GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-25 08:09:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420ASG rev.0002SDM1 465,76GB Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxldqpow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076881401 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076881419 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076881431 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007688144a 2 bytes [88, 76] .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000768814dd 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768814f5 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007688150d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076881525 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007688153d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076881555 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007688156d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076881585 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007688159d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000768815b5 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000768815cd 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000768816b2 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000768816bd 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076881401 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076881419 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076881431 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007688144a 2 bytes [88, 76] .text ... * 9 .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768814dd 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768814f5 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007688150d 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076881525 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007688153d 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076881555 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007688156d 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076881585 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007688159d 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768815b5 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768815cd 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768816b2 2 bytes [88, 76] .text C:\Program Files (x86)\TechSmith\Jing\Jing.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768816bd 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076881401 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076881419 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076881431 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007688144a 2 bytes [88, 76] .text ... * 9 .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768814dd 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768814f5 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007688150d 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076881525 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007688153d 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076881555 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007688156d 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076881585 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007688159d 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768815b5 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768815cd 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768816b2 2 bytes [88, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768816bd 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076881401 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076881419 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076881431 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007688144a 2 bytes [88, 76] .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000768814dd 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768814f5 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007688150d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076881525 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007688153d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076881555 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007688156d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076881585 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007688159d 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000768815b5 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000768815cd 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000768816b2 2 bytes [88, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3028] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000768816bd 2 bytes [88, 76] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8722750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8722b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8727de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8728130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8721908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8721c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef87281d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8722878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8727a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8726c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef87277bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8727064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8726544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8725e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3764] 00000000688d6314 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3776] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3780] 00000000688d539b Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3784] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3788] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3792] 00000000730962ee Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3796] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3800] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3804] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3812] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3816] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3820] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3824] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3836] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3848] 00000000774c2e25 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3876] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3880] 000000006b0027e1 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3884] 00000000774c7111 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3924] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3928] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3976] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4000] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4020] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4024] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4028] 00000000737d32fb Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4032] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4040] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4048] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:4064] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:952] 000000006cfd8066 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3240] 000000006d009827 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:2612] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:2608] 000000006caaac43 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3348] 000000006caaac43 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3396] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3332] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3336] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:2328] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:200] 000000006b79c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:2140] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3908] 000000007515d864 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3892] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3888] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3900] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3916] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3904] 0000000076b642ed Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3868] 00000000774c3e45 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3316] 0000000076b642ed Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3448] 0000000076b642ed Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3284] 0000000066265224 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3624] 00000000660c6a19 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3724:3704] 00000000774c3e45 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2F 0x45 0x4A 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2F 0x45 0x4A 0xA7 ... ---- EOF - GMER 2.0 ----