GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-27 10:51:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD1600JS-22MHB0 rev.02.01C03 149,05GB Running: hcx9x50y.exe; Driver: C:\Users\user\AppData\Local\Temp\awlcaaob.sys ---- User code sections - GMER 2.1 ---- .text D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77] .text D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77] .text ... * 2 .text D:\Programy\Malwarebytes Anti-Malware\mbam.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77] .text D:\Programy\Malwarebytes Anti-Malware\mbam.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77] .text ... * 2 .text D:\Programy\Hamachi\hamachi-2-ui.exe[2784] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77] .text D:\Programy\Hamachi\hamachi-2-ui.exe[2784] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!GetCursorPos 000000007724ca44 5 bytes {CALL 0xffffffffffff35be} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!PeekMessageA 0000000077253a18 5 bytes {CALL 0xfffffffffffec5ea} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!GetMessageA 0000000077256110 5 bytes {CALL 0xfffffffffffe9ef2} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!PeekMessageW 0000000077258fd0 5 bytes {CALL 0xfffffffffffe7032} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!GetMessageW 0000000077259e74 5 bytes {CALL 0xfffffffffffe618e} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!GetMessagePos 00000000772684e0 5 bytes {CALL 0xfffffffffffd7b22} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!GetCursorInfo 000000007726aef0 5 bytes {CALL 0xfffffffffffd5112} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!SetCursorPos 0000000077281f58 5 bytes {CALL 0xfffffffffffbe0aa} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxA 00000000772b12b8 5 bytes {CALL 0xfffffffffff8ed4a} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxW 00000000772b1314 2 bytes [E8, E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxW + 3 00000000772b1317 2 bytes [F8, FF] .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxExA 00000000772b1370 2 bytes [E8, 8D] .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxExA + 3 00000000772b1373 2 bytes [F8, FF] .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000772b1394 2 bytes [E8, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxExW + 3 00000000772b1397 2 bytes [F8, FF] .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxIndirectA 00000000772b1668 5 bytes {CALL 0xfffffffffff8e99a} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\USER32.dll!MessageBoxIndirectW 00000000772b1874 5 bytes {CALL 0xfffffffffff8e78e} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\winmm.dll!PlaySoundW 000007fef8662144 5 bytes {CALL 0xffffffffffffdebe} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\winmm.dll!waveOutWrite 000007fef8663d40 5 bytes {CALL 0xffffffffffffc2c2} .text C:\Program Files\Internet Explorer\iexplore.exe[5056] C:\Windows\system32\winmm.dll!PlaySound 000007fef8682f10 5 bytes {CALL 0xfffffffffffdd0f2} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!GetCursorPos 000000007724ca44 5 bytes {CALL 0xffffffffffff35be} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!PeekMessageA 0000000077253a18 5 bytes {CALL 0xfffffffffffec5ea} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!GetMessageA 0000000077256110 5 bytes {CALL 0xfffffffffffe9ef2} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!PeekMessageW 0000000077258fd0 5 bytes {CALL 0xfffffffffffe7032} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!GetMessageW 0000000077259e74 5 bytes {CALL 0xfffffffffffe618e} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!GetMessagePos 00000000772684e0 5 bytes {CALL 0xfffffffffffd7b22} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!GetCursorInfo 000000007726aef0 5 bytes {CALL 0xfffffffffffd5112} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!SetCursorPos 0000000077281f58 5 bytes {CALL 0xfffffffffffbe0aa} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxA 00000000772b12b8 5 bytes {CALL 0xfffffffffff8ed4a} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxW 00000000772b1314 2 bytes [E8, E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxW + 3 00000000772b1317 2 bytes [F8, FF] .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxExA 00000000772b1370 2 bytes [E8, 8D] .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxExA + 3 00000000772b1373 2 bytes [F8, FF] .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxExW 00000000772b1394 2 bytes [E8, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxExW + 3 00000000772b1397 2 bytes [F8, FF] .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxIndirectA 00000000772b1668 5 bytes {CALL 0xfffffffffff8e99a} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\USER32.dll!MessageBoxIndirectW 00000000772b1874 5 bytes {CALL 0xfffffffffff8e78e} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\winmm.dll!PlaySoundW 000007fef8662144 5 bytes {CALL 0xffffffffffffdebe} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\winmm.dll!waveOutWrite 000007fef8663d40 5 bytes {CALL 0xffffffffffffc2c2} .text C:\Program Files\Internet Explorer\iexplore.exe[5600] C:\Windows\system32\winmm.dll!PlaySound 000007fef8682f10 5 bytes {CALL 0xfffffffffffdd0f2} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedEnableErrorSource] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedSetErrorSourceInfo] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedDisableErrorSource] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedGetInjectionCapabilities] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedInjectError] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedFinalizeErrorRecord] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedBugCheckSystem] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedAttemptErrorRecovery] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedWriteErrorRecord] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedFreeMemory] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedClearErrorRecord] [f5e8d233c033450a] [unknown section] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedIsSystemWheaEnabled] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedInitialize] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedReadErrorRecord] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedAllocateMemory] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedGetBootErrorPacket] [?] IAT C:\Windows\system32\ntoskrnl.exe[PSHED.dll!PshedGetAllErrorSources] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalIsHyperThreadingEnabled] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalEnumerateProcessors] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalQueryMaximumProcessorCount] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalStartNextProcessor] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalRegisterDynamicProcessor] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalStartDynamicProcessor] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalInitializeProcessor] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSendSoftwareInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalCalibratePerformanceCounter] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!KeStallExecutionProcessor] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalEnableInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalRequestClockInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSetProfileInterval] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalStartProfileInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalStopProfileInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalHandleNMI] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalPerformEndOfInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalRequestSoftwareInterrupt] [f0c08b495a77000f] [unknown section] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalHandleMcheck] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalRequestIpi] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalDisableInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!KeFlushWriteBuffer] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalGetInterruptTargetInformation] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalInitializeOnResume] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalProcessorIdle] [feb6e8c9330772d8] [unknown section] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalAllocateCrashDumpRegisters] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSetTimeIncrement] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalGetEnvironmentVariable] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSetEnvironmentVariable] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalGetEnvironmentVariableEx] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSetEnvironmentVariableEx] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalEnumerateEnvironmentVariablesEx] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalQueryEnvironmentVariableInfoEx] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSetRealTimeClock] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSetBusDataByOffset] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalGetBusDataByOffset] [fa8b480000018825] [unknown section] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalReturnToFirmware] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalGetProcessorIdByNtNumber] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalTranslateBusAddress] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalGetMessageRoutingInfo] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalGetVectorInput] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalRegisterErrataCallbacks] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!KeQueryPerformanceCounter] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalRequestDeferredRecoveryServiceInterrupt] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalAllProcessorsStarted] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalInitSystem] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalQueryRealTimeClock] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalInitializeBios] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalReportResourceUsage] [?] IAT C:\Windows\system32\ntoskrnl.exe[HAL.dll!HalSendNMI] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [?] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsAdvanceLogBase] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtTailAdvanceFailure] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsPrivGetBaseLogFileFromFileObjectPointer] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtHandleLogFileFull] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnGreater] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReserveAndAppendLogAligned] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtSetLogFileSize] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnDifference] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsAddLogContainer] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsCreateMarshallingArea] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnLess] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnContainer] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsFlushToLsn] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnInvalid] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsGetLogFileInformation] [f28b4860498bf98b] [unknown section] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtDeregisterManagedClient] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsCloseLogFileObject] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtInstallPolicy] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtRegisterManagedClient] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsCreateLogFile] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!CLFS_LSN_INVALID] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnEqual] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReadLogRecord] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReadNextLogRecord] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsTerminateReadLog] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsWriteRestartArea] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsDeleteLogByPointer] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsDeleteMarshallingArea] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!CLFS_LSN_NULL] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReserveAndAppendLog] [?] IAT C:\Windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReadRestartArea] [?] IAT C:\Windows\system32\ntoskrnl.exe[CI.dll!CiInitialize] [?] ---- Devices - GMER 2.1 ---- Device \Driver\MBAMWebAccessControl \Device\StreamEitor fffff88007f8c324 Device \FileSystem\MBAMSwissArmy \Device\MBAMSwissArmy fffff88007f80104 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [2220:1136] 0000000003fcff3c Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4020] 0000000000071a10 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:2896] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:3128] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4276] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5064] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:3032] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4272] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5100] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:2368] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:3664] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:3036] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4856] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:3444] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4284] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4280] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4380] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:3788] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4496] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4576] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:1468] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:1224] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:2396] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:2420] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4456] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4516] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4924] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:4688] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:3460] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:2276] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:2836] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5556] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5560] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5564] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5568] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5572] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5576] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5580] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5584] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5648] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5652] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5656] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5660] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5672] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5676] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5680] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5684] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5688] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5692] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5696] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5700] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5704] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5708] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5712] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5716] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5720] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5724] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5728] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5852] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5856] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5860] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5864] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5868] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5872] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5876] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5880] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5884] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5888] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5892] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5056:5896] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:4224] 0000000000071a10 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:1456] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:3360] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:4076] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:3152] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:3112] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:3100] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:3264] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:5328] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:5528] 0000000000082540 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:2480] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:1052] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:5592] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:4080] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:5596] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:1516] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:6112] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:6108] 000000000007d240 Thread C:\Program Files\Internet Explorer\iexplore.exe [5600:6016] 000000000007d240 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xE9 0x78 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x3A 0xBB 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xDA 0x37 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\services\TrustedInstaller@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\services\TrustedInstaller Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xE9 0x78 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x3A 0xBB 0x5D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xDA 0x37 0x38 ... ---- EOF - GMER 2.1 ----