GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-10 12:07:02 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1234GSX rev.AH001M 111,79GB Running: 9slf60zc.exe; Driver: C:\Users\Asia\AppData\Local\Temp\kwldrpow.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74387817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [743CB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7438BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7437F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [743875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7437E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743B73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7438DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7437FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7437FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [743771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7440CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [743AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7437D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74376853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7437687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\explorer.exe[3596] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74382AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG16.00.00.01PROFESSIONAL B8B6F9712CBD01C88E2EE8DB1AE6BAE24DA921BF2E39335A3058F6F17083CAAA7861281DBBAAF1308A95C9F1A1029ACA996EC7B1DBF2C348DE5A727D4E76101FE5E59C7C9B5EE87CE7A5CCD045E9B6A1347AF8DC5F35A68CAB1DD353D1E98479CB853125AFCE1D2E49956CA9909AB491B81B6FAC8CA0911FCB243840B845109F181881DE3C4BC6B5F530E56172E7C03CE7B12A461C2DC16F97828042A3C420EBDB07EEA5ED73257C58D53C13BE75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CA6171C11EC38DE3DA6171C11EC38DE3DE283C552B1B7DEA49A1B0D667B07418A568A38DD7CD4C76C656ADD54C83640CC127AEB6BB02219D30171447DA8AAC8263114E59CCC7DBD0FF72727666D39E07B9FA5009F2F16A7BE0C56E4A6B8D3B8AB6C9DB136EF021DFE08B2A674491402981297EAD1A6C68CFC1067303AC7D2BA3950F05817C170D800EE26AF2098B0812BF155BAF7541D2EFD68B70EA2302DDFC0264EB7BFE10D4B28080EBC1EDCAF20104AD8239EB6B45700714F8860181D9A863DEA5442B24DAF61326B69B759648376AD10F6E017DF36198DA85084628FC0A568ED57495BDAA56CD033F7C9955535E2AEDD32F27B215E31A132B6B93C26110DFD740B114796B35ACD4F4C46DEBE232B679 ---- EOF - GMER 2.2 ----