GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-19 11:13:31 Windows 5.1.2600 Dodatek Service Pack 2 Running: uti6w14w.exe; Driver: C:\DOCUME~1\Filip\USTAWI~1\Temp\pxtdqpoc.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? 8459ECB8 INT 0x63 ? 8451ACB8 INT 0x82 ? 8459ECB8 INT 0x83 ? 8459ECB8 INT 0x83 ? 8459ECB8 INT 0x83 ? 8451ACB8 INT 0x83 ? 8459ECB8 ---- Kernel code sections - GMER 1.0.15 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF74AF089] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6502380, 0x8D6CD5, 0xE8000020] .text USBPORT.SYS!DllUnload F64BE62C 5 Bytes JMP 8451A1C8 pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB7B31F00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\ctfmon.exe[268] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\ctfmon.exe[268] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\ctfmon.exe[268] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\ctfmon.exe[268] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\Program Files\Java\jre6\bin\jqs.exe[408] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\Program Files\Java\jre6\bin\jqs.exe[408] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\Program Files\Java\jre6\bin\jqs.exe[408] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\Program Files\Java\jre6\bin\jqs.exe[408] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[432] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[432] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[432] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[432] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\nvsvc32.exe[576] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\nvsvc32.exe[576] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\nvsvc32.exe[576] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\nvsvc32.exe[576] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[640] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[640] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[640] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[640] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\PnkBstrA.exe[656] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\PnkBstrA.exe[656] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\PnkBstrA.exe[656] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\PnkBstrA.exe[656] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\PnkBstrB.exe[668] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\PnkBstrB.exe[668] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\PnkBstrB.exe[668] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\PnkBstrB.exe[668] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[740] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[740] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[740] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[740] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF91B38 .text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF91B8C .text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF91B99 .text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF91B85 .text C:\WINDOWS\system32\services.exe[860] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\services.exe[860] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\services.exe[860] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\services.exe[860] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF91B38 .text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF91B8C .text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF91B99 .text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF91B85 .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\wscntfy.exe[1208] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\wscntfy.exe[1208] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\wscntfy.exe[1208] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\wscntfy.exe[1208] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\System32\alg.exe[1332] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\System32\alg.exe[1332] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\System32\alg.exe[1332] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\System32\alg.exe[1332] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .reloc C:\WINDOWS\Explorer.EXE[1420] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0xA800, 0xE2000060] .reloc C:\WINDOWS\Explorer.EXE[1420] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FE800] .text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\Explorer.EXE[1420] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF91B38 .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF91B8C .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF91B99 .text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF91B85 .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text C:\WINDOWS\system32\wuauclt.exe[1828] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\WINDOWS\system32\wuauclt.exe[1828] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\WINDOWS\system32\wuauclt.exe[1828] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\WINDOWS\system32\wuauclt.exe[1828] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 ? E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 ? E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] USER32.dll!VRipOutput 77D32A78 4 Bytes [70, 11, 33, 6D] .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[2028] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[2028] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[2028] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[2028] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 .text D:\Filmy\uti6w14w.exe[2664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA1B38 .text D:\Filmy\uti6w14w.exe[2664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA1B8C .text D:\Filmy\uti6w14w.exe[2664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA1B99 .text D:\Filmy\uti6w14w.exe[2664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA1B85 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F739D232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F739C730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F739CF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F739C730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739C914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F739C856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F739D0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F739CF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73B0EA6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 003B01D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003B0240 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003B02B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 003B0320 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 003B0470 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003B04E0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00B90860 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00B908D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 003B05C0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00B90940 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00B909B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00B90A20 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B90A90 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003B06A0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 003B0710 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003B0780 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 003B07F0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B90B00 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B90B70 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00B90BE0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B90C50 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B90CC0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00B90D30 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B90DA0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00B90E10 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 003B0940 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 003B09B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 003B0A20 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 003B0A90 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00B90E80 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00B90EF0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!VirtualFree] 003B0BE0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00B90F60 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0550 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F0630 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1F06A0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F0710 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0780 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 003B0D30 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 003B0DA0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F07F0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0860 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F08D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0940 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F09B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0A20 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7D1F0F60 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BA0010 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00BA0080 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00BA00F0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00BA0160 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00BA01D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00BA0240 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00BA02B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7D1E05C0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7D1E0630 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7D1E06A0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00BA0320 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7D1E0860 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E08D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0940 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0B00 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00BA0470 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BA04E0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00BA0550 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00BA05C0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00BA0630 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00BA06A0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00BA0710 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00BA0780 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00BA07F0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00BA0860 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BA08D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00BA0940 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00BA09B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00BA0A20 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00BA0A90 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00BA0B00 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00BA0B70 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00BA0BE0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00BA0C50 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7D1E0B70 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00BA0CC0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00BA0D30 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00BA0DA0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7D1E0C50 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00BA0E10 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00BA0E80 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00BA0EF0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00BA0F60 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00BB0010 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00BB0080 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00BB00F0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00BB0160 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0E80 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BB01D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BB0780 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00BB07F0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00BB0860 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00BB08D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00BB0940 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00BC02B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00BC0320 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00BC0390 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00BC0400 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00BC07F0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00BC0860 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00BC08D0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00BC0940 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00BC09B0 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00BC0A20 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00BC0A90 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00BC0B00 IAT E:\Documents and Settings\Filip\Pulpit\Virus Removal Tool\setup_9.0.0.722_19.02.2012_12-40\setup_9.0.0.722_19.02.2012_12-40.exe[1880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BC0B70 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8459D1E8 Device \FileSystem\Fastfat \FatCdrom 837171E8 Device \Driver\usbohci \Device\USBPDO-0 8454F1E8 Device \Driver\usbehci \Device\USBPDO-1 845081E8 Device \Driver\Cdrom \Device\CdRom0 844A71E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8459E1E8 Device \Driver\atapi \Device\Ide\IdePort0 8459E1E8 Device \Driver\atapi \Device\Ide\IdePort1 8459E1E8 Device \Driver\atapi \Device\Ide\IdePort2 8459E1E8 Device \Driver\atapi \Device\Ide\IdePort3 8459E1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 8459E1E8 Device \Driver\Cdrom \Device\CdRom1 844A71E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{9BDF0B83-B1A5-40B1-A3CC-74932AA198A1} 838AF1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 838AF1E8 Device \Driver\NetBT \Device\NetbiosSmb 838AF1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B28A5659-F756-4CB6-867A-143653A7667B} 838AF1E8 Device \Driver\usbohci \Device\USBFDO-0 8454F1E8 Device \Driver\usbehci \Device\USBFDO-1 845081E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 838A81E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 838A81E8 Device \FileSystem\Fastfat \Fat 837171E8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 838861E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x54 0x2F 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0A 0x13 0x1A 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEA 0x8E 0xA4 0x3B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x54 0x2F 0x8E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0A 0x13 0x1A 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEA 0x8E 0xA4 0x3B ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG15.00.00.01PROFESSIONAL A93935415127781ED500F068992341405844CDB66391E224B9BE1D41C80485247DCD0F91621F73C0F07D9B6BE24608DF11DFF6EBC31DABCA793799F67D58E10568EDD46FD15FECEED359FAC9A93B75BC885D17E2FAD5CEBA5CCBADB1448FC15D739D1B3E9B98EC2F1280F5F2C228B2F8FAAC0337D5F8B650E88C405A041A6F690D34FAD25B91C0379F2EF3C923C9AD67070E15764356939F07E1BD4D447E7C1605DD90F6D4A4FA76D7F1E3A5E66F98143098AD27D851D66E8285155BB2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D6794BAEDF3D9EF8A52E6938BA800845026EC35F072A32C4ED002BC7A272735B3EBD69760066A85BDFD30843DC73EC03DDE23E395EFE7432CF75FD7FBEBAEE555D50830398F841D0CFA20361254B5DDED1483B08E6F28D640F0F44DDDB6B4F44F5231CCC35406C36B84A20415CB088F6BCE93AB46CD70DF422F80068DDE4E412BE369C70E492B5A57CAC75D95DFBE5ABF8D7CFA6E9AB3AA709EE37A3CF1767AF403EC90691798194F7143C7A679471BFB4009567A1A46D5891C25B95EAF0BA5BF1A982BEB9C5787D312ECDBA0B07080334B2D0C23426257D3796E65AD8CCE9CA088F02DF16ACF84ED37C0459C55708BFC897AFDE43 ---- EOF - GMER 1.0.15 ----