GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-29 06:18:53 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01 Running: y6dl9ol4.exe; Driver: C:\Users\Renia\AppData\Local\Temp\uglorpod.sys ---- System - GMER 1.0.15 ---- SSDT 96158090 ZwAlertResumeThread SSDT 96158170 ZwAlertThread SSDT 96157680 ZwAllocateVirtualMemory SSDT 955B3890 ZwAlpcConnectPort SSDT 961554C0 ZwAssignProcessToJobObject SSDT 96159DC0 ZwCreateMutant SSDT 9613B760 ZwCreateSymbolicLinkObject SSDT 96157B68 ZwCreateThread SSDT 96108CC8 ZwDebugActiveProcess SSDT 96157850 ZwDuplicateObject SSDT 961574A0 ZwFreeVirtualMemory SSDT 96159EB0 ZwImpersonateAnonymousToken SSDT 96159F90 ZwImpersonateThread SSDT 955B3818 ZwLoadDriver SSDT 96158FB0 ZwMapViewOfSection SSDT 96159CE0 ZwOpenEvent SSDT 96157A30 ZwOpenProcess SSDT 96157770 ZwOpenProcessToken SSDT 96159B20 ZwOpenSection SSDT 96157940 ZwOpenThread SSDT 9612DF38 ZwProtectVirtualMemory SSDT 96158A60 ZwResumeThread SSDT 96158D00 ZwSetContextThread SSDT 96158DE0 ZwSetInformationProcess SSDT 961599D8 ZwSetSystemInformation SSDT 96159C00 ZwSuspendProcess SSDT 96158B40 ZwSuspendThread SSDT 96157C48 ZwTerminateProcess SSDT 96158C20 ZwTerminateThread SSDT 96158ED0 ZwUnmapViewOfSection SSDT 96157590 ZwWriteVirtualMemory SSDT 9613B830 ZwCreateThreadEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 11D 832B28A0 8 Bytes [90, 80, 15, 96, 70, 81, 15, ...] {NOP ; ADC BYTE [0x15817096], 0x96} .text ntkrnlpa.exe!KeSetEvent + 131 832B28B4 4 Bytes [80, 76, 15, 96] {XOR BYTE [ESI+0x15], 0x96} .text ntkrnlpa.exe!KeSetEvent + 13D 832B28C0 4 Bytes [90, 38, 5B, 95] {NOP ; CMP [EBX-0x6b], BL} .text ntkrnlpa.exe!KeSetEvent + 191 832B2914 4 Bytes [C0, 54, 15, 96] .text ntkrnlpa.exe!KeSetEvent + 1F5 832B2978 4 Bytes [C0, 9D, 15, 96] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[1376] SHELL32.dll!SHCoCreateInstance + 657 76AB1B20 8 Bytes [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP} .text C:\Windows\explorer.exe[2292] SHELL32.dll!SHCoCreateInstance + 657 76AB1B20 8 Bytes [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP} .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtClose 77624164 5 Bytes JMP 671D97D0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile 77624224 5 Bytes JMP 671D94A0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + 6 7762422A 4 Bytes [28, 00, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + B 7762422F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtFlushBuffersFile 77624724 5 Bytes JMP 671D95D0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtLockFile 776248F4 5 Bytes JMP 671D96C0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + 6 7762497A 1 Byte [28] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + 6 7762497A 4 Bytes [28, 03, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + B 7762497F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile 77624A04 5 Bytes JMP 671D9420 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + 6 77624A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + B 77624A0F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + 6 77624A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + B 77624A8F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + 6 77624A9A 4 Bytes CALL 766250A0 C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + B 77624A9F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + 6 77624AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + B 77624AAF 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + 6 77624AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + B 77624AFF 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + 6 77624B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + B 77624B0F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + 6 77624B1A 4 Bytes CALL 76625121 C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + B 77624B1F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + 6 77624BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + B 77624BAF 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + 6 77624C5A 4 Bytes CALL 7662525F C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + B 77624C5F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryInformationFile 77624C74 5 Bytes JMP 671B9E20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtReadFile 77624E84 5 Bytes JMP 671B9C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile 77625134 5 Bytes JMP 671D9640 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + 6 7762513A 4 Bytes [28, 01, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + B 7762513F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + 6 7762518A 4 Bytes [28, 02, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + B 7762518F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnlockFile 77625404 5 Bytes JMP 671D9750 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + 6 7762542A 1 Byte [68] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + 6 7762542A 4 Bytes [68, 03, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + B 7762542F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtWriteFile 77625494 5 Bytes JMP 671D9540 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtClose 77624164 5 Bytes JMP 671D97D0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtCreateFile 77624224 5 Bytes JMP 671D94A0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtCreateFile + 6 7762422A 4 Bytes [28, 00, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtCreateFile + B 7762422F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtFlushBuffersFile 77624724 5 Bytes JMP 671D95D0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtLockFile 776248F4 5 Bytes JMP 671D96C0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtMapViewOfSection + 6 7762497A 1 Byte [28] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtMapViewOfSection + 6 7762497A 4 Bytes [28, 03, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtMapViewOfSection + B 7762497F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenFile 77624A04 5 Bytes JMP 671D9420 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenFile + 6 77624A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenFile + B 77624A0F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenProcess + 6 77624A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenProcess + B 77624A8F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenProcessToken + 6 77624A9A 4 Bytes CALL 766250A0 C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenProcessToken + B 77624A9F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenProcessTokenEx + 6 77624AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenProcessTokenEx + B 77624AAF 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenThread + 6 77624AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenThread + B 77624AFF 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenThreadToken + 6 77624B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenThreadToken + B 77624B0F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenThreadTokenEx + 6 77624B1A 4 Bytes CALL 76625121 C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtOpenThreadTokenEx + B 77624B1F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtQueryAttributesFile + 6 77624BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtQueryAttributesFile + B 77624BAF 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtQueryFullAttributesFile + 6 77624C5A 4 Bytes CALL 7662525F C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtQueryFullAttributesFile + B 77624C5F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtQueryInformationFile 77624C74 5 Bytes JMP 671B9E20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtReadFile 77624E84 5 Bytes JMP 671B9C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtSetInformationFile 77625134 5 Bytes JMP 671D9640 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtSetInformationFile + 6 7762513A 4 Bytes [28, 01, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtSetInformationFile + B 7762513F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtSetInformationThread + 6 7762518A 4 Bytes [28, 02, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtSetInformationThread + B 7762518F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtUnlockFile 77625404 5 Bytes JMP 671D9750 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtUnmapViewOfSection + 6 7762542A 1 Byte [68] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtUnmapViewOfSection + 6 7762542A 4 Bytes [68, 03, 06, 00] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtUnmapViewOfSection + B 7762542F 1 Byte [E2] .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] ntdll.dll!NtWriteFile 77625494 5 Bytes JMP 671D9540 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtClose 77624164 5 Bytes JMP 671D97D0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtCreateFile 77624224 5 Bytes JMP 671D94A0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtFlushBuffersFile 77624724 5 Bytes JMP 671D95D0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtLockFile 776248F4 5 Bytes JMP 671D96C0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtOpenFile 77624A04 5 Bytes JMP 671D9420 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtQueryInformationFile 77624C74 5 Bytes JMP 671B9E20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtReadFile 77624E84 5 Bytes JMP 671B9C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtSetInformationFile 77625134 5 Bytes JMP 671D9640 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtUnlockFile 77625404 5 Bytes JMP 671D9750 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) .text C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7476] ntdll.dll!NtWriteFile 77625494 5 Bytes JMP 671D9540 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74287817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7428BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7427F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7427E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7428DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7427FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7427FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7430CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7427D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74276853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7427687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74282AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74287817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [742DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7428BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7427F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [742875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7427E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7428DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7427FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7427FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [742771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7430CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [742AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7427D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74276853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7427687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2292] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74282AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[2436] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\Renia\AppData\Local\Google\Chrome\Application\chrome.exe[7416] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{90FD4AD0-3FBA-9524-891C-8D5C0AB5970C} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{90FD4AD0-3FBA-9524-891C-8D5C0AB5970C}@jbkogbjdckjfkimmcflbcadnkbfnkabekhpleebbppbpmiaimmij 0x68 0x61 0x6F 0x6D ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{90FD4AD0-3FBA-9524-891C-8D5C0AB5970C}@dbkogbjdckjfkimmcflbipeiogomoeekclhigleh 0x62 0x61 0x64 0x6F ... ---- EOF - GMER 1.0.15 ----