GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-12 19:45:58 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 MAXTOR_STM3250310AS rev.3.AAA Running: 7lbk4kvm.exe; Driver: C:\Users\Ja\AppData\Local\Temp\pxldypoc.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 85E51F00 INT 0x62 ? 85E51F00 INT 0x72 ? 85E51F00 INT 0x82 ? 84DDDF00 INT 0x92 ? 84DDDF00 INT 0xA2 ? 84DDDF00 INT 0xB3 ? 85E51F00 ---- Kernel code sections - GMER 1.0.15 ---- .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x807A6089] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C00A000, 0x38E905, 0xE8000020] .text USBPORT.SYS!DllUnload 87FDF41B 5 Bytes JMP 85E51410 .text ad9fykvk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 8CA70900 48 Bytes [5A, BB, F8, 57, 6A, 4E, 38, ...] ? C:\Windows\System32\Drivers\ad9fykvk.SYS suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[728] kernel32.dll!CreateThread 768FCB2E 5 Bytes JMP 719F72FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 71A32194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CallNextHookEx 76788E3B 5 Bytes JMP 71A57BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 71A7EB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!EnableWindow 7678CD8B 5 Bytes JMP 71A39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DefWindowProcA 7678DB88 7 Bytes JMP 719F9525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateWindowExA 7678DC2A 5 Bytes JMP 71A0335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!CreateWindowExW 76791305 5 Bytes JMP 71A5FF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DefWindowProcW 767A03B4 7 Bytes JMP 71A57C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamW 767B10B0 5 Bytes JMP 7199170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamW 767B2EF5 5 Bytes JMP 71B8640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxParamA 767C8152 5 Bytes JMP 71B863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!DialogBoxIndirectParamA 767C847D 5 Bytes JMP 71B86473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectA 767DD4D9 5 Bytes JMP 71B86330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxIndirectW 767DD5D3 5 Bytes JMP 71B862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExA 767DD639 5 Bytes JMP 71B86253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] USER32.dll!MessageBoxExW 767DD65D 5 Bytes JMP 71B861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[728] ole32.dll!OleLoadFromStream 76E31E80 5 Bytes JMP 71B86BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1292] kernel32.dll!SetUnhandledExceptionFilter 768DA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Internet Explorer\iexplore.exe[3528] kernel32.dll!CreateThread 768FCB2E 5 Bytes JMP 719F72FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 71A32194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CallNextHookEx 76788E3B 5 Bytes JMP 71A57BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 71A7EB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!EnableWindow 7678CD8B 5 Bytes JMP 71A39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DefWindowProcA 7678DB88 7 Bytes JMP 719F9525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateWindowExA 7678DC2A 5 Bytes JMP 71A0335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateWindowExW 76791305 5 Bytes JMP 71A5FF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DefWindowProcW 767A03B4 7 Bytes JMP 71A57C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamW 767B10B0 5 Bytes JMP 7199170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamW 767B2EF5 5 Bytes JMP 71B8640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamA 767C8152 5 Bytes JMP 71B863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamA 767C847D 5 Bytes JMP 71B86473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectA 767DD4D9 5 Bytes JMP 71B86330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectW 767DD5D3 5 Bytes JMP 71B862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExA 767DD639 5 Bytes JMP 71B86253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExW 767DD65D 5 Bytes JMP 71B861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3528] ole32.dll!OleLoadFromStream 76E31E80 5 Bytes JMP 71B86BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!EnableWindow 7678CD8B 5 Bytes JMP 71A39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamW 767B10B0 5 Bytes JMP 7199170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamW 767B2EF5 5 Bytes JMP 71B8640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamA 767C8152 5 Bytes JMP 71B863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamA 767C847D 5 Bytes JMP 71B86473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectA 767DD4D9 5 Bytes JMP 71B86330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectW 767DD5D3 5 Bytes JMP 71B862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExA 767DD639 5 Bytes JMP 71B86253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExW 767DD65D 5 Bytes JMP 71B861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] kernel32.dll!CreateThread 768FCB2E 5 Bytes JMP 719F72FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 71A32194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!CallNextHookEx 76788E3B 5 Bytes JMP 71A57BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 71A7EB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!EnableWindow 7678CD8B 5 Bytes JMP 71A39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DefWindowProcA 7678DB88 7 Bytes JMP 719F9525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!CreateWindowExA 7678DC2A 5 Bytes JMP 71A0335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!CreateWindowExW 76791305 5 Bytes JMP 71A5FF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DefWindowProcW 767A03B4 7 Bytes JMP 71A57C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamW 767B10B0 5 Bytes JMP 7199170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamW 767B2EF5 5 Bytes JMP 71B8640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamA 767C8152 5 Bytes JMP 71B863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamA 767C847D 5 Bytes JMP 71B86473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectA 767DD4D9 5 Bytes JMP 71B86330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectW 767DD5D3 5 Bytes JMP 71B862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExA 767DD639 5 Bytes JMP 71B86253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExW 767DD65D 5 Bytes JMP 71B861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3580] ole32.dll!OleLoadFromStream 76E31E80 5 Bytes JMP 71B86BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [80693F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [80694232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80693730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806940F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80693856] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80693914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74637817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7467B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7463BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7462F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7462E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746673F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7463DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7462FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7462FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7465C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7462D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74626853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7462687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74632AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84DE41E8 Device \Driver\PCI_PNP1824 \Device\00000041 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP1824 \Device\00000041 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\netbt \Device\NetBT_Tcpip_{A1F89EFB-5321-40CD-844D-3F544AD7575C} 865EC1E8 Device \Driver\usbuhci \Device\USBPDO-0 85E741E8 Device \Driver\usbuhci \Device\USBPDO-1 85E741E8 Device \Driver\usbuhci \Device\USBPDO-2 85E741E8 Device \Driver\usbuhci \Device\USBPDO-3 85E741E8 Device \Driver\usbehci \Device\USBPDO-4 85C5B1E8 Device \Driver\USBSTOR \Device\00000070 8681E430 Device \Driver\cdrom \Device\CdRom0 85E691E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84DE31E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-1 84DE31E8 Device \Driver\atapi \Device\Ide\IdePort0 84DE31E8 Device \Driver\atapi \Device\Ide\IdePort1 84DE31E8 Device \Driver\atapi \Device\Ide\IdePort2 84DE31E8 Device \Driver\atapi \Device\Ide\IdePort3 84DE31E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 84DE31E8 Device \Driver\cdrom \Device\CdRom1 85E691E8 Device \Driver\cdrom \Device\CdRom2 85E691E8 Device \Driver\netbt \Device\NetBt_Wins_Export 865EC1E8 Device \Driver\iScsiPrt \Device\RaidPort0 85EA01E8 Device \Driver\USBSTOR \Device\0000006a 8681E430 Device \Driver\usbuhci \Device\USBFDO-0 85E741E8 Device \Driver\USBSTOR \Device\0000006d 8681E430 Device \Driver\usbuhci \Device\USBFDO-1 85E741E8 Device \Driver\USBSTOR \Device\0000006e 8681E430 Device \Driver\usbuhci \Device\USBFDO-2 85E741E8 Device \Driver\USBSTOR \Device\0000006f 8681E430 Device \Driver\usbuhci \Device\USBFDO-3 85E741E8 Device \Driver\usbehci \Device\USBFDO-4 85C5B1E8 Device \Driver\ad9fykvk \Device\Scsi\ad9fykvk1Port5Path0Target0Lun0 85E701E8 Device \Driver\ad9fykvk \Device\Scsi\ad9fykvk1 85E701E8 Device \FileSystem\cdfs \Cdfs 86CDF1E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x36 0x15 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xEA 0x6B 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x26 0x3D 0xAD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x36 0x15 0xFB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xEA 0x6B 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x26 0x3D 0xAD ... ---- EOF - GMER 1.0.15 ----