GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-20 22:54:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\Dom\AppData\Local\Temp\uwtiqpob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff880065cad8c 12 bytes {MOV RAX, 0xfffffa80069472a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\ctfmon.exe[8804] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc + 1 000007fefcd418f1 11 bytes {MOV EAX, 0x2cb520; ADD [RAX], AL; ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[8804] C:\Windows\system32\KERNELBASE.dll!VirtualProtect + 1 000007fefcd51d01 11 bytes {MOV EAX, 0x2cb5ac; ADD [RAX], AL; ADD [RAX], AL; JMP RAX} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800109d0c0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800109ce4c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800109d838] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800109c600] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800109da8c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2504] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002370] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Windows\Explorer.EXE[2504] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [100034e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Windows\Explorer.EXE[2504] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fee6276840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fee6250750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fee62761b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fee6276840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fee6276840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fee6250750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fee6276840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee62760d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fee6276840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WINMM.dll[USER32.dll!MessageBoxW] [7fee6276840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\mshtml.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\mshtml.dll[USER32.dll!MessageBoxW] [7fee6276840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\mshtml.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\mshtml.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SearchFolder.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\NetworkExplorer.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\PortableDeviceApi.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GetProcAddress] [7fee6231c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\zipfldr.dll[USER32.dll!EnableWindow] [7fee623ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DialogBoxParamW] [7fee62762b0] C:\Program Files\Internet Explorer\IEShims.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8003fb52c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80069492c0 Device \Driver\cdrom \Device\CdRom0 fffffa800676c2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80069492c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80069492c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80067972c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B85A597-B4B8-4C0B-A820-7058B0EA9F92} fffffa80067972c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80069492c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E} fffffa80067972c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [2504:3928] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:3908] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:3896] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:3912] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:3884] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:3932] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:3936] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:1292] 00000000028ef840 Thread C:\Windows\Explorer.EXE [2504:4512] 00000000028ef840 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2100:2500] 000000006c75785a Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2100:2492] 000000006c45ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2100:2136] 000000006c45ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2100:2996] 000000006c456447 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2100:2312] 000000006c70247a Thread C:\Windows\system32\wbem\wmiprvse.exe [4204:4524] 000007fef60e1c20 Thread C:\Windows\system32\taskhost.exe [4536:5392] 00000000002ba900 Thread C:\Windows\system32\notepad.exe [4316:5896] 0000000001fe13c0 Thread C:\Windows\system32\notepad.exe [4316:4256] 0000000002992990 Thread C:\Windows\system32\notepad.exe [4316:4444] 00000000029beb34 Thread C:\Windows\system32\ctfmon.exe [8804:6056] 00000000002d3300 Thread C:\Windows\system32\dllhost.exe [4504:7828] 0000000000402660 Thread C:\Windows\system32\dllhost.exe [4504:7592] 00000000000d0054 Thread C:\Windows\system32\dllhost.exe [4504:7300] 00000000000d3010 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\d3d10core.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2504] (DMC Component/HP)(2016-02-20 08:45:44) 000007fef5150000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66667DC5-2708-4FD9-BF60-B378300CE0D8}\offreg.2852.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2852](2016-02-20 08:46:38) 000007fefc500000 Library C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\d3d10core.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3152] (DMC Component/HP)(2016-02-20 08:45:44) 000007fef17e0000 Library C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\d3d10core.dll (*** suspicious ***) @ C:\Program Files\Internet Explorer\iexplore.exe [5904] (DMC Component/HP)(2016-02-20 08:45:44) 000007fee62a0000 Library C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\d3d10core.dll (*** suspicious ***) @ C:\Windows\system32\ctfmon.exe [8804] (DMC Component/HP)(2016-02-20 08:45:44) 000007fefa640000 Library C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\d3d10core.dll (*** suspicious ***) @ C:\Windows\system32\dllhost.exe [4504] (DMC Component/HP)(2016-02-20 08:45:44) 000007feebf40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x98 0x46 0xAB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x98 0x46 0xAB ... ---- EOF - GMER 2.1 ----