EnumSystemLocalesW] [10c0b9834820ec83] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetLocaleInfoW] [8b48f88b41000000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!EnumCalendarInfoExW] [9b840fd98b48f2] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!FreeLibrary] [d7e8d2330000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SizeofResource] [b70f0000008fe900] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!FindResourceW] [2c6834801ef830e] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!LoadLibraryExW] [af983627f0df983] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetCalendarInfoW] [4858750df9834474] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!EnumTimeFormatsW] [834808896620438b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!ReadFile] [6620438b48022043] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetProcAddress] [20438348000a00c7] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetModuleHandleW] [433b4820438b4802] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetUserDefaultUILanguage] [51e8cb8b48087228] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!VirtualProtect] [664e74ff85000008] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!QueryPerformanceCounter] [1ef8340750a3e83] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetTickCount] [8b4837eb02c68348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetCurrentThreadId] [48000d00c7662043] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetCurrentProcessId] [20438b4802204383] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [4807eb000a00c766] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetProcessHeap] [834808896620438b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!CreateProcessA] [4820438b48022043] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetTempFileNameA] [cb8b48087228433b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetTempPathA] [fff8500000807e8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!HeapFree] [8b8b48ffffff6985] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!LoadLibraryW] [2c1834820438b17] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!Sleep] [10c08b894830432b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!TerminateProcess] [18966f8d1480000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!UnhandledExceptionFilter] [748b4830245c8b48] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [c35f20c483483824] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!IsDebuggerPresent] [cccccccccccccccc] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!RtlVirtualUnwind] [c0818b4820418b44] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!RtlLookupFunctionEntry] [4930412b44000010] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!RtlCaptureContext] [1774003b4466f8d1] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!LocalFree] [ee2c16602c08348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!lstrlenW] [c0818948d00b4166] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SetFilePointerEx] [48c3108966000010] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!SetFileTime] [10c0818948fec083] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!GetFileTime] [ccccccccccc30000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!TlsAlloc] [245c8948cccccccc] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!TlsFree] [854820ec83485708] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [74d98b48f88b49d2] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[KERNEL32.dll!EnumDateFormatsExW] [528b4810428b4421] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[USER32.dll!GetDC] [4c20444c8d48f02b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[USER32.dll!ReleaseDC] [fff981490974ce63] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[USER32.dll!LoadStringW] [57ba05767fffff] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[USER32.dll!RegisterClipboardFormatW] [ff0d880fd2858007] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[SHELL32.dll!SHGetSpecialFolderPathW] [2e983480975c985] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[SHELL32.dll!SHGetDesktopFolder] [2183668007007aba] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[SHLWAPI.dll!wnsprintfA] [8b412624548d48ff] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[SHLWAPI.dll!StrRetToBufW] [d233fffffe06e8c8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CoTaskMemAlloc] [49e83474f98b48f2] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!StgOpenStorage] [eb70f2deb000000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!StgOpenStorageEx] [8302c6834801eb83] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!WriteFmtUserTypeStg] [20478b481e740df9] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!StgCreateDocfileOnILockBytes] [220478348088966] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!WriteClassStg] [28473b4820478b48] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CreateILockBytesOnHGlobal] [422e8cf8b480872] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CLSIDFromString] [8b48cf75db850000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CoCreateGuid] [3824748b4830245c] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!StgOpenStorageOnILockBytes] [ccccc35f20c48348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CoGetMalloc] [245c8948cccccccc] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!PropVariantCopy] [41f620ec83485708] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!PropVariantClear] [481d74d98b480138] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CoTaskMemFree] [a00c76620418b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!StringFromGUID2] [418b480220418348] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!StgCreateStorageEx] [e8057228413b4820] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!ReadClassStg] [23843f6000003d8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!GetConvertStg] [7e3c7b39ff332f74] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CLSIDFromProgID] [c76620438b4828] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CreateStreamOnHGlobal] [4802204383480009] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!CoCreateInstance] [7228433b4820438b] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!ReadClassStm] [3abe8cb8b4808] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ole32.dll!StgCreateDocfile] [7c3c7b3b01c78300] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[GDI32.dll!CreateCompatibleDC] [1a755dfe78836620] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[GDI32.dll!TranslateCharsetInfo] [41fff03629158d48] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[GDI32.dll!SelectObject] [cb8b480000000db8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[GDI32.dll!ExtFloodFill] [83e900000d97e8] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[GDI32.dll!DeleteObject] [c76620438b480000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[GDI32.dll!DeleteDC] [438b4861eb003e00] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[GDI32.dll!CreateCompatibleBitmap] [8348000d00c76620] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegOpenKeyExA] [4857102474894808] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegQueryValueExA] [10c0b9834820ec83] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!OpenThreadToken] [8b48f88b41000000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!OpenProcessToken] [10b840fd98b48f2] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!GetTokenInformation] [e800000001ba0000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!GetLengthSid] [fce90000039c] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!CopySid] [4801ef830eb70f00] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!IsValidSid] [8f0f5df98302c683] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegDeleteKeyW] [f0af983000000cb] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegOpenKeyExW] [df983000000a984] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegQueryValueExW] [8325743ef9836374] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegCloseKey] [af850f5df9] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegCreateKeyExW] [fe798366204b8b48] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegSetValueExW] [10b08388c0940f5d] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!ConvertSidToStringSidW] [e9005d01c7660000] IAT C:\Windows\Explorer.EXE[3696] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll[ADVAPI32.dll!RegEnumValueW] [10b0bb800000009a] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8002e242c0 Device \FileSystem\fastfat \Fat fffffa80084552c0 Device \Driver\USBSTOR \Device\0000008a fffffa80032d82c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80039dc2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80039dc2c0 Device \Driver\nvstor64 \Device\RaidPort0 fffffa8002e202c0 Device \Driver\cdrom \Device\CdRom0 fffffa80037ab2c0 Device \Driver\USBSTOR \Device\00000089 fffffa80032d82c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80039d02c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80039d02c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80039dc2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80039dc2c0 Device \Driver\nvstor64 \Device\0000006d fffffa8002e202c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800391b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{DD4D36CF-6BBB-4F85-9455-44305B8AD929} fffffa800391b2c0 Device \Driver\nvstor64 \Device\ScsiPort0 fffffa8002e202c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80039d02c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80039d02c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{A2A7854E-ACA0-4971-8103-D1DD3C802ACE} fffffa800391b2c0 Device \Driver\nvstor64 \Device\0000006e fffffa8002e202c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002e202c0]<< sptd.sys storport.sys hal.dll nvstor64.sys fffffa8002e202c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003173060] fffffa8003173060 Trace 3 CLASSPNP.SYS[fffff88001b9b43f] -> nt!IofCallDriver -> [0xfffffa80035fde40] fffffa80035fde40 Trace 5 ACPI.sys[fffff880011877a1] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa800303c430] fffffa800303c430 Trace \Driver\nvstor64[0xfffffa8002ed8060] -> IRP_MJ_CREATE -> 0xfffffa8002e202c0 fffffa8002e202c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [356:1604] 000007fefb496ed4 Thread C:\Windows\system32\svchost.exe [356:4276] 000007fefb496b8c Thread C:\Windows\system32\svchost.exe [1080:2096] 000007fef8ffbd70 Thread C:\Windows\system32\svchost.exe [1080:3360] 000007fef6585170 Thread C:\Windows\system32\svchost.exe [1080:3660] 000007fef8f95124 Thread C:\Windows\System32\svchost.exe [484:300] 000007fef9400360 Thread C:\Windows\System32\svchost.exe [484:276] 000007fef93de460 Thread C:\Windows\System32\svchost.exe [484:1744] 000007fef93de450 Thread C:\Windows\System32\svchost.exe [484:1816] 000007fef93a5570 Thread C:\Windows\System32\svchost.exe [484:1820] 000007fef93da130 Thread C:\Windows\System32\svchost.exe [484:1492] 000007fef93a5560 Thread C:\Windows\System32\svchost.exe [484:1756] 000007fef94282a0 Thread C:\Windows\System32\svchost.exe [484:3488] 000000018000c920 Thread C:\Windows\System32\svchost.exe [484:3492] 000000018000c920 Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2228:3904] 000000018000c920 Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2228:3908] 000000018000c920 Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2228:3916] 0000000180026f10 Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2228:3932] 0000000180026f10 Thread C:\Windows\system32\svchost.exe [3100:3188] 000000018000c920 Thread C:\Windows\system32\svchost.exe [3100:3192] 000000018000c920 Thread C:\Windows\System32\svchost.exe [288:4356] 000007feeba99688 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [1512] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2015-03-15 15:51:27) 0000000100000000 Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [1244] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2015-03-15 15:51:27) 0000000100000000 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Wioleta\Downloads\AdwCleaner\x00a04.204.exe 1 ---- Files - GMER 2.1 ---- File C:\Users\Wioleta\AppData\Local\Temp\WER7057.tmp.resp.erc.xml 0 bytes File C:\Users\Wioleta\AppData\Local\Temp\WER7058.tmp.resp 0 bytes File C:\Windows\Temp\SEPC401.tmp 0 bytes File C:\Windows\Temp\TMP0000001533FA4CB212FFB9CB 0 bytes File C:\Windows\Temp\TMP0000001724E8A0684F59C182 524288 bytes ---- EOF - GMER 2.1 ----