GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-24 20:13:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Corsair_Force_3_SSD rev.5.07 111,79GB Running: 84228z99.exe; Driver: C:\Users\HAL900~1\AppData\Local\Temp\fxldipoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc40 5 bytes JMP 0000000170bb1ab0 .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe04 1 byte JMP 0000000170bb1940 .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 00000000778efe06 3 bytes {JMP 0xfffffffff92c1b3c} .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff64 5 bytes JMP 0000000170bb1d50 .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0058 5 bytes JMP 0000000170bb1c80 .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f078c 5 bytes JMP 0000000170bb1d70 .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0864 5 bytes JMP 0000000170bb1d90 .text C:\Program Files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3680] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f090c 5 bytes JMP 0000000170bb1db0 .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc40 5 bytes JMP 0000000170bb1ab0 .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe04 1 byte JMP 0000000170bb1940 .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 00000000778efe06 3 bytes {JMP 0xfffffffff92c1b3c} .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff64 5 bytes JMP 0000000170bb1d50 .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0058 5 bytes JMP 0000000170bb1c80 .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f078c 5 bytes JMP 0000000170bb1d70 .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0864 5 bytes JMP 0000000170bb1d90 .text C:\Windows\V0220Mon.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f090c 5 bytes JMP 0000000170bb1db0 .text C:\Windows\system32\taskeng.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Windows\system32\taskeng.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Windows\system32\taskeng.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Windows\system32\taskeng.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Windows\system32\taskeng.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Windows\system32\taskeng.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\taskeng.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc40 5 bytes JMP 0000000170bb1ab0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe04 1 byte JMP 0000000170bb1940 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 00000000778efe06 3 bytes {JMP 0xfffffffff92c1b3c} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff64 5 bytes JMP 0000000170bb1d50 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0058 5 bytes JMP 0000000170bb1c80 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f078c 5 bytes JMP 0000000170bb1d70 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0864 5 bytes JMP 0000000170bb1d90 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f090c 5 bytes JMP 0000000170bb1db0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ee1465 2 bytes [EE, 76] .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ee14bb 2 bytes [EE, 76] .text ... * 2 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc40 5 bytes JMP 0000000170bb1ab0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe04 1 byte JMP 0000000170bb1940 .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 00000000778efe06 3 bytes {JMP 0xfffffffff92c1b3c} .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff64 5 bytes JMP 0000000170bb1d50 .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0058 5 bytes JMP 0000000170bb1c80 .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f078c 5 bytes JMP 0000000170bb1d70 .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0864 5 bytes JMP 0000000170bb1d90 .text C:\Program Files (x86)\AVG\Av\avgui.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f090c 5 bytes JMP 0000000170bb1db0 .text C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778efc40 5 bytes JMP 0000000170bb1ab0 .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efe04 1 byte JMP 0000000170bb1940 .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 00000000778efe06 3 bytes {JMP 0xfffffffff92c1b3c} .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000778eff64 5 bytes JMP 0000000170bb1d50 .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0058 5 bytes JMP 0000000170bb1c80 .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f078c 5 bytes JMP 0000000170bb1d70 .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000778f0864 5 bytes JMP 0000000170bb1d90 .text C:\Windows\SysWOW64\ctfmon.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778f090c 5 bytes JMP 0000000170bb1db0 .text C:\Windows\system32\SearchIndexer.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Windows\system32\SearchIndexer.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Windows\system32\SearchIndexer.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Windows\system32\SearchIndexer.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Windows\system32\SearchIndexer.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Windows\system32\SearchIndexer.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\SearchIndexer.exe[4528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Windows\system32\svchost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Windows\system32\svchost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Windows\system32\svchost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Windows\system32\svchost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Windows\system32\svchost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Windows\system32\svchost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\svchost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Windows\system32\wbem\wmiprvse.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Windows\system32\wbem\wmiprvse.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Windows\system32\wbem\wmiprvse.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Windows\system32\wbem\wmiprvse.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 .text C:\Windows\system32\sppsvc.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077741590 5 bytes JMP 00000000778a00a0 .text C:\Windows\system32\sppsvc.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777416b0 5 bytes JMP 00000000778a0018 .text C:\Windows\system32\sppsvc.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077741790 5 bytes JMP 00000000778a01b0 .text C:\Windows\system32\sppsvc.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077741830 5 bytes JMP 00000000778a0128 .text C:\Windows\system32\sppsvc.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077741ce0 5 bytes JMP 00000000778a0238 .text C:\Windows\system32\sppsvc.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077741d70 5 bytes JMP 00000000778a02c0 .text C:\Windows\system32\sppsvc.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077741de0 5 bytes JMP 00000000778a0348 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1540:2628] 0000000077916679 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1540:1920] 0000000077916679 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1540:3476] 00000000760e7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1540:4828] 000000006a69758a Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1540:2492] 00000000779141f3 ---- EOF - GMER 2.1 ----