GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-12 16:31:16 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 MAXTOR_STM3250310AS rev.3.AAA Running: 7lbk4kvm.exe; Driver: C:\Users\Ja\AppData\Local\Temp\pxldypoc.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 85E32F00 INT 0x62 ? 85E32F00 INT 0x72 ? 85E32F00 INT 0x82 ? 84454CB8 INT 0x92 ? 84454CB8 INT 0xA2 ? 84454CB8 INT 0xB3 ? 85E32F00 ---- Kernel code sections - GMER 1.0.15 ---- .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x807A7089] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C60E000, 0x38E905, 0xE8000020] .text USBPORT.SYS!DllUnload 87FDF41B 5 Bytes JMP 85E32410 .text a3x2rz72.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 8D06E900 48 Bytes [AB, 17, FA, 0D, 0D, 12, E2, ...] ? C:\Windows\System32\Drivers\a3x2rz72.SYS suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[452] kernel32.dll!SetUnhandledExceptionFilter 76AFA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!EnableWindow 7703CD8B 5 Bytes JMP 70F39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxParamW 770610B0 5 Bytes JMP 70E9170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxIndirectParamW 77062EF5 5 Bytes JMP 7108640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxParamA 77078152 5 Bytes JMP 710863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxIndirectParamA 7707847D 5 Bytes JMP 71086473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxIndirectA 7708D4D9 5 Bytes JMP 71086330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxIndirectW 7708D5D3 5 Bytes JMP 710862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxExA 7708D639 5 Bytes JMP 71086253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxExW 7708D65D 5 Bytes JMP 710861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateThread 76B1CB2E 5 Bytes JMP 70EF72FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!SetWindowsHookExW 770387AD 5 Bytes JMP 70F32194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CallNextHookEx 77038E3B 5 Bytes JMP 70F57BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!UnhookWindowsHookEx 770398DB 5 Bytes JMP 70F7EB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!EnableWindow 7703CD8B 5 Bytes JMP 70F39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DefWindowProcA 7703DB88 7 Bytes JMP 70EF9525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateWindowExA 7703DC2A 5 Bytes JMP 70F0335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateWindowExW 77041305 5 Bytes JMP 70F5FF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DefWindowProcW 770503B4 7 Bytes JMP 70F57C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamW 770610B0 5 Bytes JMP 70E9170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamW 77062EF5 5 Bytes JMP 7108640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamA 77078152 5 Bytes JMP 710863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamA 7707847D 5 Bytes JMP 71086473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectA 7708D4D9 5 Bytes JMP 71086330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectW 7708D5D3 5 Bytes JMP 710862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExA 7708D639 5 Bytes JMP 71086253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExW 7708D65D 5 Bytes JMP 710861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ole32.dll!OleLoadFromStream 76CD1E80 5 Bytes JMP 71086BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] kernel32.dll!CreateThread 76B1CB2E 5 Bytes JMP 70EF72FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!SetWindowsHookExW 770387AD 5 Bytes JMP 70F32194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!CallNextHookEx 77038E3B 5 Bytes JMP 70F57BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!UnhookWindowsHookEx 770398DB 5 Bytes JMP 70F7EB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!EnableWindow 7703CD8B 5 Bytes JMP 70F39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DefWindowProcA 7703DB88 7 Bytes JMP 70EF9525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!CreateWindowExA 7703DC2A 5 Bytes JMP 70F0335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!CreateWindowExW 77041305 5 Bytes JMP 70F5FF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DefWindowProcW 770503B4 7 Bytes JMP 70F57C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxParamW 770610B0 5 Bytes JMP 70E9170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxIndirectParamW 77062EF5 5 Bytes JMP 7108640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxParamA 77078152 5 Bytes JMP 710863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxIndirectParamA 7707847D 5 Bytes JMP 71086473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxIndirectA 7708D4D9 5 Bytes JMP 71086330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxIndirectW 7708D5D3 5 Bytes JMP 710862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxExA 7708D639 5 Bytes JMP 71086253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxExW 7708D65D 5 Bytes JMP 710861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3648] ole32.dll!OleLoadFromStream 76CD1E80 5 Bytes JMP 71086BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] kernel32.dll!CreateThread 76B1CB2E 5 Bytes JMP 70EF72FB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetWindowsHookExW 770387AD 5 Bytes JMP 70F32194 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CallNextHookEx 77038E3B 5 Bytes JMP 70F57BB7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!UnhookWindowsHookEx 770398DB 5 Bytes JMP 70F7EB10 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!EnableWindow 7703CD8B 5 Bytes JMP 70F39A14 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcA 7703DB88 7 Bytes JMP 70EF9525 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExA 7703DC2A 5 Bytes JMP 70F0335B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExW 77041305 5 Bytes JMP 70F5FF8F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcW 770503B4 7 Bytes JMP 70F57C1A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamW 770610B0 5 Bytes JMP 70E9170B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamW 77062EF5 5 Bytes JMP 7108640E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamA 77078152 5 Bytes JMP 710863A9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamA 7707847D 5 Bytes JMP 71086473 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectA 7708D4D9 5 Bytes JMP 71086330 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectW 7708D5D3 5 Bytes JMP 710862B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExA 7708D639 5 Bytes JMP 71086253 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExW 7708D65D 5 Bytes JMP 710861EF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3768] ole32.dll!OleLoadFromStream 76CD1E80 5 Bytes JMP 71086BE7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [80694F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [80695232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80694730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806950F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80694856] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80694914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73A4B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [739FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [739FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A373F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [739FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [739F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73A8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [739FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [739F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8445B1E8 Device \Driver\PCI_PNP8720 \Device\00000040 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP8720 \Device\00000040 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\netbt \Device\NetBT_Tcpip_{A1F89EFB-5321-40CD-844D-3F544AD7575C} 8657F1E8 Device \Driver\usbuhci \Device\USBPDO-0 85EC01E8 Device \Driver\usbuhci \Device\USBPDO-1 85EC01E8 Device \Driver\usbuhci \Device\USBPDO-2 85EC01E8 Device \Driver\usbuhci \Device\USBPDO-3 85EC01E8 Device \Driver\usbehci \Device\USBPDO-4 85EC11E8 Device \Driver\cdrom \Device\CdRom0 85EA21E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8445A1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 8445A1E8 Device \Driver\atapi \Device\Ide\IdePort0 8445A1E8 Device \Driver\atapi \Device\Ide\IdePort1 8445A1E8 Device \Driver\atapi \Device\Ide\IdePort2 8445A1E8 Device \Driver\atapi \Device\Ide\IdePort3 8445A1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8445A1E8 Device \Driver\cdrom \Device\CdRom1 85EA21E8 Device \Driver\cdrom \Device\CdRom2 85EA21E8 Device \Driver\USBSTOR \Device\00000069 85D2F1E8 Device \Driver\netbt \Device\NetBt_Wins_Export 8657F1E8 Device \Driver\iScsiPrt \Device\RaidPort0 85E9B1E8 Device \Driver\USBSTOR \Device\0000006c 85D2F1E8 Device \Driver\usbuhci \Device\USBFDO-0 85EC01E8 Device \Driver\USBSTOR \Device\0000006d 85D2F1E8 Device \Driver\usbuhci \Device\USBFDO-1 85EC01E8 Device \Driver\USBSTOR \Device\0000006e 85D2F1E8 Device \Driver\usbuhci \Device\USBFDO-2 85EC01E8 Device \Driver\USBSTOR \Device\0000006f 85D2F1E8 Device \Driver\usbuhci \Device\USBFDO-3 85EC01E8 Device \Driver\usbehci \Device\USBFDO-4 85EC11E8 Device \Driver\a3x2rz72 \Device\Scsi\a3x2rz721 85EA01E8 Device \Driver\a3x2rz72 \Device\Scsi\a3x2rz721Port5Path0Target0Lun0 85EA01E8 Device \FileSystem\cdfs \Cdfs 86F0D1E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x36 0x15 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xEA 0x6B 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x26 0x3D 0xAD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x36 0x15 0xFB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xEA 0x6B 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x26 0x3D 0xAD ... ---- Files - GMER 1.0.15 ---- File C:\Windows\$NtUninstallKB61398$\2370744818 0 bytes File C:\Windows\$NtUninstallKB61398$\3882354878 0 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\@ 2048 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\cfg.ini 204 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\L 0 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\L\qnbwvoto 66560 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\twl.dll 223744 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\U 0 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\U\00000001.@ 2048 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\U\00000002.@ 224768 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\U\00000004.@ 1024 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\U\80000000.@ 66560 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\U\80000004.@ 1024 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\U\80000032.@ 115712 bytes File C:\Windows\$NtUninstallKB61398$\3882354878\version 1265 bytes ---- EOF - GMER 1.0.15 ----